8080713/appstore-1panel
8080713/appstore-1panel
1
0
Fork 0
forked from Ms-Studio/appstore-1panel
Code Pull Requests Activity

feat: 修改配置文件

Browse Source
This commit is contained in:
zhengkunwang223 2023-03-13 09:59:40 +08:00
parent 3a18a5f5c0
commit fcc817eec8
2 changed files with 112 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

214
apps/openresty/versions/1.21.4/www/common/waf/access.lua
View File

@ -1,5 +1,5 @@
local match = string.match local match = string.match
local ngxmatch=ngx.re.match local ngxMatch=ngx.re.match
local unescape=ngx.unescape_uri local unescape=ngx.unescape_uri
local get_headers = ngx.req.get_headers local get_headers = ngx.req.get_headers
local cjson = require "cjson" local cjson = require "cjson"
@ -11,19 +11,9 @@ local function optionIsOn(options)
return options == "on" or options == "On" or options == "ON" return options == "on" or options == "On" or options == "ON"
end end
local logpath = ngx.var.logdir local logPath = ngx.var.logdir
local rulepath = ngx.var.RulePath local rulePath = ngx.var.RulePath
local attacklog = optionIsOn(ngx.var.attackLog)
local Redirect=optionIsOn(ngx.var.redirect)
local CCDeny = optionIsOn(ngx.var.CCDeny)
local UrlBlockDeny = optionIsOn(ngx.var.urlBlockDeny)
local UrlWhiteAllow = optionIsOn(ngx.var.urlWhiteAllow)
local IpBlockDeny = optionIsOn(ngx.var.ipBlockDeny)
local IpWhiteAllow = optionIsOn(ngx.var.ipWhiteAllow)
local PostDeny = optionIsOn(ngx.var.postDeny) local PostDeny = optionIsOn(ngx.var.postDeny)
local ArgsDeny = optionIsOn(ngx.var.argsDeny)
local CookieDeny = optionIsOn(ngx.var.cookieDeny)
local FileExtDeny = optionIsOn(ngx.var.fileExtDeny)
local function getClientIp() local function getClientIp()
IP = ngx.var.remote_addr IP = ngx.var.remote_addr
@ -40,7 +30,8 @@ local function write(logfile,msg)
fd:close() fd:close()
end end
local function log(method,url,data,ruletag) local function log(method,url,data,ruletag)
if attacklog then local attackLog = optionIsOn(ngx.var.attackLog)
if attackLog then
local realIp = getClientIp() local realIp = getClientIp()
local ua = ngx.var.http_user_agent local ua = ngx.var.http_user_agent
local servername=ngx.var.server_name local servername=ngx.var.server_name
@ -51,13 +42,13 @@ local function log(method,url,data,ruletag)
else else
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..ruletag.."\"\n" line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..ruletag.."\"\n"
end end
local filename = logpath..'/'..servername.."_"..ngx.today().."_sec.log" local filename = logPath..'/'..servername.."_"..ngx.today().."_sec.log"
write(filename,line) write(filename,line)
end end
end end
------------------------------------规则读取函数------------------------------------------------------------------- ------------------------------------规则读取函数-------------------------------------------------------------------
local function read_json(var) local function read_json(var)
file = io.open(rulepath..'/'..var .. '.json',"r") file = io.open(rulePath..'/'..var .. '.json',"r")
if file==nil then if file==nil then
return return
end end
@ -79,7 +70,7 @@ local function select_rules(rules)
end end
local function read_str(var) local function read_str(var)
file = io.open(rulepath..'/'..var,"r") file = io.open(rulePath..'/'..var,"r")
if file==nil then if file==nil then
return return
end end
@ -88,22 +79,11 @@ local function read_str(var)
return str return str
end end
local argsCheckList=select_rules(read_json('args_check'))
local postCheckList=select_rules(read_json('post_check'))
local cookieBlockList=select_rules(read_json('cookie_block'))
local uarules=select_rules(read_json('user_agent'))
local urlWhiteList=read_json('url_white')
local urlBlockList=read_json('url_block')
local ipWhiteList=read_json('ip_white')
local ipBlockList=read_json('ip_block')
local fileExtBlockList = read_json('file_ext_block')
local ccRate=read_str('cc.json')
local html=read_str('html') local html=read_str('html')
local function say_html() local function say_html()
if Redirect then local redirect = optionIsOn(ngx.var.redirect)
if redirect then
ngx.header.content_type = "text/html" ngx.header.content_type = "text/html"
ngx.status = ngx.HTTP_FORBIDDEN ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(html) ngx.say(html)
@ -111,11 +91,13 @@ local function say_html()
end end
end end
local function whiteurl() local function whiteUrlCheck()
if UrlWhiteAllow then local urlWhiteAllow = optionIsOn(ngx.var.urlWhiteAllow)
if urlWhiteList ~=nil then if urlWhiteAllow then
for _,rule in pairs(urlWhiteList) do local urlWhiteList = read_json('url_white')
if ngxmatch(ngx.var.uri,rule,"isjo") then if urlWhiteList ~= nil then
for _, rule in pairs(urlWhiteList) do
if ngxMatch(ngx.var.uri, rule, "isjo") then
return true return true
end end
end end
@ -123,8 +105,11 @@ local function whiteurl()
end end
return false return false
end end
local function fileExtCheck(ext) local function fileExtCheck(ext)
if FileExtDeny then local fileExtDeny = optionIsOn(ngx.var.fileExtDeny)
if fileExtDeny then
local fileExtBlockList = read_json('fileExtBlockList')
local items = Set(fileExtBlockList) local items = Set(fileExtBlockList)
ext=string.lower(ext) ext=string.lower(ext)
if ext then if ext then
@ -144,8 +129,10 @@ function Set (list)
return set return set
end end
local function args() local function getArgsCheck()
if ArgsDeny then local argsDeny = optionIsOn(ngx.var.argsDeny)
if argsDeny then
local argsCheckList=select_rules(read_json('args_check'))
if argsCheckList then if argsCheckList then
for _,rule in pairs(argsCheckList) do for _,rule in pairs(argsCheckList) do
local uriArgs = ngx.req.get_uri_args() local uriArgs = ngx.req.get_uri_args()
@ -162,7 +149,7 @@ local function args()
else else
data=val data=val
end end
if data and type(data) ~= "boolean" and rule ~="" and ngxmatch(unescape(data),rule,"isjo") then if data and type(data) ~= "boolean" and rule ~="" and ngxMatch(unescape(data),rule,"isjo") then
log('GET',ngx.var.request_uri,"-",rule) log('GET',ngx.var.request_uri,"-",rule)
say_html() say_html()
return true return true
@ -175,11 +162,13 @@ local function args()
end end
local function url() local function blockUrlCheck()
if UrlBlockDeny then local urlBlockDeny = optionIsOn(ngx.var.urlBlockDeny)
for _,rule in pairs(urlBlockList) do if urlBlockDeny then
if rule ~="" and ngxmatch(ngx.var.request_uri,rule,"isjo") then local urlBlockList=read_json('url_block')
log('GET',ngx.var.request_uri,"-",rule) for _, rule in pairs(urlBlockList) do
if rule ~= "" and ngxMatch(ngx.var.request_uri, rule, "isjo") then
log('GET', ngx.var.request_uri, "-", rule)
say_html() say_html()
return true return true
end end
@ -191,8 +180,9 @@ end
function ua() function ua()
local ua = ngx.var.http_user_agent local ua = ngx.var.http_user_agent
if ua ~= nil then if ua ~= nil then
for _,rule in pairs(uarules) do local uaRules = select_rules(read_json('user_agent'))
if rule ~="" and ngxmatch(ua,rule,"isjo") then for _,rule in pairs(uaRules) do
if rule ~="" and ngxMatch(ua,rule,"isjo") then
log('UA',ngx.var.request_uri,"-",rule) log('UA',ngx.var.request_uri,"-",rule)
say_html() say_html()
return true return true
@ -202,8 +192,9 @@ function ua()
return false return false
end end
function body(data) function body(data)
local postCheckList = select_rules(read_json('post_check'))
for _,rule in pairs(postCheckList) do for _,rule in pairs(postCheckList) do
if rule ~="" and data~="" and ngxmatch(unescape(data),rule,"isjo") then if rule ~="" and data~="" and ngxMatch(unescape(data),rule,"isjo") then
log('POST',ngx.var.request_uri,data,rule) log('POST',ngx.var.request_uri,data,rule)
say_html() say_html()
return true return true
@ -211,11 +202,13 @@ function body(data)
end end
return false return false
end end
local function cookie() local function cookieCheck()
local ck = ngx.var.http_cookie local ck = ngx.var.http_cookie
if CookieDeny and ck then local cookieDeny = optionIsOn(ngx.var.cookieDeny)
if cookieDeny and ck then
local cookieBlockList = select_rules(read_json('cookie_block'))
for _,rule in pairs(cookieBlockList) do for _,rule in pairs(cookieBlockList) do
if rule ~="" and ngxmatch(ck,rule,"isjo") then if rule ~="" and ngxMatch(ck,rule,"isjo") then
log('Cookie',ngx.var.request_uri,"-",rule) log('Cookie',ngx.var.request_uri,"-",rule)
say_html() say_html()
return true return true
@ -225,23 +218,25 @@ local function cookie()
return false return false
end end
local function denycc() local function denyCC()
if CCDeny and ccRate then local ccRate = read_str('cc.json')
local ccDeny = optionIsOn(ngx.var.CCDeny)
if ccDeny and ccRate then
local uri=ngx.var.uri local uri=ngx.var.uri
CCcount=tonumber(string.match(ccRate,'(.*)/')) ccCount=tonumber(string.match(ccRate,'(.*)/'))
CCseconds=tonumber(string.match(ccRate,'/(.*)')) ccSeconds=tonumber(string.match(ccRate,'/(.*)'))
local uri = getClientIp()..uri local access_uri = getClientIp()..uri
local limit = ngx.shared.limit local limit = ngx.shared.limit
local req,_=limit:get(uri) local req,_=limit:get(access_uri)
if req then if req then
if req > CCcount then if req > ccCount then
ngx.exit(503) ngx.exit(503)
return true return true
else else
limit:incr(token,1) limit:incr(access_uri,1)
end end
else else
limit:set(uri,1,CCseconds) limit:set(access_uri,1,ccSeconds)
end end
end end
return false return false
@ -265,8 +260,10 @@ local function get_boundary()
return match(header, ";%s*boundary=([^\",;]+)") return match(header, ";%s*boundary=([^\",;]+)")
end end
local function whiteip() local function whiteIpCheck()
if IpWhiteAllow then local ipWhiteAllow = optionIsOn(ngx.var.ipWhiteAllow)
if ipWhiteAllow then
local ipWhiteList=read_json('ip_white')
if next(ipWhiteList) ~= nil then if next(ipWhiteList) ~= nil then
for _,ip in pairs(ipWhiteList) do for _,ip in pairs(ipWhiteList) do
if getClientIp()==ip then if getClientIp()==ip then
@ -278,8 +275,10 @@ local function whiteip()
return false return false
end end
local function blockip() local function blockIpCheck()
if IpBlockDeny then local ipBlockDeny = optionIsOn(ngx.var.ipBlockDeny)
if ipBlockDeny then
local ipBlockList=read_json('ip_block')
if next(ipBlockList) ~= nil then if next(ipBlockList) ~= nil then
for _,ip in pairs(ipBlockList) do for _,ip in pairs(ipBlockList) do
if getClientIp()==ip then if getClientIp()==ip then
@ -292,39 +291,41 @@ local function blockip()
return false return false
end end
local function handleBodyKeyOrVal(kv)
if type(kv) == "table" then
if type(kv[1]) == "boolean" then
return
end
data = table.concat(kv, ", ")
else
data = kv
end
if data then
if type(data) ~= "boolean" then
body(data)
end
end
end
local function postCheck()
if whiteip() then if method == "POST" then
elseif blockip() then
elseif denycc() then
elseif ngx.var.http_Acunetix_Aspect then
ngx.exit(444)
elseif ngx.var.http_X_Scan_Memo then
ngx.exit(444)
elseif whiteurl() then
elseif ua() then
elseif url() then
elseif args() then
elseif cookie() then
elseif PostDeny then
if method=="POST" then
local boundary = get_boundary() local boundary = get_boundary()
if boundary then if boundary then
local len = string.len local len = string.len
local sock, err = ngx.req.socket() local sock = ngx.req.socket()
if not sock then if not sock then
return return
end end
ngx.req.init_body(128 * 1024) ngx.req.init_body(128 * 1024)
sock:settimeout(0) sock:settimeout(0)
local content_length = nil local contentLength = nil
content_length=tonumber(ngx.req.get_headers()['content-length']) contentLength = tonumber(ngx.req.get_headers()['content-length'])
local chunk_size = 4096 local chunk_size = 4096
if content_length < chunk_size then if contentLength < chunk_size then
chunk_size = content_length chunk_size = contentLength
end end
local size = 0 local size = 0
while size < content_length do while size < contentLength do
local data, err, partial = sock:receive(chunk_size) local data, err, partial = sock:receive(chunk_size)
data = data or partial data = data or partial
if not data then if not data then
@ -335,15 +336,15 @@ elseif PostDeny then
return true return true
end end
size = size + len(data) size = size + len(data)
local m = ngxmatch(data,[[Content-Disposition: form-data;(.+)filename="(.+)\\.(.*)"]],'ijo') local m = ngxMatch(data, 'Content-Disposition: form-data; (.+)filename="(.+)\\.(.*)"', 'ijo')
if m then if m then
fileExtCheck(m[3]) fileExtCheck(m[3])
filetranslate = true fileTranslate = true
else else
if ngxmatch(data,"Content-Disposition:",'isjo') then if ngxMatch(data, "Content-Disposition:", 'isjo') then
filetranslate = false fileTranslate = false
end end
if filetranslate==false then if fileTranslate == false then
if body(data) then if body(data) then
return true return true
end end
@ -357,25 +358,32 @@ elseif PostDeny then
ngx.req.finish_body() ngx.req.finish_body()
else else
ngx.req.read_body() ngx.req.read_body()
local args = ngx.req.get_post_args() local bodyObj = ngx.req.get_post_args()
if not args then if not bodyObj then
return return
end end
for key, val in pairs(args) do for key, val in pairs(bodyObj) do
if type(val) == "table" then handleBodyKeyOrVal(key)
if type(val[1]) == "boolean" then handleBodyKeyOrVal(val)
return
end
data=table.concat(val, ", ")
else
data=val
end
if data and type(data) ~= "boolean" and body(data) then
body(key)
end
end end
end end
end end
end
if whiteIpCheck() then
elseif blockIpCheck() then
elseif denyCC() then
elseif ngx.var.http_Acunetix_Aspect then
ngx.exit(444)
elseif ngx.var.http_X_Scan_Memo then
ngx.exit(444)
elseif whiteUrlCheck() then
elseif ua() then
elseif blockUrlCheck() then
elseif getArgsCheck() then
elseif cookieCheck() then
elseif PostDeny then
postCheck()
else else
return return
end end

2
apps/redis-commander/versions/0.8.0/docker-compose.yml
View File

@ -8,7 +8,7 @@ services:
networks: networks:
- 1panel-network - 1panel-network
environment: environment:
- REDIS_HOSTS=1panel:${PANEL_REDIS_HOST}:6379:0:${PANEL_DB_ROOT_PASSWORD} - REDIS_HOSTS=1panel:${PANEL_DB_HOST}:6379:0:${PANEL_DB_ROOT_PASSWORD}
ports: ports:
- ${PANEL_APP_PORT_HTTP}:8081 - ${PANEL_APP_PORT_HTTP}:8081
labels: labels: