修改代码

944f98de · Joneq · 25ccf6a9 · 944f98de · 944f98de · 944f98de
Commit 944f98de authored Oct 19, 2020 by Joneq
Showing with 21 additions and 11 deletions
reqhandle.lua
waf.lua
wafcheck.lua
--- a/reqhandle.lua
+++ b/reqhandle.lua
@@ -43,9 +43,9 @@ end
 function _Reqhandle.GetRealIp(self)

    if tonumber(ngx.var.server_name_id) == 1 then
-        local user_ip = ngx.var.remote_addr
+        user_ip = ngx.var.remote_addr
    else
-        local user_ip = ngx.var.remote_addr
+        user_ip = ngx.var.remote_addr
    
        if user_ip == nil then
            user_ip = ngx.req.get_headers()["X-Real-IP"]

--- a/waf.lua
+++ b/waf.lua
@@ -26,11 +26,13 @@ local cjson = require "cjson"

 -------去除一些不要验证的请求并获取url
 local urlok,temp_uri = reqhandle.Selfwhiteurl()
+
 if urlok == "ok" then
 	return 
 end


+
 -------链接redis------------
 red = redis:new()
 red:set_timeout(1000) 
@@ -39,15 +41,19 @@ local ok, err = red:connect(config.redis_host, config.redis_port)

 -- 如果连接失败，跳转到label处
 if not ok then
-  --ngx.say("failed to connect: ", err)
+  ngx.say("failed to connect: ", err)
+  ngx.exit(ngx.HTTP_FORBIDDEN)
  return
 end

-local ok, err = red:auth(config.redis_auth)
+if config.redis_auth ~= "" then 
+	local ok, err = red:auth(config.redis_auth)
+end

 -- 如果连接失败，跳转到label处
 if not ok then
-  --ngx.say("failed to connect: ", err)
+  ngx.say("failed to connect: ", err)
+  ngx.exit(ngx.HTTP_FORBIDDEN)
  return
 end

@@ -57,11 +63,14 @@ end
 spider_config_button , err = red:get('spider_config_button')
 if spider_config_button ~= ngx.null and tonumber(spider_config_button)==1 then
 	red:close()
+	ngx.say("spider_config_button not one ", err)
+	ngx.exit(ngx.HTTP_FORBIDDEN)
 	return
 end

 -- 获取真实ip
-local user_ip = reqhandle.GetRealIp()
+user_ip = reqhandle.GetRealIp()
+

 spider_config_user_ip_button , err = red:get('spider_config_user_ip_button')
 if spider_config_user_ip_button ~= ngx.null and tonumber(spider_config_user_ip_button)==1 then
@@ -78,12 +87,14 @@ if spider_config_user_ip_button ~= ngx.null and tonumber(spider_config_user_ip_b
 end


+
 -- 获取请求头
 local u_agent = ngx.req.get_headers().user_agent




+
 -- 白名单存在直接跳过
 if wafcheck.WhiteIp(user_ip) == 'exist' or wafcheck.WhiteUrl(temp_uri) == 'exist' or wafcheck.WhiteHeader(user_ip) == 'exist' then
 	red:close()
@@ -92,7 +103,6 @@ end



-
 -- 黑名单存在直接302
 if wafcheck.BlackIp(user_ip) == 'exist' or wafcheck.BlackUrl(temp_uri) == 'exist' or wafcheck.BlackHeader(user_ip) == 'exist' then
 	red:close()
@@ -293,7 +303,7 @@ connect_count = tonumber(connect_count)

 -- ip访问频率按照解禁次数递增数
 count_alg , err = red:hget(spider_connect_count_alg,user_ip)
-if count_alg == ngx.null or tonumber(count_alg) <= 0 then
+if count_alg == ngx.null or count_alg == false or tonumber(count_alg) <= 0 then
 	count_alg = 0
 end
 connect_count = connect_count+tonumber(count_alg)

--- a/wafcheck.lua
+++ b/wafcheck.lua
@@ -8,7 +8,7 @@ local _Wafcheck= {}

 --------白名单ip-----------
 function _Wafcheck.WhiteIp(self,user_ip)
-    local is_exist ,err = red:sismember('ichunt_waf_white_ip', user_ip)
+    is_exist ,err = red:sismember('ichunt_waf_white_ip', user_ip)
    if is_exist == 1 then
      return "exist"
    end
@@ -18,7 +18,7 @@ end

 --------白名单url-----------
 function _Wafcheck.WhiteUrl(self,url)
-    local is_exist ,err = red:sismember('ichunt_waf_white_url', url)
+    is_exist ,err = red:sismember('ichunt_waf_white_url', url)
    if is_exist == 1 then
      return "exist"
    end
@@ -28,7 +28,7 @@ end

 --------白名单header-----------
 function _Wafcheck.WhiteHeader(self,header)
-    local is_exist ,err = red:sismember('ichunt_waf_white_header', header)
+    is_exist ,err = red:sismember('ichunt_waf_white_header', header)
    if is_exist == 1 then
      return "exist"
    end