midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
pull/109/head
midoks 6 years ago
parent a8fdb86ad5
commit fc813709d4
3 changed files with 33 additions and 198 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 34
      plugins/op_waf/waf/lua/common.lua
  2. 36
      plugins/op_waf/waf/lua/init.lua
  3. 159
      plugins/op_waf/waf/rule/args.json

34
plugins/op_waf/waf/lua/common.lua
Unescape View File

@ -3,6 +3,7 @@
local setmetatable = setmetatable local setmetatable = setmetatable
local _M = { _VERSION = '0.01' } local _M = { _VERSION = '0.01' }
local mt = { __index = _M } local mt = { __index = _M }
local json = require "cjson"
function _M.new(cpath, rpath) function _M.new(cpath, rpath)
@ -46,6 +47,34 @@ function _M.read_file_body(self, filename)
return fbody return fbody
end end
function _M.array_len(self, arr)
if not arr then return 0 end
local count = 0
for _,v in ipairs(arr)
do
count = count + 1
end
return count
end
function _M.is_ipaddr(self, client_ip)
local cipn = split(client_ip,'.')
if self:array_len(cipn) < 4 then return false end
for _,v in ipairs({1,2,3,4})
do
local ipv = tonumber(cipn[v])
if ipv == nil then return false end
if ipv > 255 or ipv < 0 then return false end
end
return true
end
function _M.read_file_body_decode(self, filename)
return json.decode(self:read_file_body(filename))
end
function _M.select_rule(self, rules) function _M.select_rule(self, rules)
if not rules then return {} end if not rules then return {} end
new_rules = {} new_rules = {}
@ -61,13 +90,8 @@ end
function _M.read_file(self, name) function _M.read_file(self, name)
f = self.rpath .. name .. '.json' f = self.rpath .. name .. '.json'
ngx.log(ngx.ERR,"read:"..name)
ngx.log(ngx.ERR,"read2:".. f)
fbody = self:read_file_body(f) fbody = self:read_file_body(f)
ngx.log(ngx.ERR,"read3:".. fbody)
if fbody == nil then if fbody == nil then
return {} return {}
end end

36
plugins/op_waf/waf/lua/init.lua
Unescape View File

@ -8,14 +8,6 @@ local ngx_match = ngx.re.find
local _C = require "common" local _C = require "common"
local C = _C.new(cpath, rpath) local C = _C.new(cpath, rpath)
function read_file(name)
fbody = C:read_file_body(rpath .. name .. '.json')
if fbody == nil then
return {}
end
return json.decode(fbody)
end
function write_drop_ip(is_drop,drop_time) function write_drop_ip(is_drop,drop_time)
local filename = cpath .. 'drop_ip.log' local filename = cpath .. 'drop_ip.log'
@ -31,38 +23,14 @@ end
ngx.header.content_type = "text/plain" ngx.header.content_type = "text/plain"
-- ngx.say(cpath .. 'config.json')
local config = C:read_file_body_decode(cpath .. 'config.json')
local site_config = C:read_file_body_decode(cpath .. 'site.json')
local config = json.decode(C:read_file_body(cpath .. 'config.json'))
local site_config = json.decode(C:read_file_body(cpath .. 'site.json'))
function arrlen(arr)
if not arr then return 0 end
count = 0
for _,v in ipairs(arr)
do
count = count + 1
end
return count
end
function is_ipaddr(client_ip)
local cipn = split(client_ip,'.')
if arrlen(cipn) < 4 then return false end
for _,v in ipairs({1,2,3,4})
do
local ipv = tonumber(cipn[v])
if ipv == nil then return false end
if ipv > 255 or ipv < 0 then return false end
end
return true
end
function get_client_ip() function get_client_ip()
local client_ip = "unknown" local client_ip = "unknown"
if site_config[server_name] then if site_config[server_name] then

159
plugins/op_waf/waf/rule/args.json
Unescape View File

@ -1,158 +1 @@
[[ [[1, "\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 0], [1, "/\\*", "\u76ee\u5f55\u4fdd\u62a42", 0], [1, "(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 0], [1, "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 0], [1, "\\:\\$", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee41", 0], [1, "\\$\\{", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee42", 0], [1, "base64_decode\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee43", 0], [1, "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee44", 0], [1, "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee45", 0], [1, "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")", "SQL\u6ce8\u5165\u8fc7\u6ee41", 0], [1, "select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42", 0], [1, "(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 0], [1, "sleep\\((\\s*)(\\d*)(\\s*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee45", 0], [1, "benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 0], [1, "(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 0], [1, "(?:(?:current_)user|database|schema|connection_id)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 0], [1, "into(\\s+)+(?:dump|out)file\\s*", "SQL\u6ce8\u5165\u8fc7\u6ee49", 0], [1, "group\\s+by.+\\(", "SQL\u6ce8\u5165\u8fc7\u6ee410", 0], [1, "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)", "XSS\u8fc7\u6ee41", 0], [0, "(onmouseover|onerror|onload)\\=", "XSS\u8fc7\u6ee42", 0], [1, "(invokefunction|call_user_func_array|\\\\think\\\\)", "ThinkPHP payload\u5c01\u5835", 0], [1, "^url_array\\[.*\\]$", "Metinfo6.x XSS\u6f0f\u6d1e", 0], [1, "(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 0], [1, "(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 0], [1, "(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 0], [1, "\\|+\\s+[\\w\\W]+=[\\w\\W]+", "SQL\u6ce8\u5165\u8fc7\u6ee41", 0]]
[
1,
"\\.\\./\\.\\./",
"目录保护1",
0
],
[
1,
"/\\*",
"目录保护2",
0
],
[
1,
"(?:etc\\/\\W*passwd)",
"目录保护3",
0
],
[
1,
"(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
"PHP流协议过滤1",
0
],
[
1,
"\\:\\$",
"一句话木马过滤1",
0
],
[
1,
"\\$\\{",
"一句话木马过滤2",
0
],
[
1,
"base64_decode\\(",
"一句话木马过滤3",
0
],
[
1,
"(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
"一句话木马过滤4",
0
],
[
1,
"\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
"一句话木马过滤5",
0
],
[
1,
"\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
"SQL注入过滤1",
0
],
[
1,
"select.+(from|limit)",
"SQL注入过滤2",
0
],
[
1,
"(?:(union(.*?)select))",
"SQL注入过滤3",
0
],
[
1,
"sleep\\((\\s*)(\\d*)(\\s*)\\)",
"SQL注入过滤5",
0
],
[
1,
"benchmark\\((.*)\\,(.*)\\)",
"SQL注入过滤6",
0
],
[
1,
"(?:from\\W+information_schema\\W)",
"SQL注入过滤7",
0
],
[
1,
"(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
"SQL注入过滤8",
0
],
[
1,
"into(\\s+)+(?:dump|out)file\\s*",
"SQL注入过滤9",
0
],
[
1,
"group\\s+by.+\\(",
"SQL注入过滤10",
0
],
[
1,
"\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
"XSS过滤1",
0
],
[
0,
"(onmouseover|onerror|onload)\\=",
"XSS过滤2",
0
],
[
1,
"(invokefunction|call_user_func_array|\\\\think\\\\)",
"ThinkPHP payload封堵",
0
],
[
1,
"^url_array\\[.*\\]$",
"Metinfo6.x XSS漏洞",
0
],
[
1,
"(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()",
"SQL报错注入过滤01",
0
],
[
1,
"(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()",
"SQL报错注入过滤02",
0
],
[
1,
"(substr\\()",
"SQL注入过滤10",
0
],
[
1,
"\\|+\\s+[\\w\\W]+=[\\w\\W]+",
"SQL注入过滤1",
0
]
]]
Write Preview
Loading…
Cancel
Save