Skip to content

edetmt / nginx-lua

Go to a project
Commit 58af5829 by edetmt
Options

fixed bugs

1 parent 8e9a43a8
Inline Side-by-side
Showing with 14 additions and 10 deletions
lib.lua
...@@ -56,8 +56,8 @@ function log_record(method,url,data,ruletag) ...@@ -56,8 +56,8 @@ function log_record(method,url,data,ruletag)
local LOCAL_TIME = ngx.localtime() local LOCAL_TIME = ngx.localtime()
local log_json_obj = CLIENT_IP .. " " .. LOCAL_TIME .. " " .. method .. " " .. url .. " " .. config_set_ip_addr .." ".. SERVER_NAME .. " " ..USER_AGENT .. " " ..data .. " " ..ruletag local log_json_obj = CLIENT_IP .. " " .. LOCAL_TIME .. " " .. method .. " " .. url .. " " .. config_set_ip_addr .." ".. SERVER_NAME .. " " ..USER_AGENT .. " " ..data .. " " ..ruletag
local LOG_LINE = log_json_obj local LOG_LINE = log_json_obj
--local LOG_NAME = LOG_PATH..'/'..ngx.today().."_waf.log" local LOG_NAME = LOG_PATH..'/'..ngx.today().."_waf.log"
local LOG_NAME = LOG_PATH..'/'.."waf.log" --local LOG_NAME = LOG_PATH..'/'.."waf.log"
local file = io.open(LOG_NAME,"a") local file = io.open(LOG_NAME,"a")
if file == nil then if file == nil then
return return
......
rule-config/cc.rule
abc.com|20/60 abc.com|20/60
oa.abc.com|6/60 oa.abc.com|6/60
rule-config/cookie.rule
...@@ -3,18 +3,23 @@ ...@@ -3,18 +3,23 @@
\$\{ \$\{
select.+(from|limit) select.+(from|limit)
(?:(union(.*?)select)) (?:(union(.*?)select))
having|rongjitest
sleep\((\s*)(\d*)(\s*)\) sleep\((\s*)(\d*)(\s*)\)
group\s+by.+\(
(?:from\W+information_schema\W)
(?:(?:current_)user|database|version|schema|connection_id)\s*\(
\s*or\s+.*=.*
order\s+by\s+.*--$
benchmark\((.*)\,(.*)\) benchmark\((.*)\,(.*)\)
base64_decode\( base64_decode\(
(?:from\W+information_schema\W)
(?:(?:current_)user|database|schema|connection_id)\s*\(
(?:etc\/\W*passwd) (?:etc\/\W*passwd)
into(\s+)+(?:dump|out)file\s* into(\s+)+(?:dump|out)file\s*
group\s+by.+\(
xwork.MethodAccessor xwork.MethodAccessor
(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\( (?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
xwork\.MethodAccessor \<(iframe|script|body|layer|meta|style|base|object|input)
(onmouseover|onmousemove|onerror|onload)\=
javascript:
\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)
(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv).*\|\|
(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/ (gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
java\.lang java\.lang
\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[ \$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!