+
+
\ No newline at end of file
diff --git a/apps/nginx/versions/1.21.4/root/stop/index.html b/apps/nginx/versions/1.21.4/root/stop/index.html
new file mode 100644
index 00000000..a38fa64b
--- /dev/null
+++ b/apps/nginx/versions/1.21.4/root/stop/index.html
@@ -0,0 +1,33 @@
+
+
+
+
+ 抱歉,站点已暂停
+
+
+
+
+
+
抱歉!该站点已经被管理员停止运行,请联系管理员了解详情!
+
+
+
\ No newline at end of file
diff --git a/apps/nginx/versions/1.21.4/www/common/waf/access.lua b/apps/nginx/versions/1.21.4/www/common/waf/access.lua
new file mode 100644
index 00000000..b4e8c78d
--- /dev/null
+++ b/apps/nginx/versions/1.21.4/www/common/waf/access.lua
@@ -0,0 +1,384 @@
+local match = string.match
+local ngxmatch=ngx.re.match
+local unescape=ngx.unescape_uri
+local get_headers = ngx.req.get_headers
+local cjson = require "cjson"
+local content_length=tonumber(ngx.req.get_headers()['content-length'])
+local method=ngx.req.get_method()
+
+
+local function optionIsOn(options)
+ return options == "on" or options == "On" or options == "ON"
+end
+
+local logpath = ngx.var.logdir
+local rulepath = ngx.var.RulePath
+local attacklog = optionIsOn(ngx.var.attackLog)
+local Redirect=optionIsOn(ngx.var.redirect)
+local CCDeny = optionIsOn(ngx.var.CCDeny)
+local UrlBlockDeny = optionIsOn(ngx.var.urlBlockDeny)
+local UrlWhiteAllow = optionIsOn(ngx.var.urlWhiteAllow)
+local IpBlockDeny = optionIsOn(ngx.var.ipBlockDeny)
+local IpWhiteAllow = optionIsOn(ngx.var.ipWhiteAllow)
+local PostDeny = optionIsOn(ngx.var.postDeny)
+local ArgsDeny = optionIsOn(ngx.var.argsDeny)
+local CookieDeny = optionIsOn(ngx.var.cookieDeny)
+local FileExtDeny = optionIsOn(ngx.var.fileExtDeny)
+
+local function getClientIp()
+ IP = ngx.var.remote_addr
+ if IP == nil then
+ IP = "unknown"
+ end
+ return IP
+end
+local function write(logfile,msg)
+ local fd = io.open(logfile,"ab")
+ if fd == nil then return end
+ fd:write(msg)
+ fd:flush()
+ fd:close()
+end
+local function log(method,url,data,ruletag)
+ if attacklog then
+ local realIp = getClientIp()
+ local ua = ngx.var.http_user_agent
+ local servername=ngx.var.server_name
+ local time=ngx.localtime()
+ local line = nil
+ if ua then
+ line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" \""..ua.."\" \""..ruletag.."\"\n"
+ else
+ line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..ruletag.."\"\n"
+ end
+ local filename = logpath..'/'..servername.."_"..ngx.today().."_sec.log"
+ write(filename,line)
+ end
+end
+------------------------------------规则读取函数-------------------------------------------------------------------
+local function read_rule(var)
+ file = io.open(rulepath..'/'..var,"r")
+ if file==nil then
+ return
+ end
+ t = {}
+ for line in file:lines() do
+ table.insert(t,line)
+ end
+ file:close()
+ return(t)
+end
+
+local function read_json(var)
+ file = io.open(rulepath..'/'..var,"r")
+ if file==nil then
+ return
+ end
+ str = file:read("*a")
+ file:close()
+ list = cjson.decode(str)
+ return list
+end
+
+local function read_str(var)
+ file = io.open(rulepath..'/'..var,"r")
+ if file==nil then
+ return
+ end
+ local str = file:read("*a")
+ file:close()
+ return str
+end
+
+
+
+local urlWhiteList=read_rule('urlWhiteList')
+local urlBlockList=read_rule('urlBlockList')
+local argsCheckList=read_rule('argsCheckList')
+local postCheckList=read_rule('postCheckList')
+local cookieBlockList=read_rule('cookieBlockList')
+local ipWhiteList=read_json('ipWhiteList')
+local ipBlockList=read_json('ipBlockList')
+local ccRate=read_str('ccRate')
+local fileExtBlockList = read_json('fileExtBlockList')
+
+local html=read_str('html')
+local uarules=read_rule('user-agent')
+
+local function say_html()
+ if Redirect then
+ ngx.header.content_type = "text/html"
+ ngx.status = ngx.HTTP_FORBIDDEN
+ ngx.say(html)
+ ngx.exit(ngx.status)
+ end
+end
+
+local function whiteurl()
+ if UrlWhiteAllow then
+ if urlWhiteList ~=nil then
+ for _,rule in pairs(urlWhiteList) do
+ if ngxmatch(ngx.var.uri,rule,"isjo") then
+ return true
+ end
+ end
+ end
+ end
+ return false
+end
+local function fileExtCheck(ext)
+ if FileExtDeny then
+ local items = Set(fileExtBlockList)
+ ext=string.lower(ext)
+ if ext then
+ for rule in pairs(items) do
+ if ngx.re.match(ext,rule,"isjo") then
+ log('POST',ngx.var.request_uri,"-","file attack with ext "..ext)
+ say_html()
+ end
+ end
+ end
+ end
+ return false
+end
+function Set (list)
+ local set = {}
+ for _, l in ipairs(list) do set[l] = true end
+ return set
+end
+
+local function args()
+ if ArgsDeny then
+ if argsCheckList then
+ for _,rule in pairs(argsCheckList) do
+ local uriArgs = ngx.req.get_uri_args()
+ for key, val in pairs(uriArgs) do
+ if type(val)=='table' then
+ local t={}
+ for k,v in pairs(val) do
+ if v == true then
+ v=""
+ end
+ table.insert(t,v)
+ end
+ data=table.concat(t, " ")
+ else
+ data=val
+ end
+ if data and type(data) ~= "boolean" and rule ~="" and ngxmatch(unescape(data),rule,"isjo") then
+ log('GET',ngx.var.request_uri,"-",rule)
+ say_html()
+ return true
+ end
+ end
+ end
+ end
+ end
+ return false
+end
+
+
+local function url()
+ if UrlBlockDeny then
+ for _,rule in pairs(urlBlockList) do
+ if rule ~="" and ngxmatch(ngx.var.request_uri,rule,"isjo") then
+ log('GET',ngx.var.request_uri,"-",rule)
+ say_html()
+ return true
+ end
+ end
+ end
+ return false
+end
+
+function ua()
+ local ua = ngx.var.http_user_agent
+ if ua ~= nil then
+ for _,rule in pairs(uarules) do
+ if rule ~="" and ngxmatch(ua,rule,"isjo") then
+ log('UA',ngx.var.request_uri,"-",rule)
+ say_html()
+ return true
+ end
+ end
+ end
+ return false
+end
+function body(data)
+ for _,rule in pairs(postCheckList) do
+ if rule ~="" and data~="" and ngxmatch(unescape(data),rule,"isjo") then
+ log('POST',ngx.var.request_uri,data,rule)
+ say_html()
+ return true
+ end
+ end
+ return false
+end
+local function cookie()
+ local ck = ngx.var.http_cookie
+ if CookieDeny and ck then
+ for _,rule in pairs(cookieBlockList) do
+ if rule ~="" and ngxmatch(ck,rule,"isjo") then
+ log('Cookie',ngx.var.request_uri,"-",rule)
+ say_html()
+ return true
+ end
+ end
+ end
+ return false
+end
+
+local function denycc()
+ if CCDeny and ccRate then
+ local uri=ngx.var.uri
+ CCcount=tonumber(string.match(ccRate,'(.*)/'))
+ CCseconds=tonumber(string.match(ccRate,'/(.*)'))
+ local uri = getClientIp()..uri
+ local limit = ngx.shared.limit
+ local req,_=limit:get(uri)
+ if req then
+ if req > CCcount then
+ ngx.exit(503)
+ return true
+ else
+ limit:incr(token,1)
+ end
+ else
+ limit:set(uri,1,CCseconds)
+ end
+ end
+ return false
+end
+
+local function get_boundary()
+ local header = get_headers()["content-type"]
+ if not header then
+ return nil
+ end
+
+ if type(header) == "table" then
+ header = header[1]
+ end
+
+ local m = match(header, ";%s*boundary=\"([^\"]+)\"")
+ if m then
+ return m
+ end
+
+ return match(header, ";%s*boundary=([^\",;]+)")
+end
+
+local function whiteip()
+ if IpWhiteAllow then
+ if next(ipWhiteList) ~= nil then
+ for _,ip in pairs(ipWhiteList) do
+ if getClientIp()==ip then
+ return true
+ end
+ end
+ end
+ end
+ return false
+end
+
+local function blockip()
+ if IpBlockDeny then
+ if next(ipBlockList) ~= nil then
+ for _,ip in pairs(ipBlockList) do
+ if getClientIp()==ip then
+ ngx.exit(403)
+ return true
+ end
+ end
+ end
+ end
+ return false
+end
+
+
+
+if whiteip() then
+elseif blockip() then
+elseif denycc() then
+elseif ngx.var.http_Acunetix_Aspect then
+ ngx.exit(444)
+elseif ngx.var.http_X_Scan_Memo then
+ ngx.exit(444)
+elseif whiteurl() then
+elseif ua() then
+elseif url() then
+elseif args() then
+elseif cookie() then
+elseif PostDeny then
+ if method=="POST" then
+ local boundary = get_boundary()
+ if boundary then
+ local len = string.len
+ local sock, err = ngx.req.socket()
+ if not sock then
+ return
+ end
+ ngx.req.init_body(128 * 1024)
+ sock:settimeout(0)
+ local content_length = nil
+ content_length=tonumber(ngx.req.get_headers()['content-length'])
+ local chunk_size = 4096
+ if content_length < chunk_size then
+ chunk_size = content_length
+ end
+ local size = 0
+ while size < content_length do
+ local data, err, partial = sock:receive(chunk_size)
+ data = data or partial
+ if not data then
+ return
+ end
+ ngx.req.append_body(data)
+ if body(data) then
+ return true
+ end
+ size = size + len(data)
+ local m = ngxmatch(data,[[Content-Disposition: form-data;(.+)filename="(.+)\\.(.*)"]],'ijo')
+ if m then
+ fileExtCheck(m[3])
+ filetranslate = true
+ else
+ if ngxmatch(data,"Content-Disposition:",'isjo') then
+ filetranslate = false
+ end
+ if filetranslate==false then
+ if body(data) then
+ return true
+ end
+ end
+ end
+ local less = content_length - size
+ if less < chunk_size then
+ chunk_size = less
+ end
+ end
+ ngx.req.finish_body()
+ else
+ ngx.req.read_body()
+ local args = ngx.req.get_post_args()
+ if not args then
+ return
+ end
+ for key, val in pairs(args) do
+ if type(val) == "table" then
+ if type(val[1]) == "boolean" then
+ return
+ end
+ data=table.concat(val, ", ")
+ else
+ data=val
+ end
+ if data and type(data) ~= "boolean" and body(data) then
+ body(key)
+ end
+ end
+ end
+ end
+else
+ return
+end
diff --git a/apps/nginx/versions/1.21.4/www/common/waf/init.lua b/apps/nginx/versions/1.21.4/www/common/waf/init.lua
new file mode 100644
index 00000000..84f342c3
--- /dev/null
+++ b/apps/nginx/versions/1.21.4/www/common/waf/init.lua
@@ -0,0 +1 @@
+ngx.log(ngx.INFO,"init success")
\ No newline at end of file
diff --git a/apps/nginx/versions/1.21.4/www/common/waf/rules/argsCheckList b/apps/nginx/versions/1.21.4/www/common/waf/rules/argsCheckList
new file mode 100644
index 00000000..d5bf8e80
--- /dev/null
+++ b/apps/nginx/versions/1.21.4/www/common/waf/rules/argsCheckList
@@ -0,0 +1,22 @@
+\.\./
+\:\$
+\$\{
+select.+(from|limit)
+(?:(union(.*?)select))
+having|rongjitest
+sleep\((\s*)(\d*)(\s*)\)
+benchmark\((.*)\,(.*)\)
+base64_decode\(
+(?:from\W+information_schema\W)
+(?:(?:current_)user|database|schema|connection_id)\s*\(
+(?:etc\/\W*passwd)
+into(\s+)+(?:dump|out)file\s*
+group\s+by.+\(
+xwork.MethodAccessor
+(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
+xwork\.MethodAccessor
+(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
+java\.lang
+\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
+\<(iframe|script|body|img|layer|div|meta|style|base|object|input)
+(onmouseover|onerror|onload)\=
diff --git a/apps/nginx/versions/1.21.4/www/common/waf/rules/ccRate b/apps/nginx/versions/1.21.4/www/common/waf/rules/ccRate
new file mode 100644
index 00000000..2286d9b8
--- /dev/null
+++ b/apps/nginx/versions/1.21.4/www/common/waf/rules/ccRate
@@ -0,0 +1 @@
+100/60
\ No newline at end of file
diff --git a/apps/nginx/versions/1.21.4/www/common/waf/rules/cookieBlockList b/apps/nginx/versions/1.21.4/www/common/waf/rules/cookieBlockList
new file mode 100644
index 00000000..30554cac
--- /dev/null
+++ b/apps/nginx/versions/1.21.4/www/common/waf/rules/cookieBlockList
@@ -0,0 +1,20 @@
+\.\./
+\:\$
+\$\{
+select.+(from|limit)
+(?:(union(.*?)select))
+having|rongjitest
+sleep\((\s*)(\d*)(\s*)\)
+benchmark\((.*)\,(.*)\)
+base64_decode\(
+(?:from\W+information_schema\W)
+(?:(?:current_)user|database|schema|connection_id)\s*\(
+(?:etc\/\W*passwd)
+into(\s+)+(?:dump|out)file\s*
+group\s+by.+\(
+xwork.MethodAccessor
+(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
+xwork\.MethodAccessor
+(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
+java\.lang
+\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
diff --git a/apps/nginx/versions/1.21.4/www/common/waf/rules/fileExtBlockList b/apps/nginx/versions/1.21.4/www/common/waf/rules/fileExtBlockList
new file mode 100644
index 00000000..4bfec715
--- /dev/null
+++ b/apps/nginx/versions/1.21.4/www/common/waf/rules/fileExtBlockList
@@ -0,0 +1 @@
+["php","jsp"]
\ No newline at end of file
diff --git a/apps/nginx/versions/1.21.4/www/common/waf/rules/html b/apps/nginx/versions/1.21.4/www/common/waf/rules/html
new file mode 100644
index 00000000..fc44e231
--- /dev/null
+++ b/apps/nginx/versions/1.21.4/www/common/waf/rules/html
@@ -0,0 +1,30 @@
+
+
+网站防火墙
+
+
+
+
+
+
Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I am proud to be a part of. Thousands of hours have gone into WordPress, and we are dedicated to making it better every day. Thank you for making it part of your world.
+
— Matt Mullenweg
+
+
Installation: Famous 5-minute install
+
+
Unzip the package in an empty directory and upload everything.
+
Open wp-admin/install.php in your browser. It will take you through the process to set up a wp-config.php file with your database connection details.
+
+
If for some reason this does not work, do not worry. It may not work on all web hosts. Open up wp-config-sample.php with a text editor like WordPad or similar and fill in your database connection details.
Once the configuration file is set up, the installer will set up the tables needed for your site. If there is an error, double check your wp-config.php file, and try again. If it fails again, please go to the WordPress support forums with as much data as you can gather.
+
If you did not enter a password, note the password given to you. If you did not provide a username, it will be admin.
+
The installer should then send you to the login page. Sign in with the username and password you chose during the installation. If a password was generated for you, you can then click on “Profile” to change the password.
If you’ve looked everywhere and still cannot find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.
There is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.libera.chat #wordpress)
+
+
+
Final Notes
+
+
If you have any suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the Support Forums.
+
WordPress has a robust plugin API (Application Programming Interface) that makes extending the code easy. If you are a developer interested in utilizing this, see the Plugin Developer Handbook. You shouldn’t modify any of the core code.
+
+
+
Share the Love
+
WordPress has no multi-million dollar marketing campaign or celebrity sponsors, but we do have something even better—you. If you enjoy WordPress please consider telling a friend, setting it up for someone less knowledgeable than yourself, or writing the author of a media article that overlooks us.
+
+
WordPress is the official continuation of b2/cafélog, which came from Michel V. The work has been continued by the WordPress developers. If you would like to support WordPress, please consider donating.
+
+
License
+
WordPress is free software, and is released under the terms of the GPL (GNU General Public License) version 2 or (at your option) any later version. See license.txt.
Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I am proud to be a part of. Thousands of hours have gone into WordPress, and we are dedicated to making it better every day. Thank you for making it part of your world.
+
— Matt Mullenweg
+
+
Installation: Famous 5-minute install
+
+
Unzip the package in an empty directory and upload everything.
+
Open wp-admin/install.php in your browser. It will take you through the process to set up a wp-config.php file with your database connection details.
+
+
If for some reason this does not work, do not worry. It may not work on all web hosts. Open up wp-config-sample.php with a text editor like WordPad or similar and fill in your database connection details.
Once the configuration file is set up, the installer will set up the tables needed for your site. If there is an error, double check your wp-config.php file, and try again. If it fails again, please go to the WordPress support forums with as much data as you can gather.
+
If you did not enter a password, note the password given to you. If you did not provide a username, it will be admin.
+
The installer should then send you to the login page. Sign in with the username and password you chose during the installation. If a password was generated for you, you can then click on “Profile” to change the password.
If you’ve looked everywhere and still cannot find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.
There is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.libera.chat #wordpress)
+
+
+
Final Notes
+
+
If you have any suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the Support Forums.
+
WordPress has a robust plugin API (Application Programming Interface) that makes extending the code easy. If you are a developer interested in utilizing this, see the Plugin Developer Handbook. You shouldn’t modify any of the core code.
+
+
+
Share the Love
+
WordPress has no multi-million dollar marketing campaign or celebrity sponsors, but we do have something even better—you. If you enjoy WordPress please consider telling a friend, setting it up for someone less knowledgeable than yourself, or writing the author of a media article that overlooks us.
+
+
WordPress is the official continuation of b2/cafélog, which came from Michel V. The work has been continued by the WordPress developers. If you would like to support WordPress, please consider donating.
+
+
License
+
WordPress is free software, and is released under the terms of the GPL (GNU General Public License) version 2 or (at your option) any later version. See license.txt.