修改代码

a3300db9 · Joneq · 43c17fb6 · a3300db9 · a3300db9
Commit a3300db9 authored Oct 19, 2020 by Joneq
Showing with 22 additions and 28 deletions
waf.lua
wafcheck.lua
--- a/waf.lua
+++ b/waf.lua
@@ -38,7 +38,7 @@ red = redis:new()
 red:set_timeout(1000) 

 local ok, err = red:connect(config.redis_host, config.redis_port)
-ngx.say(err)
+

 -- 如果连接失败，跳转到label处
 if not ok then
@@ -47,10 +47,10 @@ if not ok then
  return
 end

-ngx.say(config.redis_auth)
+
 if config.redis_auth ~= "" then 
 	local ok, err = red:auth(config.redis_auth)
-	ngx.say(err)
+
 	-- 如果连接失败，跳转到label处
 	if not ok then
 		ngx.say("failed to connect: ", err)
@@ -85,26 +85,21 @@ user_ip = reqhandle.GetRealIp()
 u_agent = ngx.req.get_headers().user_agent


-ngx.say(user_ip)
-local is_exist = wafcheck.BlackIp(user_ip,red)
-ngx.say(is_exist)
-ngx.exit(ngx.HTTP_FORBIDDEN)


 -- 白名单存在直接跳过
-- if wafcheck.WhiteIp(user_ip) == 'exist' or wafcheck.WhiteUrl(temp_uri) == 'exist' or wafcheck.WhiteHeader(u_agent) == 'exist' then
-- 	return 
-- end
+if wafcheck.WhiteIp(user_ip,red) == 'exist' or wafcheck.WhiteUrl(temp_uri,red) == 'exist' or wafcheck.WhiteHeader(u_agent,red) == 'exist' then
+	return 
+end




 -- 黑名单存在直接302
-- if wafcheck.BlackIp(user_ip) == 'exist' or wafcheck.BlackUrl(temp_uri) == 'exist' or wafcheck.BlackHeader(u_agent) == 'exist' then
-
-- 	ngx.exit(ngx.HTTP_FORBIDDEN)
-- 	return
-- end
+if wafcheck.BlackIp(user_ip,red) == 'exist' or wafcheck.BlackUrl(temp_uri,red) == 'exist' or wafcheck.BlackHeader(u_agent,red) == 'exist' then
+	ngx.exit(ngx.HTTP_FORBIDDEN)
+	return
+end



@@ -416,7 +411,6 @@ red:lpush('spider_ip_info_list',cjson.encode(arr))
 res , err = red:expire(spider_time .. user_ip , spider_key_exit_time)
 res , err = red:expire(spider_count .. user_ip , spider_key_exit_time)

-local ok , err = red:close()




--- a/wafcheck.lua
+++ b/wafcheck.lua
@@ -7,8 +7,8 @@ local _Wafcheck= {}


 --------白名单ip-----------
-function _Wafcheck.WhiteIp(user_ip)
-    local is_exist ,err = red:sismember('ichunt_waf_white_ip', user_ip)
+function _Wafcheck.WhiteIp(user_ip,redis)
+    local is_exist ,err = redis:sismember('ichunt_waf_white_ip', user_ip)
    if is_exist == 1 then
      return "exist"
    end
@@ -17,8 +17,8 @@ end


 --------白名单url-----------
-function _Wafcheck.WhiteUrl(url)
-    local is_exist ,err = red:sismember('ichunt_waf_white_url', url)
+function _Wafcheck.WhiteUrl(url,redis)
+    local is_exist ,err = redis:sismember('ichunt_waf_white_url', url)
    if is_exist == 1 then
      return "exist"
    end
@@ -27,8 +27,8 @@ end


 --------白名单header-----------
-function _Wafcheck.WhiteHeader(header)
-    local is_exist ,err = red:sismember('ichunt_waf_white_header', header)
+function _Wafcheck.WhiteHeader(header,redis)
+    local is_exist ,err = redis:sismember('ichunt_waf_white_header', header)
    if is_exist == 1 then
      return "exist"
    end
@@ -38,8 +38,8 @@ end


 -------黑名单Ip
-function _Wafcheck.BlackIp(user_ip,reds)
-    local is_exist ,err = reds:sismember('ichunt_waf_black_ip', user_ip)
+function _Wafcheck.BlackIp(user_ip,redis)
+    local is_exist ,err = redis:sismember('ichunt_waf_black_ip', user_ip)
    ngx.say(is_exist)
    ngx.say(err)
    if is_exist == 1 then
@@ -50,8 +50,8 @@ end


 -------黑名单Url
-function _Wafcheck.BlackUrl(url)
-    local is_exist ,err = red:sismember('ichunt_waf_black_url', url)
+function _Wafcheck.BlackUrl(url,redis)
+    local is_exist ,err = redis:sismember('ichunt_waf_black_url', url)
    if is_exist == 1 then
        return "exist"
    end
@@ -60,8 +60,8 @@ end


 -------黑名单header
-function _Wafcheck.BlackHeader(header)
-    local is_exist ,err = red:sismember('ichunt_waf_black_header', header)
+function _Wafcheck.BlackHeader(header,redis)
+    local is_exist ,err = redis:sismember('ichunt_waf_black_header', header)
    if is_exist == 1 then
        return "exist"
    end