Fetch the repository succeeded.
local io = require("io")
local cjson = require("cjson.safe")
--local zhttp = require "resty.http"
local string = require("string")
local _M = {
---waf
waf_enable = "off",
xwaf_version = 3.1,
config_version = 0,
config_domain="https://xwaf.xxx.com.cn",
api_token="luaapitoken123456",
appname ="",
--file or kafka default 9092
kafka_broker_ip="192.168.xx.xx",
log_model="errorlog",
log_dir="/tmp",
waf_exclude_intranet = true,
waf_exclude_static_file = true,
--white_url_check = false,
--white_ip_check = false,
--white_ua_check = false,
--white_rf_check = false,
black_ip_check = false,
waf_urldeny_check = false,
url_check = false,
url_args_check = false,
user_agent_check = false,
referer_check = false,
cookie_check = false,
post_check = false,
waf_model = "html",
waf_redirect_url = "",
waf_expire_time = 180,
waf_html = "request deny",
verify_html = "no verify",
limit_html = "Too many requests",
waf_url_length = 4096,
region_deny_type = "disable",
region = "",
risk_ip_check = false,
waf_riskip_model = "deny",
waf_riskip_ratev = 1,
--rule
waf_rule = nil,
urldeny_rule = nil,
---reqlimit
reqlimit_enable = "off",
reqlimit_rule = nil,
reqlimit_exclude_intranet = true,
reqlimit_exclude_static = true,
--reqlimit_exclude_cookie = false,
--exclude cookie
--exclude_cookie = "",
reqlimit_exclude_subrequest = true,
reqlimit_exclude_internalrequest = false,
---white
white_list_enable = true,
whitelist = nil,
reqlimit_statuscode = 503,
--balckip
blackip_list = nil,
}
function ReadAppname()
local file = io.open("/usr/local/xwaf/conf/appname.json","r")
local app = file:read("*a");
file:close()
if app == nil then
return nil
end
local json = cjson.decode(app)
if json.appname == "default" or json.appname == "" then
return nil
end
return json.appname
end
function ReadWaf()
local file = io.open("/usr/local/xwaf/conf/waf_config.json","r")
if file ~= nil then
local json = file:read("*a");
file:close()
return json
end
return nil
end
function ReadWafRule()
local file = io.open("/usr/local/xwaf/conf/waf_rule.json","r")
if file ~= nil then
local json3 = file:read("*a");
file:close()
return json3
end
return nil
end
function ReadBlackIp()
local file = io.open("/usr/local/xwaf/conf/waf_blackip.json","r")
if file ~= nil then
local json = file:read("*a");
file:close()
return json
end
return nil
end
function ReadHtml()
local file = io.open("/usr/local/xwaf/403.html","r")
local html = file:read("*a");
file:close()
return html
end
function ReadVerifyHtml()
local file = io.open("/usr/local/xwaf/verify.html","r")
local html = file:read("*a");
file:close()
return html
end
function ReadLimitHtml()
local file = io.open("/usr/local/xwaf/503.html","r")
local html = file:read("*a");
file:close()
return html
end
function _M.GetConfig_fromfile()
local htmltpl = ReadHtml()
local verifyHtml = ReadVerifyHtml()
local htmlLimitTpl = ReadLimitHtml()
local waffile = ReadWaf()
local wafrule = ReadWafRule()
local blackip = ReadBlackIp()
local app_name = ReadAppname()
local json = cjson.decode(waffile)
--local json3 = cjson.decode(wafrule)
--local json4 = cjson.decode(blackip)
if app_name ~= nil then
_M.appname = app_name
end
if htmltpl ~= nil then
_M.waf_html = htmltpl
end
if htmlLimitTpl ~= nil then
_M.limit_html = htmlLimitTpl
end
if verifyHtml ~= nil then
_M.verify_html = verifyHtml
end
if wafrule ~= nil then
_M.waf_rule = wafrule
end
if blackip ~= nil then
_M.blackip_list = blackip
end
if waffile ~= nil and json.waf_enable ~= nil then
_M.waf_enable = json.waf_enable
_M.appname = json.appname --read from local config
_M.waf_exclude_intranet = json.waf_exclude_intranet
_M.waf_exclude_static_file = json.waf_exclude_static
--_M.white_url_check = json.white_url_check
--_M.white_ip_check = json.white_ip_check
--_M.white_ua_check = json.white_ua_check
--_M.white_rf_check = json.white_rf_check
_M.black_ip_check = json.black_ip_check
_M.url_check = json.url_check
_M.url_args_check = json.url_args_check
_M.user_agent_check = json.user_agent_check
_M.referer_check = json.referer_check
_M.cookie_check = json.cookie_check
_M.post_check = json.post_check
_M.waf_model = json.waf_model
_M.waf_redirect_url = json.waf_redirect_url
_M.waf_expire_time = json.waf_expire_time
if json.waf_url_length > 0 then
_M.waf_url_length = json.waf_url_length
end
_M.region_deny_type = json.region_deny_type
if json.region ~= "" then
_M.region = json.region
end
_M.reqlimit_enable = json.reqlimit_enable
_M.reqlimit_exclude_intranet = json.reqlimit_exclude_intranet
_M.reqlimit_exclude_static = json.reqlimit_exclude_static
--_M.reqlimit_exclude_cookie = json.reqlimit_exclude_cookie
--if json.exclude_cookie ~= "" then
-- _M.exclude_cookie = json.exclude_cookie
--end
_M.reqlimit_exclude_subrequest = json.reqlimit_exclude_subrequest
_M.reqlimit_exclude_internalrequest = json.reqlimit_exclude_internalrequest
_M.white_list_enable = json.white_list_enable
_M.reqlimit_statuscode = json.reqlimit_statuscode
_M.reqlimit_rule = waffile
_M.reqlimit_white_list = waffile
end
end
_M.GetConfig_fromfile()
--将tabl set 进dict
local wafconfig = ngx.shared.wafconfig
for k,v in pairs(_M) do
--ngx.log(ngx.DEBUG, string.format("%s:%s",k,v))
if k == "reqlimit_statuscode" then
local ret = wafconfig:set(k,v)
ngx.log(ngx.DEBUG,string.format("wafconfig:%s result: %s",k,ret))
else
local ret = wafconfig:set(k,string.format("%s",v))
ngx.log(ngx.DEBUG,string.format("wafconfig:%s result: %s",k,ret))
end
--local ret = wafconfig:set(k,v)
end
--local ret2 = wafconfig:get("config_version")
--ngx.log(ngx.DEBUG,ret2)
return _M
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手