Skip to content
Toggle navigation
Projects
Groups
Snippets
Help
edetmt
/
nginx-lua
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Settings
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit 0647a0ee
authored
Apr 26, 2020
by
edetmt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
update log format
1 parent
16dcd08b
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
4 additions
and
4 deletions
init.lua
lib.lua
init.lua
View file @
0647a0e
...
@@ -177,7 +177,7 @@ function url_args_attack_check()
...
@@ -177,7 +177,7 @@ function url_args_attack_check()
ARGS_DATA
=
val
ARGS_DATA
=
val
end
end
if
ARGS_DATA
and
type
(
ARGS_DATA
)
~=
"boolean"
and
rule
~=
""
and
rulematch
(
unescape
(
ARGS_DATA
),
rule
,
"joi"
)
then
if
ARGS_DATA
and
type
(
ARGS_DATA
)
~=
"boolean"
and
rule
~=
""
and
rulematch
(
unescape
(
ARGS_DATA
),
rule
,
"joi"
)
then
log_record
(
'Deny_URL_Args'
,
ngx
.
var
.
request_uri
,
"-"
,
rule
)
log_record
(
'Deny_URL_Args'
,
ngx
.
var
.
request_uri
..
" -> "
..
ARGS_DATA
,
"-"
,
rule
)
waf_output
()
waf_output
()
return
true
return
true
end
end
...
@@ -227,7 +227,7 @@ function post_attack_check()
...
@@ -227,7 +227,7 @@ function post_attack_check()
if
ARGS_DATA
and
type
(
ARGS_DATA
)
~=
"boolean"
then
if
ARGS_DATA
and
type
(
ARGS_DATA
)
~=
"boolean"
then
-- filter post args
-- filter post args
if
rulematch
(
unescape
(
ARGS_DATA
),
rule
,
"joi"
)
then
if
rulematch
(
unescape
(
ARGS_DATA
),
rule
,
"joi"
)
then
log_record
(
'Deny_Post_Args'
,
ngx
.
var
.
request_uri
,
"POST"
,
rule
)
log_record
(
'Deny_Post_Args'
,
ngx
.
var
.
request_uri
..
" -> "
..
ARGS_DATA
,
"POST"
,
rule
)
waf_output
()
waf_output
()
return
true
return
true
end
end
...
@@ -235,7 +235,7 @@ function post_attack_check()
...
@@ -235,7 +235,7 @@ function post_attack_check()
-- filter post args key=var like password=123456
-- filter post args key=var like password=123456
KV_ARGS
=
key
..
"="
..
ARGS_DATA
KV_ARGS
=
key
..
"="
..
ARGS_DATA
if
rulematch
(
unescape
(
KV_ARGS
),
rule
,
"joi"
)
then
if
rulematch
(
unescape
(
KV_ARGS
),
rule
,
"joi"
)
then
log_record
(
'Deny_Post_KV'
,
ngx
.
var
.
request_uri
,
"POST"
,
rule
)
log_record
(
'Deny_Post_KV'
,
ngx
.
var
.
request_uri
..
" -> "
..
KV_ARGS
,
"POST"
,
rule
)
waf_output
()
waf_output
()
return
true
return
true
end
end
...
...
lib.lua
View file @
0647a0e
...
@@ -54,7 +54,7 @@ function log_record(method,url,data,ruletag)
...
@@ -54,7 +54,7 @@ function log_record(method,url,data,ruletag)
local
USER_AGENT
=
get_user_agent
()
local
USER_AGENT
=
get_user_agent
()
local
SERVER_NAME
=
ngx
.
var
.
server_name
local
SERVER_NAME
=
ngx
.
var
.
server_name
local
LOCAL_TIME
=
ngx
.
localtime
()
local
LOCAL_TIME
=
ngx
.
localtime
()
local
log_json_obj
=
CLIENT_IP
..
" "
..
LOCAL_TIME
..
" "
..
method
..
" "
..
url
..
" "
..
config_set_ip_addr
..
" "
..
SERVER_NAME
..
" "
..
USER_AGENT
..
" "
..
data
..
" "
..
ruletag
local
log_json_obj
=
CLIENT_IP
..
" "
..
LOCAL_TIME
..
" "
..
method
..
" "
..
url
..
" "
..
ruletag
..
"
\n
"
..
SERVER_NAME
..
" "
..
data
..
" "
..
USER_AGENT
local
LOG_LINE
=
log_json_obj
local
LOG_LINE
=
log_json_obj
local
LOG_NAME
=
LOG_PATH
..
'/'
..
os.date
(
"%Y-%m-%d"
,
os.time
())
..
"_waf.log"
local
LOG_NAME
=
LOG_PATH
..
'/'
..
os.date
(
"%Y-%m-%d"
,
os.time
())
..
"_waf.log"
--local LOG_NAME = LOG_PATH..'/'.."waf.log"
--local LOG_NAME = LOG_PATH..'/'.."waf.log"
...
...
Write
Preview
Markdown
is supported
Attach a file
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to post a comment
