修改代码

waf.lua

@@ -12,7 +12,7 @@ local config = require "config"
 local redis = require "resty.redis"
 local redis = require "resty.redis"
 local redirect = require "redirect"
 local redirect = require "redirect"
 local localstring = require "localstring"
 local localstring = require "localstring"
-local wafcheck = require "wafcheck"
+-- local wafcheck = require "wafcheck"
 local reqhandle = require "reqhandle"
 local reqhandle = require "reqhandle"
 
 
 -------加载.so扩展包
 -------加载.so扩展包
@@ -34,7 +34,7 @@ end
 
 
 
 
 -------链接redis------------
 -------链接redis------------
-red = redis:new()
+local red = redis:new()
 red:set_timeout(1000) 
 red:set_timeout(1000) 
 
 
 local ok, err = red:connect(config.redis_host, config.redis_port)
 local ok, err = red:connect(config.redis_host, config.redis_port)
@@ -85,28 +85,26 @@ user_ip = reqhandle.GetRealIp()
 u_agent = ngx.req.get_headers().user_agent
 u_agent = ngx.req.get_headers().user_agent
 
 
 
 
-
+ngx.say(user_ip)
+local is_exist ,err = red:sismember('ichunt_waf_black_ip', user_ip)
+ngx.say(is_exist)
+ngx.exit(ngx.HTTP_FORBIDDEN)
 
 
 
 
 -- 白名单存在直接跳过
 -- 白名单存在直接跳过
-if wafcheck.WhiteIp(user_ip) == 'exist' or wafcheck.WhiteUrl(temp_uri) == 'exist' or wafcheck.WhiteHeader(u_agent) == 'exist' then
-	return 
-end
+-- if wafcheck.WhiteIp(user_ip) == 'exist' or wafcheck.WhiteUrl(temp_uri) == 'exist' or wafcheck.WhiteHeader(u_agent) == 'exist' then
+-- 	return 
+-- end
 
 
 
 
-ngx.say(user_ip)
-ngx.say(wafcheck.BlackIp(user_ip))
-ngx.exit(ngx.HTTP_FORBIDDEN)
 
 
--- 黑名单存在直接302
-if wafcheck.BlackIp(user_ip) == 'exist' or wafcheck.BlackUrl(temp_uri) == 'exist' or wafcheck.BlackHeader(u_agent) == 'exist' then
 
 
-	ngx.say(wafcheck.BlackIp(user_ip))
-	ngx.exit(ngx.HTTP_FORBIDDEN)
-	ngx.say(1)
+-- 黑名单存在直接302
+-- if wafcheck.BlackIp(user_ip) == 'exist' or wafcheck.BlackUrl(temp_uri) == 'exist' or wafcheck.BlackHeader(u_agent) == 'exist' then
 
 
-	return
-end
+-- 	ngx.exit(ngx.HTTP_FORBIDDEN)
+-- 	return
+-- end