Skip to content

CnChunfeng / ichunt_lua_waf

Go to a project
Commit a3300db9 by Joneq
Options

修改代码

parent 43c17fb6
Inline Side-by-side
Showing with 22 additions and 28 deletions
waf.lua
...@@ -38,7 +38,7 @@ red = redis:new() ...@@ -38,7 +38,7 @@ red = redis:new()
red:set_timeout(1000) red:set_timeout(1000)
local ok, err = red:connect(config.redis_host, config.redis_port) local ok, err = red:connect(config.redis_host, config.redis_port)
ngx.say(err)
-- 如果连接失败,跳转到label处 -- 如果连接失败,跳转到label处
if not ok then if not ok then
...@@ -47,10 +47,10 @@ if not ok then ...@@ -47,10 +47,10 @@ if not ok then
return return
end end
ngx.say(config.redis_auth)
if config.redis_auth ~= "" then if config.redis_auth ~= "" then
local ok, err = red:auth(config.redis_auth) local ok, err = red:auth(config.redis_auth)
ngx.say(err)
-- 如果连接失败,跳转到label处 -- 如果连接失败,跳转到label处
if not ok then if not ok then
ngx.say("failed to connect: ", err) ngx.say("failed to connect: ", err)
...@@ -85,26 +85,21 @@ user_ip = reqhandle.GetRealIp() ...@@ -85,26 +85,21 @@ user_ip = reqhandle.GetRealIp()
u_agent = ngx.req.get_headers().user_agent u_agent = ngx.req.get_headers().user_agent
ngx.say(user_ip)
local is_exist = wafcheck.BlackIp(user_ip,red)
ngx.say(is_exist)
ngx.exit(ngx.HTTP_FORBIDDEN)
-- 白名单存在直接跳过 -- 白名单存在直接跳过
-- if wafcheck.WhiteIp(user_ip) == 'exist' or wafcheck.WhiteUrl(temp_uri) == 'exist' or wafcheck.WhiteHeader(u_agent) == 'exist' then if wafcheck.WhiteIp(user_ip,red) == 'exist' or wafcheck.WhiteUrl(temp_uri,red) == 'exist' or wafcheck.WhiteHeader(u_agent,red) == 'exist' then
-- return return
-- end end
-- 黑名单存在直接302 -- 黑名单存在直接302
-- if wafcheck.BlackIp(user_ip) == 'exist' or wafcheck.BlackUrl(temp_uri) == 'exist' or wafcheck.BlackHeader(u_agent) == 'exist' then if wafcheck.BlackIp(user_ip,red) == 'exist' or wafcheck.BlackUrl(temp_uri,red) == 'exist' or wafcheck.BlackHeader(u_agent,red) == 'exist' then
ngx.exit(ngx.HTTP_FORBIDDEN)
-- ngx.exit(ngx.HTTP_FORBIDDEN) return
-- return end
-- end
...@@ -416,7 +411,6 @@ red:lpush('spider_ip_info_list',cjson.encode(arr)) ...@@ -416,7 +411,6 @@ red:lpush('spider_ip_info_list',cjson.encode(arr))
res , err = red:expire(spider_time .. user_ip , spider_key_exit_time) res , err = red:expire(spider_time .. user_ip , spider_key_exit_time)
res , err = red:expire(spider_count .. user_ip , spider_key_exit_time) res , err = red:expire(spider_count .. user_ip , spider_key_exit_time)
local ok , err = red:close()
......
wafcheck.lua
...@@ -7,8 +7,8 @@ local _Wafcheck= {} ...@@ -7,8 +7,8 @@ local _Wafcheck= {}
--------白名单ip----------- --------白名单ip-----------
function _Wafcheck.WhiteIp(user_ip) function _Wafcheck.WhiteIp(user_ip,redis)
local is_exist ,err = red:sismember('ichunt_waf_white_ip', user_ip) local is_exist ,err = redis:sismember('ichunt_waf_white_ip', user_ip)
if is_exist == 1 then if is_exist == 1 then
return "exist" return "exist"
end end
...@@ -17,8 +17,8 @@ end ...@@ -17,8 +17,8 @@ end
--------白名单url----------- --------白名单url-----------
function _Wafcheck.WhiteUrl(url) function _Wafcheck.WhiteUrl(url,redis)
local is_exist ,err = red:sismember('ichunt_waf_white_url', url) local is_exist ,err = redis:sismember('ichunt_waf_white_url', url)
if is_exist == 1 then if is_exist == 1 then
return "exist" return "exist"
end end
...@@ -27,8 +27,8 @@ end ...@@ -27,8 +27,8 @@ end
--------白名单header----------- --------白名单header-----------
function _Wafcheck.WhiteHeader(header) function _Wafcheck.WhiteHeader(header,redis)
local is_exist ,err = red:sismember('ichunt_waf_white_header', header) local is_exist ,err = redis:sismember('ichunt_waf_white_header', header)
if is_exist == 1 then if is_exist == 1 then
return "exist" return "exist"
end end
...@@ -38,8 +38,8 @@ end ...@@ -38,8 +38,8 @@ end
-------黑名单Ip -------黑名单Ip
function _Wafcheck.BlackIp(user_ip,reds) function _Wafcheck.BlackIp(user_ip,redis)
local is_exist ,err = reds:sismember('ichunt_waf_black_ip', user_ip) local is_exist ,err = redis:sismember('ichunt_waf_black_ip', user_ip)
ngx.say(is_exist) ngx.say(is_exist)
ngx.say(err) ngx.say(err)
if is_exist == 1 then if is_exist == 1 then
...@@ -50,8 +50,8 @@ end ...@@ -50,8 +50,8 @@ end
-------黑名单Url -------黑名单Url
function _Wafcheck.BlackUrl(url) function _Wafcheck.BlackUrl(url,redis)
local is_exist ,err = red:sismember('ichunt_waf_black_url', url) local is_exist ,err = redis:sismember('ichunt_waf_black_url', url)
if is_exist == 1 then if is_exist == 1 then
return "exist" return "exist"
end end
...@@ -60,8 +60,8 @@ end ...@@ -60,8 +60,8 @@ end
-------黑名单header -------黑名单header
function _Wafcheck.BlackHeader(header) function _Wafcheck.BlackHeader(header,redis)
local is_exist ,err = red:sismember('ichunt_waf_black_header', header) local is_exist ,err = redis:sismember('ichunt_waf_black_header', header)
if is_exist == 1 then if is_exist == 1 then
return "exist" return "exist"
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment