Skip to content

edetmt / nginx-lua

Go to a project
Commit 58af5829 by edetmt
Options

fixed bugs

1 parent 8e9a43a8
Inline Side-by-side
Showing with 16 additions and 11 deletions
lib.lua
......@@ -56,8 +56,8 @@ function log_record(method,url,data,ruletag)
local LOCAL_TIME = ngx.localtime()
local log_json_obj = CLIENT_IP .. " " .. LOCAL_TIME .. " " .. method .. " " .. url .. " " .. config_set_ip_addr .." ".. SERVER_NAME .. " " ..USER_AGENT .. " " ..data .. " " ..ruletag
local LOG_LINE = log_json_obj
--local LOG_NAME = LOG_PATH..'/'..ngx.today().."_waf.log"
local LOG_NAME = LOG_PATH..'/'.."waf.log"
local LOG_NAME = LOG_PATH..'/'..ngx.today().."_waf.log"
--local LOG_NAME = LOG_PATH..'/'.."waf.log"
local file = io.open(LOG_NAME,"a")
if file == nil then
return
......
rule-config/cc.rule
abc.com|20/60
oa.abc.com|6/60
oa.abc.com|6/60
\ No newline at end of file
rule-config/cookie.rule
......@@ -3,18 +3,23 @@
\$\{
select.+(from|limit)
(?:(union(.*?)select))
having|rongjitest
sleep\((\s*)(\d*)(\s*)\)
group\s+by.+\(
(?:from\W+information_schema\W)
(?:(?:current_)user|database|version|schema|connection_id)\s*\(
\s*or\s+.*=.*
order\s+by\s+.*--$
benchmark\((.*)\,(.*)\)
base64_decode\(
(?:from\W+information_schema\W)
(?:(?:current_)user|database|schema|connection_id)\s*\(
(?:etc\/\W*passwd)
into(\s+)+(?:dump|out)file\s*
group\s+by.+\(
xwork.MethodAccessor
(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
xwork\.MethodAccessor
\<(iframe|script|body|layer|meta|style|base|object|input)
(onmouseover|onmousemove|onerror|onload)\=
javascript:
\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)
(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv).*\|\|
(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
java\.lang
\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!