You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to study lua-resty-waf, some how I find that there is no interception function when deployed to the website. . . (Laughs) Isn't my installation wrong?
And I also used someone else's Docker, https://github.com/Kusumoto/docker-openresty, it worked correctly, and I found that I could n’t intercept some basic rules. Describe in detail:
90000_custom.json line 171 has a (should be) a rule to block a specific UA, but I used postman to disguise this UA, User-Agent: Mozilla / 5.0 (compatible; Zollard; Linux), and found that it is not useful at all.
This is my nginx.conf:
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
init_by_lua_block {
-- use resty.core for performance improvement, see the status note above
require "resty.core"
-- require the base module
local lua_resty_waf = require "resty.waf"
-- this translates and calculates a ruleset called 'ruleset_name'
local ok, errs = pcall(function()
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/11000_whitelist.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/20000_http_violation.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/21000_http_anomaly.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/35000_user_agent.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/40000_generic_attack.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/41000_sqli.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/42000_xss.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/90000_custom.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/99000_scoring.json")
end)
-- errs is an array-like table
if errs then
for i = 1, #errs do
ngx.log(ngx.ERR, errs[i])
end
end
-- perform some preloading and optimization
lua_resty_waf.init()
}
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
# location / {
# root html;
# index index.html index.htm;
# }
location / {
access_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:set_option("add_ruleset", "11000_whitelist.json")
waf:set_option("add_ruleset", "20000_http_violation.json")
waf:set_option("add_ruleset", "21000_http_anomaly.json")
waf:set_option("add_ruleset", "35000_user_agent.json")
waf:set_option("add_ruleset", "40000_generic_attack.json")
waf:set_option("add_ruleset", "41000_sqli.json")
waf:set_option("add_ruleset", "42000_xss.json")
waf:set_option("add_ruleset", "90000_custom.json")
waf:set_option("add_ruleset", "99000_scoring.json")
-- define options that will be inherited across all scopes
waf:set_option("debug", false)
waf:set_option("mode", "ACTIVE")
-- this may be desirable for low-traffic or testing sites
-- by default, event logs are not written until the buffer is full
-- for testing, flush the log buffer every 5 seconds
--
-- this is only necessary when configuring a remote TCP/UDP
-- socket server for event logs. otherwise, this is ignored
waf:set_option("event_log_periodic_flush", 5)
-- run the firewall
waf:exec()
}
header_filter_by_lua_block {
local lua_resty_waf = require "resty.waf"
-- note that options set in previous handlers (in the same scope)
-- do not need to be set again
local waf = lua_resty_waf:new()
waf:exec()
}
body_filter_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:exec()
}
log_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:exec()
}
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Thanks to you looking in my question.
The text was updated successfully, but these errors were encountered:
I want to study lua-resty-waf, some how I find that there is no interception function when deployed to the website. . . (Laughs) Isn't my installation wrong?
And I also used someone else's Docker, https://github.com/Kusumoto/docker-openresty, it worked correctly, and I found that I could n’t intercept some basic rules. Describe in detail:
90000_custom.json line 171 has a (should be) a rule to block a specific UA, but I used postman to disguise this UA, User-Agent: Mozilla / 5.0 (compatible; Zollard; Linux), and found that it is not useful at all.
This is my nginx.conf:
Thanks to you looking in my question.
The text was updated successfully, but these errors were encountered: