增加对script的验证

65415714 · Joneq · 76232326 · 65415714
Commit 65415714 authored Mar 16, 2021 by Joneq
Showing with 18 additions and 15 deletions
waf.lua
--- a/waf.lua
+++ b/waf.lua
@@ -57,22 +57,7 @@ if config.redis_auth ~= "" and ok then
 end


-------对nginx的参数xss进行处理
-if "GET" == ngx.var.request_method then 
-    args = ngx.req.get_uri_args() 
-elseif "POST" == ngx.var.request_method then 
-    ngx.req.read_body() 
-    args = ngx.req.get_post_args() 
-end 

---如果参数中有<script>...</script>怎跳转google验证
-if args ~= nil then
-	for k, v in pairs(args) do
-		if string.find (v, '<script>', 1) ~= nil then
-			redirect.checkgoogle(red)
-		end
-	end
-end


 local referer = ""
@@ -120,6 +105,24 @@ end



+-------对nginx的参数xss进行处理
+if "GET" == ngx.var.request_method then 
+    args = ngx.req.get_uri_args() 
+elseif "POST" == ngx.var.request_method then 
+    ngx.req.read_body() 
+    args = ngx.req.get_post_args() 
+end 
+
+---如果参数中有<script>...</script>怎跳转google验证
+if args ~= nil then
+	for k, v in pairs(args) do
+		if string.find (v, '<script>', 1) ~= nil then
+			redirect.checkgoogle(red)
+		end
+	end
+end
+
+


 -------s------------------------20200923新增对用户特定URL，IP时间段内的限制-------s------------------------