midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
pull/109/head
midoks 6 years ago
parent a8fdb86ad5
commit fc813709d4
3 changed files with 33 additions and 198 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 34
      plugins/op_waf/waf/lua/common.lua
  2. 36
      plugins/op_waf/waf/lua/init.lua
  3. 159
      plugins/op_waf/waf/rule/args.json

34
plugins/op_waf/waf/lua/common.lua
Unescape View File

@ -3,6 +3,7 @@
local setmetatable = setmetatable
local _M = { _VERSION = '0.01' }
local mt = { __index = _M }
local json = require "cjson"
function _M.new(cpath, rpath)
@ -46,6 +47,34 @@ function _M.read_file_body(self, filename)
return fbody
end
function _M.array_len(self, arr)
if not arr then return 0 end
local count = 0
for _,v in ipairs(arr)
do
count = count + 1
end
return count
end
function _M.is_ipaddr(self, client_ip)
local cipn = split(client_ip,'.')
if self:array_len(cipn) < 4 then return false end
for _,v in ipairs({1,2,3,4})
do
local ipv = tonumber(cipn[v])
if ipv == nil then return false end
if ipv > 255 or ipv < 0 then return false end
end
return true
end
function _M.read_file_body_decode(self, filename)
return json.decode(self:read_file_body(filename))
end
function _M.select_rule(self, rules)
if not rules then return {} end
new_rules = {}
@ -61,13 +90,8 @@ end
function _M.read_file(self, name)
f = self.rpath .. name .. '.json'
ngx.log(ngx.ERR,"read:"..name)
ngx.log(ngx.ERR,"read2:".. f)
fbody = self:read_file_body(f)
ngx.log(ngx.ERR,"read3:".. fbody)
if fbody == nil then
return {}
end

36
plugins/op_waf/waf/lua/init.lua
Unescape View File

@ -8,14 +8,6 @@ local ngx_match = ngx.re.find
local _C = require "common"
local C = _C.new(cpath, rpath)
function read_file(name)
fbody = C:read_file_body(rpath .. name .. '.json')
if fbody == nil then
return {}
end
return json.decode(fbody)
end
function write_drop_ip(is_drop,drop_time)
local filename = cpath .. 'drop_ip.log'
@ -31,38 +23,14 @@ end
ngx.header.content_type = "text/plain"
-- ngx.say(cpath .. 'config.json')
local config = C:read_file_body_decode(cpath .. 'config.json')
local site_config = C:read_file_body_decode(cpath .. 'site.json')
local config = json.decode(C:read_file_body(cpath .. 'config.json'))
local site_config = json.decode(C:read_file_body(cpath .. 'site.json'))
function arrlen(arr)
if not arr then return 0 end
count = 0
for _,v in ipairs(arr)
do
count = count + 1
end
return count
end
function is_ipaddr(client_ip)
local cipn = split(client_ip,'.')
if arrlen(cipn) < 4 then return false end
for _,v in ipairs({1,2,3,4})
do
local ipv = tonumber(cipn[v])
if ipv == nil then return false end
if ipv > 255 or ipv < 0 then return false end
end
return true
end
function get_client_ip()
local client_ip = "unknown"
if site_config[server_name] then

159
plugins/op_waf/waf/rule/args.json
Unescape View File

@ -1,158 +1 @@
[[
[
1,
"\\.\\./\\.\\./",
"目录保护1",
0
],
[
1,
"/\\*",
"目录保护2",
0
],
[
1,
"(?:etc\\/\\W*passwd)",
"目录保护3",
0
],
[
1,
"(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
"PHP流协议过滤1",
0
],
[
1,
"\\:\\$",
"一句话木马过滤1",
0
],
[
1,
"\\$\\{",
"一句话木马过滤2",
0
],
[
1,
"base64_decode\\(",
"一句话木马过滤3",
0
],
[
1,
"(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
"一句话木马过滤4",
0
],
[
1,
"\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
"一句话木马过滤5",
0
],
[
1,
"\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
"SQL注入过滤1",
0
],
[
1,
"select.+(from|limit)",
"SQL注入过滤2",
0
],
[
1,
"(?:(union(.*?)select))",
"SQL注入过滤3",
0
],
[
1,
"sleep\\((\\s*)(\\d*)(\\s*)\\)",
"SQL注入过滤5",
0
],
[
1,
"benchmark\\((.*)\\,(.*)\\)",
"SQL注入过滤6",
0
],
[
1,
"(?:from\\W+information_schema\\W)",
"SQL注入过滤7",
0
],
[
1,
"(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
"SQL注入过滤8",
0
],
[
1,
"into(\\s+)+(?:dump|out)file\\s*",
"SQL注入过滤9",
0
],
[
1,
"group\\s+by.+\\(",
"SQL注入过滤10",
0
],
[
1,
"\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
"XSS过滤1",
0
],
[
0,
"(onmouseover|onerror|onload)\\=",
"XSS过滤2",
0
],
[
1,
"(invokefunction|call_user_func_array|\\\\think\\\\)",
"ThinkPHP payload封堵",
0
],
[
1,
"^url_array\\[.*\\]$",
"Metinfo6.x XSS漏洞",
0
],
[
1,
"(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()",
"SQL报错注入过滤01",
0
],
[
1,
"(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()",
"SQL报错注入过滤02",
0
],
[
1,
"(substr\\()",
"SQL注入过滤10",
0
],
[
1,
"\\|+\\s+[\\w\\W]+=[\\w\\W]+",
"SQL注入过滤1",
0
]
]]
[[1, "\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 0], [1, "/\\*", "\u76ee\u5f55\u4fdd\u62a42", 0], [1, "(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 0], [1, "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 0], [1, "\\:\\$", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee41", 0], [1, "\\$\\{", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee42", 0], [1, "base64_decode\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee43", 0], [1, "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee44", 0], [1, "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee45", 0], [1, "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")", "SQL\u6ce8\u5165\u8fc7\u6ee41", 0], [1, "select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42", 0], [1, "(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 0], [1, "sleep\\((\\s*)(\\d*)(\\s*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee45", 0], [1, "benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 0], [1, "(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 0], [1, "(?:(?:current_)user|database|schema|connection_id)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 0], [1, "into(\\s+)+(?:dump|out)file\\s*", "SQL\u6ce8\u5165\u8fc7\u6ee49", 0], [1, "group\\s+by.+\\(", "SQL\u6ce8\u5165\u8fc7\u6ee410", 0], [1, "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)", "XSS\u8fc7\u6ee41", 0], [0, "(onmouseover|onerror|onload)\\=", "XSS\u8fc7\u6ee42", 0], [1, "(invokefunction|call_user_func_array|\\\\think\\\\)", "ThinkPHP payload\u5c01\u5835", 0], [1, "^url_array\\[.*\\]$", "Metinfo6.x XSS\u6f0f\u6d1e", 0], [1, "(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 0], [1, "(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 0], [1, "(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 0], [1, "\\|+\\s+[\\w\\W]+=[\\w\\W]+", "SQL\u6ce8\u5165\u8fc7\u6ee41", 0]]
Write Preview
Loading…
Cancel
Save