8080713/appstore-1panel
8080713/appstore-1panel
1
0
Fork 0
forked from Ms-Studio/appstore-1panel
Code Pull Requests Activity

feat: 增加 openresty 1.21.4.3-2-1 版本

Browse Source
This commit is contained in:
zhengkunwang223 2024-04-17 16:24:13 +08:00
parent 5007702c1d
commit 9bf3ac6df7
66 changed files with 2200 additions and 620 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

394
apps/openresty/1.21.4.3-0-focal/www/common/waf/access.lua
View File

@ -1,394 +0,0 @@
local match = string.match
local ngxMatch=ngx.re.match
local unescape=ngx.unescape_uri
local get_headers = ngx.req.get_headers
local cjson = require "cjson"
local content_length=tonumber(ngx.req.get_headers()['content-length'])
local method=ngx.req.get_method()
local function optionIsOn(options)
return options == "on" or options == "On" or options == "ON"
end
local logPath = ngx.var.logdir
local rulePath = ngx.var.RulePath
local PostDeny = optionIsOn(ngx.var.postDeny)
local function getClientIp()
IP = ngx.var.remote_addr
if IP == nil then
IP = "unknown"
end
return IP
end
local function write(logfile,msg)
local fd = io.open(logfile,"ab")
if fd == nil then return end
fd:write(msg)
fd:flush()
fd:close()
end
local function log(method,url,data,ruletag)
local attackLog = optionIsOn(ngx.var.attackLog)
if attackLog then
local realIp = getClientIp()
local ua = ngx.var.http_user_agent
local servername=ngx.var.server_name
local time=ngx.localtime()
local line = nil
if ua then
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" \""..ua.."\" \""..ruletag.."\"\n"
else
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..ruletag.."\"\n"
end
local filename = logPath..'/'..servername.."_"..ngx.today().."_sec.log"
write(filename,line)
end
end
------------------------------------规则读取函数-------------------------------------------------------------------
local function read_json(var)
file = io.open(rulePath..'/'..var .. '.json',"r")
if file==nil then
return
end
str = file:read("*a")
file:close()
list = cjson.decode(str)
return list
end
local function select_rules(rules)
if not rules then return {} end
new_rules = {}
for i,v in ipairs(rules) do
if v[3] == 1 then
table.insert(new_rules,v[1])
end
end
return new_rules
end
local function read_str(var)
file = io.open(rulePath..'/'..var,"r")
if file==nil then
return
end
local str = file:read("*a")
file:close()
return str
end
local html=read_str('warn.html')
local function say_html()
local redirect = optionIsOn(ngx.var.redirect)
if redirect then
ngx.header.content_type = "text/html"
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(html)
ngx.exit(ngx.status)
end
end
local function whiteUrlCheck()
local urlWhiteAllow = optionIsOn(ngx.var.urlWhiteAllow)
if urlWhiteAllow then
local urlWhiteList = read_json('url_white')
if urlWhiteList ~= nil then
for _, rule in pairs(urlWhiteList) do
if ngxMatch(ngx.var.uri, rule, "isjo") then
return true
end
end
end
end
return false
end
local function fileExtCheck(ext)
local fileExtDeny = optionIsOn(ngx.var.fileExtDeny)
if fileExtDeny then
local fileExtBlockList = read_json('fileExtBlockList')
local items = Set(fileExtBlockList)
ext=string.lower(ext)
if ext then
for rule in pairs(items) do
if ngx.re.match(ext,rule,"isjo") then
log('POST',ngx.var.request_uri,"-","file attack with ext "..ext)
say_html()
end
end
end
end
return false
end
function Set (list)
local set = {}
for _, l in ipairs(list) do set[l] = true end
return set
end
local function getArgsCheck()
local argsDeny = optionIsOn(ngx.var.argsDeny)
if argsDeny then
local argsCheckList=select_rules(read_json('args_check'))
if argsCheckList then
for _,rule in pairs(argsCheckList) do
local uriArgs = ngx.req.get_uri_args()
for key, val in pairs(uriArgs) do
if type(val)=='table' then
local t={}
for k,v in pairs(val) do
if v == true then
v=""
end
table.insert(t,v)
end
data=table.concat(t, " ")
else
data=val
end
if data and type(data) ~= "boolean" and rule ~="" and ngxMatch(unescape(data),rule,"isjo") then
log('GET',ngx.var.request_uri,"-",rule)
say_html()
return true
end
end
end
end
end
return false
end
local function blockUrlCheck()
local urlBlockDeny = optionIsOn(ngx.var.urlBlockDeny)
if urlBlockDeny then
local urlBlockList=read_json('url_block')
for _, rule in pairs(urlBlockList) do
if rule ~= "" and ngxMatch(ngx.var.request_uri, rule, "isjo") then
log('GET', ngx.var.request_uri, "-", rule)
say_html()
return true
end
end
end
return false
end
function ua()
local ua = ngx.var.http_user_agent
if ua ~= nil then
local uaRules = select_rules(read_json('user_agent'))
for _,rule in pairs(uaRules) do
if rule ~="" and ngxMatch(ua,rule,"isjo") then
log('UA',ngx.var.request_uri,"-",rule)
say_html()
return true
end
end
end
return false
end
function body(data)
local postCheckList = select_rules(read_json('post_check'))
for _,rule in pairs(postCheckList) do
if rule ~="" and data~="" and ngxMatch(unescape(data),rule,"isjo") then
log('POST',ngx.var.request_uri,data,rule)
say_html()
return true
end
end
return false
end
local function cookieCheck()
local ck = ngx.var.http_cookie
local cookieDeny = optionIsOn(ngx.var.cookieDeny)
if cookieDeny and ck then
local cookieBlockList = select_rules(read_json('cookie_block'))
for _,rule in pairs(cookieBlockList) do
if rule ~="" and ngxMatch(ck,rule,"isjo") then
log('Cookie',ngx.var.request_uri,"-",rule)
say_html()
return true
end
end
end
return false
end
local function denyCC()
local ccRate = read_str('cc.json')
local ccDeny = optionIsOn(ngx.var.CCDeny)
if ccDeny and ccRate then
local uri=ngx.var.uri
ccCount=tonumber(string.match(ccRate,'(.*)/'))
ccSeconds=tonumber(string.match(ccRate,'/(.*)'))
local access_uri = getClientIp()..uri
local limit = ngx.shared.limit
local req,_=limit:get(access_uri)
if req then
if req > ccCount then
ngx.exit(503)
return true
else
limit:incr(access_uri,1)
end
else
limit:set(access_uri,1,ccSeconds)
end
end
return false
end
local function get_boundary()
local header = get_headers()["content-type"]
if not header then
return nil
end
if type(header) == "table" then
header = header[1]
end
local m = match(header, ";%s*boundary=\"([^\"]+)\"")
if m then
return m
end
return match(header, ";%s*boundary=([^\",;]+)")
end
local function whiteIpCheck()
local ipWhiteAllow = optionIsOn(ngx.var.ipWhiteAllow)
if ipWhiteAllow then
local ipWhiteList=read_json('ip_white')
if next(ipWhiteList) ~= nil then
for _,ip in pairs(ipWhiteList) do
if getClientIp()==ip then
return true
end
end
end
end
return false
end
local function blockIpCheck()
local ipBlockDeny = optionIsOn(ngx.var.ipBlockDeny)
if ipBlockDeny then
local ipBlockList=read_json('ip_block')
if next(ipBlockList) ~= nil then
for _,ip in pairs(ipBlockList) do
if getClientIp()==ip then
ngx.exit(403)
return true
end
end
end
end
return false
end
local function handleBodyKeyOrVal(kv)
if type(kv) == "table" then
if type(kv[1]) == "boolean" then
return
end
data = table.concat(kv, ", ")
else
data = kv
end
if data then
if type(data) ~= "boolean" then
body(data)
end
end
end
local function postCheck()
if method == "POST" then
local boundary = get_boundary()
local fileExtDeny = optionIsOn(ngx.var.fileExtDeny)
if boundary and fileExtDeny then
local protocol = ngx.var.server_protocol
if protocol == "HTTP/2.0" then
return
end
local len = string.len
local sock = ngx.req.socket()
if not sock then
return
end
ngx.req.init_body(128 * 1024)
sock:settimeout(0)
local contentLength = nil
contentLength = tonumber(ngx.req.get_headers()['content-length'])
local chunk_size = 4096
if contentLength < chunk_size then
chunk_size = contentLength
end
local size = 0
while size < contentLength do
local data, err, partial = sock:receive(chunk_size)
data = data or partial
if not data then
return
end
ngx.req.append_body(data)
if body(data) then
return true
end
size = size + len(data)
local m = ngxMatch(data, 'Content-Disposition: form-data; (.+)filename="(.+)\\.(.*)"', 'ijo')
if m then
fileExtCheck(m[3])
fileTranslate = true
else
if ngxMatch(data, "Content-Disposition:", 'isjo') then
fileTranslate = false
end
if fileTranslate == false then
if body(data) then
return true
end
end
end
local less = content_length - size
if less < chunk_size then
chunk_size = less
end
end
ngx.req.finish_body()
else
ngx.req.read_body()
local bodyObj = ngx.req.get_post_args()
if not bodyObj then
return
end
for key, val in pairs(bodyObj) do
handleBodyKeyOrVal(key)
handleBodyKeyOrVal(val)
end
end
end
end
if whiteIpCheck() then
elseif blockIpCheck() then
elseif denyCC() then
elseif ngx.var.http_Acunetix_Aspect then
ngx.exit(444)
elseif ngx.var.http_X_Scan_Memo then
ngx.exit(444)
elseif whiteUrlCheck() then
elseif ua() then
elseif blockUrlCheck() then
elseif getArgsCheck() then
elseif cookieCheck() then
elseif PostDeny then
postCheck()
else
return
end

1
apps/openresty/1.21.4.3-0-focal/www/common/waf/init.lua
View File

@ -1 +0,0 @@
ngx.log(ngx.INFO,"init success")

26
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/args_check.json
View File

@ -1,26 +0,0 @@
[
["\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 1 ],
["(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 1 ],
["(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 1 ],
["base64_decode\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee43", 1],
["(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee44", 1 ],
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee45", 1],
["select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42", 1 ],
["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 1 ],
["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
["(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 1 ],
["\\<(iframe|script|body|img|layer|div|meta|style|base|object)", "XSS\u8fc7\u6ee41", 1],
["(invokefunction|call_user_func_array|\\\\think\\\\)", "ThinkPHP payload\u5c01\u5835", 1 ],
["^url_array\\[.*\\]$", "Metinfo6.x XSS\u6f0f\u6d1e", 1],
["(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(EXISTS\\(|SELECT\\#|\\(SELECT)", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(?:from.+?information_schema.+?)", "", 1],
["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
["'$", "test", 1],
["\\${jndi:", "log4j2\u62e6\u622a", 1 ],
["terrewrewrwr", "", 1]
]

1
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/cc.json
View File

@ -1 +0,0 @@
100/60

12
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/cookie_block.json
View File

@ -1,12 +0,0 @@
[
["base64_decode\\(","一句话木马过滤3",1],
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[","一句话木马过滤5",1],
["select.+(from|limit)","SQL注入过滤2",1],
["(?:(union(.*?)select))","SQL注入过滤3",1],
["sleep\\((\\s*)(\\d*)(\\s*)\\)","SQL注入过滤5",1],
["benchmark\\((.*)\\,(.*)\\)","SQL注入过滤6",1],
["(?:from\\W+information_schema\\W)","SQL注入过滤7",1],
["(?:(?:current_)user|database|schema|connection_id)\\s*\\(","SQL注入过滤8",1],
["into(\\s+)+(?:dump|out)file\\s*","SQL注入过滤9",1],
["group\\s+by.+\\(","SQL注入过滤10",1]
]

1
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/file_ext_block.json
View File

@ -1 +0,0 @@
["php","jsp"]

1
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/ip_block.json
View File

@ -1 +0,0 @@
[]

1
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/ip_white.json
View File

@ -1 +0,0 @@
[]

22
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/post_check.json
View File

@ -1,22 +0,0 @@
[
["\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 1],
["(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 1],
["(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 1],
["base64_decode\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee41", 1],
["(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee42", 1],
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee43", 1],
["select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42",1],
["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43",1],
["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
["(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48",1],
["(extractvalue\\(|concat\\(|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\(|right\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
["(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 1],
["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(EXISTS\\(|SELECT\\#|\\(SELECT|select\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(?:from.+?information_schema.+?)", "", 1],
["\\${jndi:", "log4j2\u62e6\u622a", 1]
]

1
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/url_block.json
View File

@ -1 +0,0 @@
[]

1
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/url_white.json
View File

@ -1 +0,0 @@
[]

17
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/user_agent.json
View File

@ -1,17 +0,0 @@
[
["(WPScan|HTTrack|antSword|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/)", "\u5173\u952e\u8bcd\u8fc7\u6ee41", 1],
["(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee42", 1],
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee43", 1],
["select\\s+.+(from|limit)\\s+", "SQL\u6ce8\u5165\u8fc7\u6ee42", 1],
["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 1],
["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
["(?:(?:current_)user|database|schema|connection_id)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 1],
["(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
["(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 1],
["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\))", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(EXISTS\\(|SELECT\\#|\\(SELECT)", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1]
]

136
apps/openresty/1.21.4.3-0-focal/www/common/waf/rules/warn.html
View File

@ -1,136 +0,0 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>网站防火墙</title>
<style>
p {
line-height: 20px;
}
ul {
list-style-type: none;
}
li {
list-style-type: none;
}
</style>
</head>
<body style="padding: 0; margin: 0; font: 14px/1.5 Microsoft Yahei, 宋体, sans-serif; color: #555">
<div style="margin: 0 auto; width: 1000px; padding-top: 200px; overflow: hidden">
<div style="width: 600px; margin: 0 auto;">
<div
style="
height: 40px;
line-height: 40px;
color: #fff;
font-size: 16px;
overflow: hidden;
background: #6bb3f6;
padding-left: 20px;
"
>
网站防火墙
</div>
<div
style="
border: 1px dashed #cdcece;
border-top: none;
font-size: 14px;
background: #fff;
color: #555;
line-height: 24px;
height: 220px;
padding: 20px 20px 0 20px;
overflow-y: auto;
background: #f3f7f9;
"
>
<p
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
<span style="font-weight: 600; color: #fc4f03">
您的请求带有不合法参数,已被网站管理员设置拦截!
</span>
</p>
<p
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
可能原因:您提交的内容包含危险的攻击请求
</p>
<p
style="
margin-top: 12px;
margin-bottom: 12px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 1;
text-indent: 0px;
"
>
如何解决:
</p>
<ul
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-list-indent: 1;
"
>
<li
style="
margin-top: 12px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
1检查提交内容
</li>
<li
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
2如网站托管请联系空间提供商
</li>
<li
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
3普通网站访客请联系网站管理员
</li>
</ul>
</div>
</div>
</div>
</body>
</html>

0
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/.aes_key Normal file
View File

0
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/.secret Normal file
View File

169
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/global.json Normal file
View File

@ -0,0 +1,169 @@
{
"waf": {
"state": "on",
"mode": "protection",
"secret": ""
},
"redis": {
"state": "off",
"host": "",
"port": 6379,
"password": "",
"ssl": false,
"poolSize": 10
},
"ipWhite": {
"state": "on",
"type": "ipWhite",
"action": "allow"
},
"ipBlack": {
"state": "on",
"code": 403,
"action": "deny",
"type": "ipBlack",
"res": "ip"
},
"urlWhite": {
"type": "urlWhite",
"state": "on",
"action": "allow"
},
"urlBlack": {
"type": "urlBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"uaWhite": {
"type": "uaWhite",
"state": "off",
"action": "allow"
},
"uaBlack": {
"type": "uaBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"notFoundCount": {
"state": "on",
"type": "notFoundCount",
"threshold": 30,
"duration": 10,
"action": "deny",
"ipBlock": "on",
"code": 403,
"ipBlockTime": 600
},
"methodWhite": {
"type": "methodWhite",
"state": "on",
"code": 444,
"action": "deny"
},
"bot": {
"state": "on",
"type": "bot",
"uri": "/1pwaf/bot/trap",
"action": "REDIRECT_JS",
"ipBlock": "on",
"ipBlockTime": 600
},
"unknownWebsite": {
"state": "on",
"type": "unknownWebsite",
"action": "deny",
"code": 403,
"res": "unknown"
},
"geoRestrict": {
"state": "off",
"rules": [],
"code": 403,
"action": "deny",
"type": "geoRestrict",
"res": "geo"
},
"defaultIpBlack": {
"state": "on",
"type": "defaultIpBlack",
"code": 403,
"action": "deny"
},
"xss": {
"state": "on",
"type": "xss",
"code": 403,
"action": "deny"
},
"sql": {
"state": "on",
"type": "sql",
"code": 403,
"action": "deny"
},
"cc": {
"state": "on",
"type": "cc",
"rule": "cc",
"tokenTimeOut": 1800,
"threshold": 100,
"duration": 20,
"action": "deny",
"ipBlock": "on",
"ipBlockTime": 600
},
"ccurl": {
"state": "off",
"type": "urlcc",
"action": "deny",
"ipBlock": "on",
"ipBlockTime": 600
},
"attackCount": {
"state": "on",
"type": "attackCount",
"threshold": 10,
"duration": 60,
"action": "deny",
"ipBlock": "on",
"ipBlockTime": 3000
},
"fileExt": {
"state": "on",
"action": "deny",
"code": 403,
"type": "fileExtCheck"
},
"cookie": {
"type": "cookie",
"state": "on",
"code": 403,
"action": "deny"
},
"header": {
"state": "on",
"type": "header",
"code": 403,
"action": "deny"
},
"defaultUaBlack": {
"type": "defaultUaBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"defaultUrlBlack": {
"type": "defaultUrlBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"args": {
"type": "args",
"state": "on",
"code": 403,
"action": "deny"
}
}

94
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/siteConfig.json Normal file
View File

@ -0,0 +1,94 @@
{
"waf": {
"state": "on",
"mode": "protection"
},
"args": {
"state": "on",
"type": "args",
"code": 403,
"action": "deny"
},
"defaultUaBlack": {
"type": "defaultUaBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"cookie": {
"state": "on",
"type": "cookie",
"code": 403,
"action": "deny"
},
"bot": {
"type": "bot",
"state": "on",
"uri": "/1pwaf/bot/trap",
"action": "deny",
"ipBlock": "off",
"ipBlockTime": 600
},
"geoRestrict": {
"state": "off",
"rules": [],
"code": 403,
"action": "deny",
"type": "geoRestrict",
"res": "geo"
},
"xss": {
"state": "on",
"type": "xss",
"code": 403,
"action": "deny"
},
"sql": {
"state": "on",
"type": "sql",
"code": 403,
"action": "deny"
},
"cc": {
"state": "on",
"type": "cc",
"rule": "cc",
"tokenTimeOut": 1800,
"threshold": 100,
"duration": 10,
"action": "deny",
"ipBlock": "on",
"ipBlockTime": 600
},
"ccurl": {
"state": "on",
"type": "ccurl",
"action": "deny",
"ipBlock": "off",
"ipBlockTime": 600
},
"fileExt": {
"state": "on",
"action": "deny",
"code": 403,
"type": "fileExtCheck"
},
"header": {
"state": "on",
"type": "header",
"code": 403,
"action": "deny"
},
"defaultUrlBlack": {
"type": "defaultUrlBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"methodWhite": {
"type": "methodWhite",
"state": "on",
"code": 444,
"action": "deny"
}
}

0
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/sites.json Normal file
View File

0
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/token Normal file
View File

14
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/waf.conf Normal file
View File

@ -0,0 +1,14 @@
lua_shared_dict waf_req_count 10m;
lua_shared_dict waf 30m;
lua_shared_dict waf_block_ip 10m;
lua_shared_dict waf_ip_arr 10m;
lua_shared_dict waf_limit 10m;
lua_shared_dict waf_sql 50m;
lua_shared_dict waf_locks 100k;
lua_code_cache on;
lua_package_path "/usr/local/openresty/1pwaf/?.lua;/usr/local/openresty/1pwaf/lib/?.lua;;";
init_by_lua_file /usr/local/openresty/1pwaf/init.lua;
access_by_lua_file /usr/local/openresty/1pwaf/waf.lua;
log_by_lua_file /usr/local/openresty/1pwaf/log_and_traffic.lua;
init_worker_by_lua_file /usr/local/openresty/1pwaf/worker.lua;

4
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/waf.json Normal file
View File

@ -0,0 +1,4 @@
{
"name": "1Panel WAF",
"version": "1.0.0"
}

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/cc.html Normal file
View File

File diff suppressed because one or more lines are too long

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/forbidden.html Normal file
View File

File diff suppressed because one or more lines are too long

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/geo.html Normal file
View File

File diff suppressed because one or more lines are too long

162
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/global.json Normal file
View File

@ -0,0 +1,162 @@
{
"waf": {
"state": "on",
"mode": "protection",
"secret": ""
},
"redis": {
"state": "off",
"host": "",
"port": 6379,
"password": "",
"ssl": false,
"poolSize": 10
},
"ipWhite": {
"state": "on",
"type": "ipWhite",
"action": "allow"
},
"ipBlack": {
"state": "on",
"code": 403,
"action": "deny",
"type": "ipBlack",
"res": "ip"
},
"urlWhite": {
"type": "urlWhite",
"state": "on",
"action": "allow"
},
"urlBlack": {
"type": "urlBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"uaWhite": {
"type": "uaWhite",
"state": "off",
"action": "allow"
},
"uaBlack": {
"type": "uaBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"notFoundCount": {
"state": "on",
"type": "notFoundCount",
"threshold": 30,
"duration": 10,
"action": "deny",
"ipBlock": "on",
"code": 403,
"ipBlockTime": 600
},
"methodWhite": {
"type": "methodWhite",
"state": "on",
"code": 444,
"action": "deny"
},
"bot": {
"state": "on",
"type": "bot",
"uri": "/1pwaf/bot/trap",
"action": "REDIRECT_JS",
"ipBlock": "on",
"ipBlockTime": 600
},
"geoRestrict": {
"state": "off",
"rules": [],
"code": 403,
"action": "deny",
"type": "geoRestrict",
"res": "geo"
},
"defaultIpBlack": {
"state": "on",
"type": "defaultIpBlack",
"code": 403,
"action": "deny"
},
"xss": {
"state": "on",
"type": "xss",
"code": 403,
"action": "deny"
},
"sql": {
"state": "on",
"type": "sql",
"code": 403,
"action": "deny"
},
"cc": {
"state": "off",
"type": "cc",
"rule": "cc",
"tokenTimeOut": 1800,
"threshold": 100,
"duration": 10,
"action": "deny",
"ipBlock": "on",
"ipBlockTime": 600
},
"ccurl": {
"state": "off",
"type": "urlcc",
"action": "deny",
"ipBlock": "on",
"ipBlockTime": 600
},
"attackCount": {
"state": "on",
"type": "attackCount",
"threshold": 10,
"duration": 60,
"action": "deny",
"ipBlock": "on",
"ipBlockTime": 3000
},
"fileExt": {
"state": "on",
"action": "deny",
"code": 403,
"type": "fileExtCheck"
},
"cookie": {
"type": "cookie",
"state": "on",
"code": 403,
"action": "deny"
},
"header": {
"state": "on",
"type": "header",
"code": 403,
"action": "deny"
},
"defaultUaBlack": {
"type": "defaultUaBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"defaultUrlBlack": {
"type": "defaultUrlBlack",
"state": "on",
"code": 403,
"action": "deny"
},
"args": {
"type": "args",
"state": "on",
"code": 403,
"action": "deny"
}
}

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/ip.html Normal file
View File

File diff suppressed because one or more lines are too long

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/unknown.html Normal file
View File

File diff suppressed because one or more lines are too long

BIN
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/geo/BlackIP.mmdb Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

BIN
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/geo/GeoIP.mmdb Normal file
View File

Binary file not shown.

21
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/5s.html Normal file
View File

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>5s</title>
<style>
#loadingContainer { position: absolute; top: 50%%; left: 50%%; transform: translate(-50%%, -50%%); display: flex; align-items: center; justify-content: center; flex-direction: column; background: #e8e8e8; width: 300px; height: 100px; border: 2px solid #e8e8e8; }
#loadingText { font-size: 18px; margin-top: 10px; }
#loadingSuccess { display: none; font-size: 24px; color: #7ac23c; margin-top: 10px; }
.loadingSpinner { border: 4px solid rgba(0, 0, 0, 0.1); border-top: 4px solid #7ac23c; border-radius: 50%%; width: 20px; height: 20px; animation: spin 1s linear infinite; margin-top: 10px; }
@keyframes spin { 0%% { transform: rotate(0deg); } 100%% { transform: rotate(360deg); } }
</style>
</head>
<body>
<div id="loadingContainer">
<div id="loadingText">正在验证...</div>
<div id="loadingSuccess">验证成功</div>
<div class="loadingSpinner"></div>
</div>
<script type="text/javascript" src="/5s_check_%s-%s-%s-.js"></script>
</body>
</html>

24
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/5s.js Normal file
View File

@ -0,0 +1,24 @@
window.onload = function () {
setTimeout(function () {
showSuccess();
verifySucc();
}, 5000);
function showSuccess() {
document.getElementById("loadingText").style.display = "none";
document.getElementById("loadingSuccess").style.display = "block";
document.querySelector(".loadingSpinner").style.display = "none";
}
function verifySucc() {
let xhr = new XMLHttpRequest();
xhr.onreadystatechange = function () {
if (xhr.readyState === 4 && xhr.status === 200) {
window.location.reload();
}
};
const requestUrl = "%s-%s-%s-%s-%s-";
xhr.open("GET", requestUrl, true);
xhr.send();
}
}

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/cc.html Normal file
View File

File diff suppressed because one or more lines are too long

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/forbidden.html Normal file
View File

File diff suppressed because one or more lines are too long

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/geo.html Normal file
View File

File diff suppressed because one or more lines are too long

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/ip.html Normal file
View File

File diff suppressed because one or more lines are too long

24
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/redirect.html Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE html>
<html lang="zh-cn">
<head>
<title>网站防火墙</title>
<style>
* { box-sizing: border-box; margin: 0; padding: 0; }
body { font-family: '微软雅黑', sans-serif; background-color: #282c34; color: #fff; text-align: center; padding: 50px; }
.main { max-width: 600px; margin: 10% auto; background-color: #3a3a3a; border-radius: 8px; padding: 20px; box-shadow: 0 4px 8px rgba(0, 0, 0, 0.2); }
.title { background: #ff4d4d; color: #fff; font-size: 24px; height: 60px; line-height: 60px; border-radius: 8px 8px 0 0; }
.content { background-color: #444; border: 1px solid #666; border-radius: 0 0 8px 8px; padding: 20px; margin-top: -1px; }
.t1 { color: #ff9999; font-weight: bold; margin: 0 0 20px; }
.footer { margin-top: 10px; font-size: 12px; color: #999; }
</style>
</head>
<body>
<div class="main">
<div class="title">网站防火墙</div>
<div class="content">
<p class="t1">您的请求不合法,已被拒绝</p>
</div>
<div class="footer">此网站防护来自 1Panel</div>
</div>
</body>
</html>

26
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/slide.html Normal file
View File

@ -0,0 +1,26 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>滑动认证</title>
<style>
#dragContainer {position:absolute;top:50%%;left:50%%;transform:translate(-50%%, -50%%);display:inline-block;background:#e8e8e8;width:300px;height:33px;border:2px solid #e8e8e8;}
#dragBg {position:absolute;background-color:#7ac23c;height:100%%;}
#dragText {position:absolute;width:100%%;height:100%%;text-align:center;line-height:33px;user-select:none;-webkit-user-select:none;}
#dragHandler {position:absolute;width:40px;height:100%%;cursor:pointer;box-sizing:border-box;overflow:hidden;}
#dragHandler.dragHandlerBg {background-color:#c0c0c0;}
#dragHandler.dragHandlerBg::before {content:'»';font-size:24px;position:absolute;top:50%%;left:50%%;transform:translate(-50%%, -50%%);color:#7ac23c;}
.dragHandlerOkBg {position:absolute;border-radius:50%%;background-color:#7ac23c;display:flex;justify-content:center;align-items:center;}
.dragHandlerOkBg::before {content:'\2713';font-size:16px;color:white;}
</style>
</head>
<body>
<div>
<div id="dragContainer">
<div id="dragBg"></div>
<div id="dragText"></div>
<div id="dragHandler" class="dragHandlerBg"></div>
</div>
</div>
<script type="text/javascript" src="/slide_check_%s-%s-%s-.js"></script>
</body>
</html>

82
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/slide.js Normal file
View File

@ -0,0 +1,82 @@
window.onload = function () {
(function () {
const dragContainer = document.getElementById("dragContainer");
const dragBg = document.getElementById("dragBg");
const dragText = document.getElementById("dragText");
const dragHandler = document.getElementById("dragHandler");
const maxHandleOffset = dragContainer.clientWidth - dragHandler.clientWidth;
let isVertifySucc = false;
initDrag();
function initDrag() {
dragText.textContent = "拖动滑块验证";
dragHandler.addEventListener("mousedown", onDragStart);
dragHandler.addEventListener("touchstart", onDragStart);
}
function onDragStart(a) {
a.preventDefault();
if (a.type === "mousedown" || (a.type === "touchstart" && a.touches.length === 1)) {
document.addEventListener("mousemove", onDragMove);
document.addEventListener("touchmove", onDragMove);
document.addEventListener("mouseup", onDragEnd);
document.addEventListener("touchend", onDragEnd);
}
}
function onDragMove(a) {
let clientX;
if (a.type === "mousemove") {
clientX = a.clientX;
} else if (a.type === "touchmove" && a.touches.length === 1) {
clientX = a.touches[0].clientX;
}
let containerOffsetX = clientX - dragContainer.getBoundingClientRect().left;
let left = containerOffsetX - dragHandler.clientWidth / 2;
if (left < 0) {
left = 0;
} else if (left > maxHandleOffset) {
left = maxHandleOffset;
}
dragHandler.style.left = left + "px";
dragBg.style.width = dragHandler.style.left;
}
function onDragEnd() {
document.removeEventListener("mousemove", onDragMove);
document.removeEventListener("touchmove", onDragMove);
document.removeEventListener("mouseup", onDragEnd);
document.removeEventListener("touchend", onDragEnd);
if (!isVertifySucc) {
let left = dragHandler.offsetLeft;
if (left >= maxHandleOffset) {
verifySucc();
} else {
dragHandler.style.left = "0px";
dragBg.style.width = "0px";
}
}
}
function verifySucc() {
isVertifySucc = true;
dragText.textContent = "验证通过";
dragText.style.color = "white";
dragHandler.setAttribute("class", "dragHandlerOkBg");
dragHandler.removeEventListener("mousedown", onDragStart);
dragHandler.removeEventListener("touchstart", onDragStart);
let xhr = new XMLHttpRequest();
xhr.onreadystatechange = function () {
if (xhr.readyState === 4 && xhr.status === 200) {
window.location.reload();
}
};
const requestUrl = "%s-%s-%s-%s-%s-";
xhr.open("GET", requestUrl, true);
xhr.send();
}
})();
};

75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/unknown.html Normal file
View File

File diff suppressed because one or more lines are too long

4
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/acl.json Normal file
View File

@ -0,0 +1,4 @@
{
"rules": [
]
}

157
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/args.json Normal file
View File

@ -0,0 +1,157 @@
{
"rules": [
{
"state": "on",
"name": "sqlInject1",
"rule": "select.+(from|limit)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject2",
"rule": "(?:(union(.*?)select))",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject3",
"rule": "having|rongjitest",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject4",
"rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject5",
"rule": "benchmark\\((.*)\\,(.*)\\)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject6",
"rule": "group\\s+by.+\\(",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject7",
"rule": "(?:from\\W+information_schema\\W)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject8",
"rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject9",
"rule": "into(\\s+)+(?:dump|out)file\\s*",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject10",
"rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
"type": "sqlInject"
},
{
"state": "on",
"name": "args1",
"rule": "xwork.MethodAccessor",
"type": "args",
"description": "Struts 恶意参数过滤"
},
{
"state": "on",
"name": "args2",
"rule": "xwork\\.MethodAccessor",
"type": "args",
"description": "Struts 恶意参数过滤"
},
{
"state": "on",
"name": "oneWordTrojan1",
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
"type": "oneWordTrojan"
},
{
"state": "on",
"name": "oneWordTrojan2",
"rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
"type": "oneWordTrojan"
},
{
"state": "on",
"name": "protocolFilter1",
"rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
"type": "protocolFilter",
"description": "协议过滤"
},
{
"state": "on",
"name": "dirFilter1",
"rule": "(?:etc\\/\\W*passwd)",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter2",
"rule": "java\\.lang",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter3",
"rule": "(?:etc\\/\\W*shadow)",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter4",
"rule": "(?:bin\\/\\W*sh)",
"type": "dirFilter"
},
{
"state": "on",
"name": "xss1",
"rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
"type": "xss"
},
{
"state": "on",
"name": "xss2",
"rule": "(onmouseover|onerror|onload)\\=",
"type": "xss"
},
{
"state": "on",
"name": "xss3",
"rule": "base64_decode\\(",
"type": "xss"
},
{
"state": "on",
"name": "webshell1",
"rule": "/shell?cd+/tmp;\\s*rm+-rf\\+\\*;\\s*wget",
"type": "webshell"
},
{
"state": "on",
"name": "phpExec1",
"rule": "/systembc/password.php",
"type": "phpExec"
},
{
"state": "on",
"name": "scannerFilter1",
"rule": "(Acunetix-Aspect|Acunetix-Aspect-Password|Acunetix-Aspect-Queries|X-WIPP|X-RequestManager-Memo|X-Request-Memo|X-Scan-Memo)",
"type": "scannerFilter"
}
]
}

138
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/cookie.json Normal file
View File

@ -0,0 +1,138 @@
{
"rules": [
{
"state": "on",
"name": "dirFilter1",
"rule": "\\.\\./",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter2",
"rule": "\\:\\$",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter3",
"rule": "\\$\\{",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter4",
"rule": "(?:etc\\/\\W*passwd)",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter5",
"rule": "java\\.lang",
"type": "dirFilter"
},
{
"state": "on",
"name": "sqlInject1",
"rule": "select.+(from|limit)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject2",
"rule": "(?:(union(.*?)select))",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject3",
"rule": "having|rongjitest",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject4",
"rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject5",
"rule": "benchmark\\((.*)\\,(.*)\\)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject6",
"rule": "group\\s+by.+\\(",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject7",
"rule": "(?:from\\W+information_schema\\W)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject8",
"rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject9",
"rule": "into(\\s+)+(?:dump|out)file\\s*",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject10",
"rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
"type": "sqlInject"
},
{
"state": "on",
"name": "args1",
"rule": "xwork.MethodAccessor",
"type": "args",
"description": "Struts 恶意参数过滤"
},
{
"state": "on",
"name": "args2",
"rule": "xwork\\.MethodAccessor",
"type": "args",
"description": "Struts 恶意参数过滤"
},
{
"state": "on",
"name": "oneWordTrojan1",
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
"type": "oneWordTrojan"
},
{
"state": "on",
"name": "oneWordTrojan2",
"rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
"type": "oneWordTrojan"
},
{
"state": "on",
"name": "protocolFilter1",
"rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
"type": "protocolFilter"
},
{
"state":"on",
"name":"scannerFilter1",
"rule":"(CustomCookie|acunetixCookie)",
"type": "scannerFilter"
},
{
"state": "on",
"name": "xss1",
"rule": "base64_decode\\(",
"type": "xss"
}
]
}

10
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/defaultUaBlack.json Normal file
View File

@ -0,0 +1,10 @@
{
"rules": [
{
"state": "on",
"name": "uaBlock1",
"rule": "HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/",
"type": "scannerFilter"
}
]
}

184
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/defaultUrlBlack.json Normal file
View File

@ -0,0 +1,184 @@
{
"rules": [
{
"state": "on",
"rule": "\\.(htaccess|mysql_history|bash_history|DS_Store|git|idea|user\\.ini)",
"name": "dirFilter1",
"type": "dirFilter"
},
{
"state": "on",
"rule": "\\.(bak|inc|old|mdb|sql|backup|java|class)$",
"name": "dirFilter2",
"type": "dirFilter"
},
{
"state": "on",
"rule": "^/(vhost|bbs|host|wwwroot|www|site|root|backup|data|ftp|db|admin|website|web).*\\.(rar|sql|zip|tar\\.gz|tar)$",
"name": "dirFilter3",
"type": "dirFilter"
},
{
"state": "on",
"rule": "java\\.lang",
"name": "dirFilter4",
"type": "dirFilter"
},
{
"state": "on",
"rule": "/(hack|shell|spy|phpspy)\\.php$",
"name": "phpExec1",
"type": "phpExec"
},
{
"state": "on",
"rule": "/(attachments|upimg|images|css|uploadfiles|html|uploads|templets|static|template|data|inc|forumdata|upload|includes|cache|avatar)/(\\\\w+).(php|jsp)",
"name": "phpExec2",
"type": "phpExec"
},
{
"state": "on",
"rule": "(?:phpMyAdmin2|phpMyAdmin|phpmyadmin|dbadmin|pma|myadmin|admin|mysql)/scripts/setup%.php",
"name": "phpExec3",
"type": "phpExec"
},
{
"state": "on",
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
"name": "oneWordTrojan1",
"type": "oneWordTrojan"
},
{
"state": "on",
"rule": "(?:(union(.*?)select))",
"name": "sqlInject1",
"type": "sqlInject"
},
{
"state": "on",
"rule": "(phpmyadmin|jmx-console|jmxinvokerservlet)",
"name": "appFilter1",
"type": "appFilter"
},
{
"state": "on",
"rule": "wp-includes/wlwmanifest.xml",
"name": "appFilter2",
"type": "appFilter"
},
{
"state": "on",
"rule": "<php>die(@md5(HelloThinkCMF))</php>",
"name": "appFilter3",
"type": "appFilter"
},
{
"state": "on",
"rule": "/boaform/admin/formLogin",
"name": "appFilter4",
"type": "appFilter"
},
{
"state": "on",
"rule": "/password_change.cgi",
"name": "appFilter5",
"type": "appFilter"
},
{
"state": "on",
"rule": "/service/extdirect",
"name": "appFilter6",
"type": "appFilter"
},
{
"state": "on",
"rule": "/api/jsonws/invoke",
"name": "appFilter7",
"type": "appFilter"
},
{
"state": "on",
"rule": "/jars/upload",
"name": "appFilter8",
"type": "appFilter"
},
{
"state": "on",
"rule": "/example/tree/a/search",
"name": "appFilter9",
"type": "appFilter"
},
{
"state": "on",
"rule": "/actuator/gateway/routes/hacktest",
"name": "appFilter10",
"type": "appFilter"
},
{
"state": "on",
"rule": "/api/v1/method.callAnon/getPasswordPolicy",
"name": "appFilter11",
"type": "appFilter"
},
{
"state": "on",
"rule": "/functionRouter",
"name": "appFilter12",
"type": "appFilter"
},
{
"state": "on",
"rule": "/uploadfiles/apache.php.jpeg",
"name": "appFilter14",
"type": "appFilter"
},
{
"state": "on",
"rule": "/xxx/..;/admin/",
"name": "appFilter15",
"type": "appFilter"
},
{
"state": "on",
"rule": "/dvwa/js/dvwaPage.js",
"name": "appFilter16",
"type": "appFilter"
},
{
"state": "on",
"rule": "/api/index.php/v1/config/application",
"name": "appFilter17",
"type": "appFilter"
},
{
"state": "on",
"rule": "/WEB-INF/web.xml",
"name": "appFilter18",
"type": "appFilter"
},
{
"state": "on",
"rule": "/rest/tinymce/1/macro/preview",
"name": "appFilter19",
"type": "appFilter"
},
{
"state": "on",
"rule": "/pages/doenterpagevariables.action",
"name": "appFilter20",
"type": "appFilter"
},
{
"state": "on",
"rule": "/service/rest/beta/repositories/go/group",
"name": "appFilter21",
"type": "appFilter"
},
{
"state": "on",
"rule": "/dvwa/js/add_event_listeners.js",
"name": "appFilter22",
"type": "appFilter"
}
]
}

34
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/fileExt.json Normal file
View File

@ -0,0 +1,34 @@
{
"rules": [
{
"state": "on",
"rule": "php",
"name": "php",
"type": "fileExt"
},
{
"state": "on",
"rule": "jsp",
"name": "jsp",
"type": "fileExt"
},
{
"state": "on",
"rule": "asp",
"name": "asp",
"type": "fileExt"
},
{
"state": "on",
"rule": "exe",
"name": "exe",
"type": "fileExt"
},
{
"state": "on",
"rule": "sh",
"name": "sh",
"type": "fileExt"
}
]
}

28
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/header.json Normal file
View File

@ -0,0 +1,28 @@
{
"rules": [
{
"state": "on",
"name": "appFilter1",
"rule": "TomcatBypass|Command|Base64",
"type": "appFilter"
},
{
"state": "on",
"name": "appFilter2",
"rule": "j\\S*ndi\\S*:\\S*(?:dap|dns)\\S+",
"type": "appFilter"
},
{
"state": "on",
"name": "appFilter3",
"rule": "(?:etc\\/\\W*passwd)",
"type": "appFilter"
},
{
"state": "on",
"name": "scannerFilter1",
"rule": "(/acunetix-wvs-test-for-some-inexistent-file|netsparker|acunetix_wvs_security_test|AppScan|XSS@HERE)",
"type": "scannerFilter"
}
]
}

4
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/ipBlack.json Normal file
View File

@ -0,0 +1,4 @@
{
"rules": [
]
}

4
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/ipWhite.json Normal file
View File

@ -0,0 +1,4 @@
{
"rules": [
]
}

130
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/methodWhite.json Normal file
View File

@ -0,0 +1,130 @@
{
"rules": [
{
"state": "on",
"rule": "GET",
"name": "GET",
"type": "httpMethod"
},
{
"state": "on",
"rule": "POST",
"name": "POST",
"type": "httpMethod"
},
{
"state": "on",
"rule": "PUT",
"name": "PUT",
"type": "httpMethod"
},
{
"state": "on",
"rule": "DELETE",
"name": "DELETE",
"type": "httpMethod"
},
{
"state": "on",
"rule": "PATCH",
"name": "PATCH",
"type": "httpMethod"
},
{
"state": "on",
"rule": "HEAD",
"name": "HEAD",
"type": "httpMethod"
},
{
"state": "on",
"rule": "OPTIONS",
"name": "OPTIONS",
"type": "httpMethod"
},
{
"state": "on",
"rule": "TRACE",
"name": "TRACE",
"type": "httpMethod"
},
{
"state": "on",
"rule": "CONNECT",
"name": "CONNECT",
"type": "httpMethod"
},
{
"state": "on",
"rule": "PROPFIND",
"name": "PROPFIND",
"type": "httpMethod"
},
{
"state": "on",
"rule": "PROPPATCH",
"name": "PROPPATCH",
"type": "httpMethod"
},
{
"state": "on",
"rule": "MKCOL",
"name": "MKCOL",
"type": "httpMethod"
},
{
"state": "on",
"rule": "COPY",
"name": "COPY",
"type": "httpMethod"
},
{
"state": "on",
"rule": "MOVE",
"name": "MOVE",
"type": "httpMethod"
},
{
"state": "on",
"rule": "LOCK",
"name": "LOCK",
"type": "httpMethod"
},
{
"state": "on",
"rule": "UNLOCK",
"name": "UNLOCK",
"type": "httpMethod"
},
{
"state": "on",
"rule": "LINK",
"name": "LINK",
"type": "httpMethod"
},
{
"state": "on",
"rule": "UNLINK",
"name": "UNLINK",
"type": "httpMethod"
},
{
"state": "on",
"rule": "WRAPPED",
"name": "WRAPPED",
"type": "httpMethod"
},
{
"state": "on",
"rule": "PROPFIND",
"name": "PROPFIND",
"type": "httpMethod"
},
{
"state": "on",
"rule": "SRARCH",
"name": "SRARCH",
"type": "httpMethod"
}
]
}

121
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/post.json Normal file
View File

@ -0,0 +1,121 @@
{
"rules": [
{
"state": "on",
"name": "sqlInject1",
"rule": "select.+(from|limit)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject2",
"rule": "(?:(union(.*?)select))",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject3",
"rule": "having|rongjitest",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject4",
"rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject5",
"rule": "benchmark\\((.*)\\,(.*)\\)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject6",
"rule": "group\\s+by.+\\(",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject7",
"rule": "(?:from\\W+information_schema\\W)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject8",
"rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject9",
"rule": "into(\\s+)+(?:dump|out)file\\s*",
"type": "sqlInject"
},
{
"state": "on",
"name": "args1",
"rule": "xwork.MethodAccessor",
"type": "args",
"description": "Struts 恶意参数过滤"
},
{
"state": "on",
"name": "args2",
"rule": "xwork\\.MethodAccessor",
"type": "args",
"description": "Struts 恶意参数过滤"
},
{
"state": "on",
"name": "oneWordTrojan1",
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
"type": "oneWordTrojan"
},
{
"state": "on",
"name": "protocolFilter1",
"rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
"type": "protocolFilter",
"description": "协议过滤"
},
{
"state": "on",
"name": "oneWordTrojan2",
"rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
"type": "oneWordTrojan"
},
{
"state": "on",
"name": "xss1",
"rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
"type": "xss"
},
{
"state": "on",
"name": "xss2",
"rule": "(onmouseover|onerror|onload)\\=",
"type": "xss"
},
{
"state": "on",
"name": "xss3",
"rule": "base64_decode\\(",
"type": "xss"
},
{
"state": "on",
"name": "dirFilter1",
"rule": "(?:etc\\/\\W*passwd)",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter2",
"rule": "java\\.lang",
"type": "dirFilter"
}
]
}

4
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/uaBlack.json Normal file
View File

@ -0,0 +1,4 @@
{
"rules": [
]
}

3
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/uaWhite.json Normal file
View File

@ -0,0 +1,3 @@
{
"rules": []
}

3
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/urlBlack.json Normal file
View File

@ -0,0 +1,3 @@
{
"rules": []
}

3
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/urlWhite.json Normal file
View File

@ -0,0 +1,3 @@
{
"rules": []
}

0
apps/openresty/1.21.4.3-0-focal/conf/conf.d/00.default.conf → apps/openresty/1.21.4.3-2-1-focal/conf/conf.d/00.default.conf
View File

0
apps/openresty/1.21.4.3-0-focal/conf/conf.d/default.conf → apps/openresty/1.21.4.3-2-1-focal/conf/conf.d/default.conf
View File

0
apps/openresty/1.21.4.3-0-focal/conf/fastcgi-php.conf → apps/openresty/1.21.4.3-2-1-focal/conf/fastcgi-php.conf
View File

0
apps/openresty/1.21.4.3-0-focal/conf/fastcgi_params → apps/openresty/1.21.4.3-2-1-focal/conf/fastcgi_params
View File

0
apps/openresty/1.21.4.3-0-focal/conf/mime.types → apps/openresty/1.21.4.3-2-1-focal/conf/mime.types
View File

6
apps/openresty/1.21.4.3-0-focal/conf/nginx.conf → apps/openresty/1.21.4.3-2-1-focal/conf/nginx.conf
View File

@ -35,13 +35,9 @@ http {
gzip_proxied expired no-cache no-store private auth; gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\."; gzip_disable "MSIE [1-6]\.";
lua_code_cache on;
lua_shared_dict limit 10m;
lua_package_path "/www/common/waf/?.lua;/usr/local/openresty/lualib/?.lua;";
init_by_lua_file /www/common/waf/init.lua;
limit_conn_zone $binary_remote_addr zone=perip:10m; limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m; limit_conn_zone $server_name zone=perserver:10m;
include /usr/local/openresty/nginx/conf/conf.d/*.conf; include /usr/local/openresty/nginx/conf/conf.d/*.conf;
include /usr/local/openresty/1pwaf/data/conf/waf.conf;
} }

0
apps/openresty/1.21.4.3-0-focal/data.yml → apps/openresty/1.21.4.3-2-1-focal/data.yml
View File

3
apps/openresty/1.21.4.3-0-focal/docker-compose.yml → apps/openresty/1.21.4.3-2-1-focal/docker-compose.yml
View File

@ -1,7 +1,7 @@
version: '3' version: '3'
services: services:
openresty: openresty:
image: openresty/openresty:1.21.4.3-0-focal image: 1panel/openresty:1.21.4.3-2-1-focal
container_name: ${CONTAINER_NAME} container_name: ${CONTAINER_NAME}
restart: always restart: always
network_mode: host network_mode: host
@ -14,5 +14,6 @@ services:
- ./www:/www - ./www:/www
- ./root:/usr/share/nginx/html - ./root:/usr/share/nginx/html
- /etc/localtime:/etc/localtime - /etc/localtime:/etc/localtime
- ./1pwaf/data:/usr/local/openresty/1pwaf/data
labels: labels:
createdBy: "Apps" createdBy: "Apps"

0
apps/openresty/1.21.4.3-0-focal/root/404.html → apps/openresty/1.21.4.3-2-1-focal/root/404.html
View File

0
apps/openresty/1.21.4.3-0-focal/root/index.html → apps/openresty/1.21.4.3-2-1-focal/root/index.html
View File

0
apps/openresty/1.21.4.3-0-focal/root/stop/index.html → apps/openresty/1.21.4.3-2-1-focal/root/stop/index.html
View File

0
apps/openresty/1.21.4.3-0-focal/scripts/init.sh → apps/openresty/1.21.4.3-2-1-focal/scripts/init.sh
View File