diff --git a/plugins/op_waf/waf/lua/common.lua b/plugins/op_waf/waf/lua/common.lua index 55fdf4983..1698f943a 100644 --- a/plugins/op_waf/waf/lua/common.lua +++ b/plugins/op_waf/waf/lua/common.lua @@ -3,6 +3,7 @@ local setmetatable = setmetatable local _M = { _VERSION = '0.01' } local mt = { __index = _M } +local json = require "cjson" function _M.new(cpath, rpath) @@ -46,6 +47,34 @@ function _M.read_file_body(self, filename) return fbody end + +function _M.array_len(self, arr) + if not arr then return 0 end + local count = 0 + for _,v in ipairs(arr) + do + count = count + 1 + end + return count +end + +function _M.is_ipaddr(self, client_ip) + local cipn = split(client_ip,'.') + if self:array_len(cipn) < 4 then return false end + for _,v in ipairs({1,2,3,4}) + do + local ipv = tonumber(cipn[v]) + if ipv == nil then return false end + if ipv > 255 or ipv < 0 then return false end + end + return true +end + + +function _M.read_file_body_decode(self, filename) + return json.decode(self:read_file_body(filename)) +end + function _M.select_rule(self, rules) if not rules then return {} end new_rules = {} @@ -61,13 +90,8 @@ end function _M.read_file(self, name) - - f = self.rpath .. name .. '.json' - ngx.log(ngx.ERR,"read:"..name) - ngx.log(ngx.ERR,"read2:".. f) - + f = self.rpath .. name .. '.json' fbody = self:read_file_body(f) - ngx.log(ngx.ERR,"read3:".. fbody) if fbody == nil then return {} end diff --git a/plugins/op_waf/waf/lua/init.lua b/plugins/op_waf/waf/lua/init.lua index daa9917ab..f9ccde682 100644 --- a/plugins/op_waf/waf/lua/init.lua +++ b/plugins/op_waf/waf/lua/init.lua @@ -8,14 +8,6 @@ local ngx_match = ngx.re.find local _C = require "common" local C = _C.new(cpath, rpath) -function read_file(name) - fbody = C:read_file_body(rpath .. name .. '.json') - if fbody == nil then - return {} - end - return json.decode(fbody) -end - function write_drop_ip(is_drop,drop_time) local filename = cpath .. 'drop_ip.log' @@ -31,38 +23,14 @@ end ngx.header.content_type = "text/plain" --- ngx.say(cpath .. 'config.json') - +local config = C:read_file_body_decode(cpath .. 'config.json') +local site_config = C:read_file_body_decode(cpath .. 'site.json') -local config = json.decode(C:read_file_body(cpath .. 'config.json')) -local site_config = json.decode(C:read_file_body(cpath .. 'site.json')) -function arrlen(arr) - if not arr then return 0 end - count = 0 - for _,v in ipairs(arr) - do - count = count + 1 - end - return count -end - -function is_ipaddr(client_ip) - local cipn = split(client_ip,'.') - if arrlen(cipn) < 4 then return false end - for _,v in ipairs({1,2,3,4}) - do - local ipv = tonumber(cipn[v]) - if ipv == nil then return false end - if ipv > 255 or ipv < 0 then return false end - end - return true -end - function get_client_ip() local client_ip = "unknown" if site_config[server_name] then diff --git a/plugins/op_waf/waf/rule/args.json b/plugins/op_waf/waf/rule/args.json index 5b6f01612..799f65d92 100644 --- a/plugins/op_waf/waf/rule/args.json +++ b/plugins/op_waf/waf/rule/args.json @@ -1,158 +1 @@ -[[ - [ - 1, - "\\.\\./\\.\\./", - "目录保护1", - 0 - ], - [ - 1, - "/\\*", - "目录保护2", - 0 - ], - [ - 1, - "(?:etc\\/\\W*passwd)", - "目录保护3", - 0 - ], - [ - 1, - "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", - "PHP流协议过滤1", - 0 - ], - [ - 1, - "\\:\\$", - "一句话木马过滤1", - 0 - ], - [ - 1, - "\\$\\{", - "一句话木马过滤2", - 0 - ], - [ - 1, - "base64_decode\\(", - "一句话木马过滤3", - 0 - ], - [ - 1, - "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", - "一句话木马过滤4", - 0 - ], - [ - 1, - "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", - "一句话木马过滤5", - 0 - ], - [ - 1, - "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")", - "SQL注入过滤1", - 0 - ], - [ - 1, - "select.+(from|limit)", - "SQL注入过滤2", - 0 - ], - [ - 1, - "(?:(union(.*?)select))", - "SQL注入过滤3", - 0 - ], - [ - 1, - "sleep\\((\\s*)(\\d*)(\\s*)\\)", - "SQL注入过滤5", - 0 - ], - [ - 1, - "benchmark\\((.*)\\,(.*)\\)", - "SQL注入过滤6", - 0 - ], - [ - 1, - "(?:from\\W+information_schema\\W)", - "SQL注入过滤7", - 0 - ], - [ - 1, - "(?:(?:current_)user|database|schema|connection_id)\\s*\\(", - "SQL注入过滤8", - 0 - ], - [ - 1, - "into(\\s+)+(?:dump|out)file\\s*", - "SQL注入过滤9", - 0 - ], - [ - 1, - "group\\s+by.+\\(", - "SQL注入过滤10", - 0 - ], - [ - 1, - "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)", - "XSS过滤1", - 0 - ], - [ - 0, - "(onmouseover|onerror|onload)\\=", - "XSS过滤2", - 0 - ], - [ - 1, - "(invokefunction|call_user_func_array|\\\\think\\\\)", - "ThinkPHP payload封堵", - 0 - ], - [ - 1, - "^url_array\\[.*\\]$", - "Metinfo6.x XSS漏洞", - 0 - ], - [ - 1, - "(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", - "SQL报错注入过滤01", - 0 - ], - [ - 1, - "(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", - "SQL报错注入过滤02", - 0 - ], - [ - 1, - "(substr\\()", - "SQL注入过滤10", - 0 - ], - [ - 1, - "\\|+\\s+[\\w\\W]+=[\\w\\W]+", - "SQL注入过滤1", - 0 - ] -]] \ No newline at end of file +[[1, "\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 0], [1, "/\\*", "\u76ee\u5f55\u4fdd\u62a42", 0], [1, "(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 0], [1, "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 0], [1, "\\:\\$", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee41", 0], [1, "\\$\\{", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee42", 0], [1, "base64_decode\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee43", 0], [1, "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee44", 0], [1, "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee45", 0], [1, "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")", "SQL\u6ce8\u5165\u8fc7\u6ee41", 0], [1, "select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42", 0], [1, "(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 0], [1, "sleep\\((\\s*)(\\d*)(\\s*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee45", 0], [1, "benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 0], [1, "(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 0], [1, "(?:(?:current_)user|database|schema|connection_id)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 0], [1, "into(\\s+)+(?:dump|out)file\\s*", "SQL\u6ce8\u5165\u8fc7\u6ee49", 0], [1, "group\\s+by.+\\(", "SQL\u6ce8\u5165\u8fc7\u6ee410", 0], [1, "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)", "XSS\u8fc7\u6ee41", 0], [0, "(onmouseover|onerror|onload)\\=", "XSS\u8fc7\u6ee42", 0], [1, "(invokefunction|call_user_func_array|\\\\think\\\\)", "ThinkPHP payload\u5c01\u5835", 0], [1, "^url_array\\[.*\\]$", "Metinfo6.x XSS\u6f0f\u6d1e", 0], [1, "(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 0], [1, "(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 0], [1, "(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 0], [1, "\\|+\\s+[\\w\\W]+=[\\w\\W]+", "SQL\u6ce8\u5165\u8fc7\u6ee41", 0]] \ No newline at end of file