Skip to content

edetmt / nginx-lua

Go to a project
Commit 81c0351d by edetmt
Options

update waf reg

1 parent 849cac69
Inline Side-by-side
Showing with 22 additions and 23 deletions
README.md
- Nginx+Lua实现自定义WAF防护(Web application firewall)
- 源项目为 https://github.com/loveshell/ngx_lua_waf 只做些许更改
- 源项目为 http://project@git.edetmt.com:10000/project/nginx-lua.git
......@@ -22,14 +22,6 @@ nginx.conf
```
CC攻击拦截
![输入图片说明](https://oscimg.oschina.net/oscnet/efaccc2866f958aa14a64426e1b2cf36066.jpg "在这里输入图片标题")
elk日志分析
![输入图片说明](https://images.gitee.com/uploads/images/2019/0221/204828_74e2e35f_747638.jpeg "在这里输入图片标题")
###########################
更新日志:
增加了whiteip cdip的功能,用以匹配ip段
......
rule-config/args.rule
......@@ -3,20 +3,23 @@
\$\{
select.+(from|limit)
(?:(union(.*?)select))
having|rongjitest
sleep\((\s*)(\d*)(\s*)\)
group\s+by.+\(
(?:from\W+information_schema\W)
(?:(?:current_)user|database|version|schema|connection_id)\s*\(
\s*or\s+.*=.*
order\s+by\s+.*--$
benchmark\((.*)\,(.*)\)
base64_decode\(
(?:from\W+information_schema\W)
(?:(?:current_)user|database|schema|connection_id)\s*\(
(?:etc\/\W*passwd)
into(\s+)+(?:dump|out)file\s*
group\s+by.+\(
xwork.MethodAccessor
(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
xwork\.MethodAccessor
\<(iframe|script|body|layer|meta|style|base|object|input)
(onmouseover|onmousemove|onerror|onload)\=
javascript:
\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)
(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv).*\|\|
(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
java\.lang
\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
\<(iframe|script|body|img|layer|div|meta|style|base|object|input)
(onmouseover|onerror|onload)\=
rule-config/post.rule
password=123456$
\.\./
select.+(from|limit)
(?:(union(.*?)select))
having|rongjitest
sleep\((\s*)(\d*)(\s*)\)
group\s+by.+\(
(?:from\W+information_schema\W)
(?:(?:current_)user|database|version|schema|connection_id)\s*\(
\s*or\s+.*=.*
order\s+by\s+.*--$
benchmark\((.*)\,(.*)\)
base64_decode\(
(?:from\W+information_schema\W)
(?:(?:current_)user|database|schema|connection_id)\s*\(
(?:etc\/\W*passwd)
into(\s+)+(?:dump|out)file\s*
group\s+by.+\(
xwork.MethodAccessor
(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
xwork\.MethodAccessor
\<(iframe|script|body|layer|meta|style|base|object|input)
(onmouseover|onmousemove|onerror|onload)\=
javascript:
\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)
(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv).*\|\|
(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
java\.lang
\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
\<(iframe|script|body|img|layer|div|meta|style|base|object|input)
(onmouseover|onerror|onload)\=
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!