增加对script的验证

waf.lua

@@ -21,9 +21,6 @@ local cjson = require "cjson"
 
 
 
 
 
 
-
-
-
 -------去除一些不要验证的请求并获取url
 -------去除一些不要验证的请求并获取url
 local urlok,temp_uri = reqhandle.Selfwhiteurl()
 local urlok,temp_uri = reqhandle.Selfwhiteurl()
 
 
@@ -60,6 +57,21 @@ if config.redis_auth ~= "" and ok then
 end
 end
 
 
 
 
+-------对nginx的参数xss进行处理
+if "GET" == request_method then 
+    args = ngx.req.get_uri_args() 
+elseif "POST" == request_method then 
+    ngx.req.read_body() 
+    args = ngx.req.get_post_args() 
+end 
+---如果参数中有<script>...</script>怎跳转google验证
+for k, v in pairs(args) do
+    if string.find (v, '<script>', 1) != nil
+		redirect.checkgoogle(red)
+	end
+end
+
+
 local referer = ""
 local referer = ""
 if ngx.req.get_headers()['referer'] ~= nil then
 if ngx.req.get_headers()['referer'] ~= nil then
 	referer = ngx.req.get_headers()['referer']
 	referer = ngx.req.get_headers()['referer']