mirror of
https://github.com/QYG2297248353/appstore-1panel.git
synced 2024-11-29 05:06:12 +08:00
feat: 增加 openresty 1.21.4.3-2-1 版本
This commit is contained in:
parent
5007702c1d
commit
9bf3ac6df7
@ -1,394 +0,0 @@
|
|||||||
local match = string.match
|
|
||||||
local ngxMatch=ngx.re.match
|
|
||||||
local unescape=ngx.unescape_uri
|
|
||||||
local get_headers = ngx.req.get_headers
|
|
||||||
local cjson = require "cjson"
|
|
||||||
local content_length=tonumber(ngx.req.get_headers()['content-length'])
|
|
||||||
local method=ngx.req.get_method()
|
|
||||||
|
|
||||||
|
|
||||||
local function optionIsOn(options)
|
|
||||||
return options == "on" or options == "On" or options == "ON"
|
|
||||||
end
|
|
||||||
|
|
||||||
local logPath = ngx.var.logdir
|
|
||||||
local rulePath = ngx.var.RulePath
|
|
||||||
local PostDeny = optionIsOn(ngx.var.postDeny)
|
|
||||||
|
|
||||||
local function getClientIp()
|
|
||||||
IP = ngx.var.remote_addr
|
|
||||||
if IP == nil then
|
|
||||||
IP = "unknown"
|
|
||||||
end
|
|
||||||
return IP
|
|
||||||
end
|
|
||||||
local function write(logfile,msg)
|
|
||||||
local fd = io.open(logfile,"ab")
|
|
||||||
if fd == nil then return end
|
|
||||||
fd:write(msg)
|
|
||||||
fd:flush()
|
|
||||||
fd:close()
|
|
||||||
end
|
|
||||||
local function log(method,url,data,ruletag)
|
|
||||||
local attackLog = optionIsOn(ngx.var.attackLog)
|
|
||||||
if attackLog then
|
|
||||||
local realIp = getClientIp()
|
|
||||||
local ua = ngx.var.http_user_agent
|
|
||||||
local servername=ngx.var.server_name
|
|
||||||
local time=ngx.localtime()
|
|
||||||
local line = nil
|
|
||||||
if ua then
|
|
||||||
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" \""..ua.."\" \""..ruletag.."\"\n"
|
|
||||||
else
|
|
||||||
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..ruletag.."\"\n"
|
|
||||||
end
|
|
||||||
local filename = logPath..'/'..servername.."_"..ngx.today().."_sec.log"
|
|
||||||
write(filename,line)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
------------------------------------规则读取函数-------------------------------------------------------------------
|
|
||||||
local function read_json(var)
|
|
||||||
file = io.open(rulePath..'/'..var .. '.json',"r")
|
|
||||||
if file==nil then
|
|
||||||
return
|
|
||||||
end
|
|
||||||
str = file:read("*a")
|
|
||||||
file:close()
|
|
||||||
list = cjson.decode(str)
|
|
||||||
return list
|
|
||||||
end
|
|
||||||
|
|
||||||
local function select_rules(rules)
|
|
||||||
if not rules then return {} end
|
|
||||||
new_rules = {}
|
|
||||||
for i,v in ipairs(rules) do
|
|
||||||
if v[3] == 1 then
|
|
||||||
table.insert(new_rules,v[1])
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return new_rules
|
|
||||||
end
|
|
||||||
|
|
||||||
local function read_str(var)
|
|
||||||
file = io.open(rulePath..'/'..var,"r")
|
|
||||||
if file==nil then
|
|
||||||
return
|
|
||||||
end
|
|
||||||
local str = file:read("*a")
|
|
||||||
file:close()
|
|
||||||
return str
|
|
||||||
end
|
|
||||||
|
|
||||||
local html=read_str('warn.html')
|
|
||||||
|
|
||||||
local function say_html()
|
|
||||||
local redirect = optionIsOn(ngx.var.redirect)
|
|
||||||
if redirect then
|
|
||||||
ngx.header.content_type = "text/html"
|
|
||||||
ngx.status = ngx.HTTP_FORBIDDEN
|
|
||||||
ngx.say(html)
|
|
||||||
ngx.exit(ngx.status)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
local function whiteUrlCheck()
|
|
||||||
local urlWhiteAllow = optionIsOn(ngx.var.urlWhiteAllow)
|
|
||||||
if urlWhiteAllow then
|
|
||||||
local urlWhiteList = read_json('url_white')
|
|
||||||
if urlWhiteList ~= nil then
|
|
||||||
for _, rule in pairs(urlWhiteList) do
|
|
||||||
if ngxMatch(ngx.var.uri, rule, "isjo") then
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
|
|
||||||
local function fileExtCheck(ext)
|
|
||||||
local fileExtDeny = optionIsOn(ngx.var.fileExtDeny)
|
|
||||||
if fileExtDeny then
|
|
||||||
local fileExtBlockList = read_json('fileExtBlockList')
|
|
||||||
local items = Set(fileExtBlockList)
|
|
||||||
ext=string.lower(ext)
|
|
||||||
if ext then
|
|
||||||
for rule in pairs(items) do
|
|
||||||
if ngx.re.match(ext,rule,"isjo") then
|
|
||||||
log('POST',ngx.var.request_uri,"-","file attack with ext "..ext)
|
|
||||||
say_html()
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
function Set (list)
|
|
||||||
local set = {}
|
|
||||||
for _, l in ipairs(list) do set[l] = true end
|
|
||||||
return set
|
|
||||||
end
|
|
||||||
|
|
||||||
local function getArgsCheck()
|
|
||||||
local argsDeny = optionIsOn(ngx.var.argsDeny)
|
|
||||||
if argsDeny then
|
|
||||||
local argsCheckList=select_rules(read_json('args_check'))
|
|
||||||
if argsCheckList then
|
|
||||||
for _,rule in pairs(argsCheckList) do
|
|
||||||
local uriArgs = ngx.req.get_uri_args()
|
|
||||||
for key, val in pairs(uriArgs) do
|
|
||||||
if type(val)=='table' then
|
|
||||||
local t={}
|
|
||||||
for k,v in pairs(val) do
|
|
||||||
if v == true then
|
|
||||||
v=""
|
|
||||||
end
|
|
||||||
table.insert(t,v)
|
|
||||||
end
|
|
||||||
data=table.concat(t, " ")
|
|
||||||
else
|
|
||||||
data=val
|
|
||||||
end
|
|
||||||
if data and type(data) ~= "boolean" and rule ~="" and ngxMatch(unescape(data),rule,"isjo") then
|
|
||||||
log('GET',ngx.var.request_uri,"-",rule)
|
|
||||||
say_html()
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
local function blockUrlCheck()
|
|
||||||
local urlBlockDeny = optionIsOn(ngx.var.urlBlockDeny)
|
|
||||||
if urlBlockDeny then
|
|
||||||
local urlBlockList=read_json('url_block')
|
|
||||||
for _, rule in pairs(urlBlockList) do
|
|
||||||
if rule ~= "" and ngxMatch(ngx.var.request_uri, rule, "isjo") then
|
|
||||||
log('GET', ngx.var.request_uri, "-", rule)
|
|
||||||
say_html()
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
|
|
||||||
function ua()
|
|
||||||
local ua = ngx.var.http_user_agent
|
|
||||||
if ua ~= nil then
|
|
||||||
local uaRules = select_rules(read_json('user_agent'))
|
|
||||||
for _,rule in pairs(uaRules) do
|
|
||||||
if rule ~="" and ngxMatch(ua,rule,"isjo") then
|
|
||||||
log('UA',ngx.var.request_uri,"-",rule)
|
|
||||||
say_html()
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
function body(data)
|
|
||||||
local postCheckList = select_rules(read_json('post_check'))
|
|
||||||
for _,rule in pairs(postCheckList) do
|
|
||||||
if rule ~="" and data~="" and ngxMatch(unescape(data),rule,"isjo") then
|
|
||||||
log('POST',ngx.var.request_uri,data,rule)
|
|
||||||
say_html()
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
local function cookieCheck()
|
|
||||||
local ck = ngx.var.http_cookie
|
|
||||||
local cookieDeny = optionIsOn(ngx.var.cookieDeny)
|
|
||||||
if cookieDeny and ck then
|
|
||||||
local cookieBlockList = select_rules(read_json('cookie_block'))
|
|
||||||
for _,rule in pairs(cookieBlockList) do
|
|
||||||
if rule ~="" and ngxMatch(ck,rule,"isjo") then
|
|
||||||
log('Cookie',ngx.var.request_uri,"-",rule)
|
|
||||||
say_html()
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
|
|
||||||
local function denyCC()
|
|
||||||
local ccRate = read_str('cc.json')
|
|
||||||
local ccDeny = optionIsOn(ngx.var.CCDeny)
|
|
||||||
if ccDeny and ccRate then
|
|
||||||
local uri=ngx.var.uri
|
|
||||||
ccCount=tonumber(string.match(ccRate,'(.*)/'))
|
|
||||||
ccSeconds=tonumber(string.match(ccRate,'/(.*)'))
|
|
||||||
local access_uri = getClientIp()..uri
|
|
||||||
local limit = ngx.shared.limit
|
|
||||||
local req,_=limit:get(access_uri)
|
|
||||||
if req then
|
|
||||||
if req > ccCount then
|
|
||||||
ngx.exit(503)
|
|
||||||
return true
|
|
||||||
else
|
|
||||||
limit:incr(access_uri,1)
|
|
||||||
end
|
|
||||||
else
|
|
||||||
limit:set(access_uri,1,ccSeconds)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
|
|
||||||
local function get_boundary()
|
|
||||||
local header = get_headers()["content-type"]
|
|
||||||
if not header then
|
|
||||||
return nil
|
|
||||||
end
|
|
||||||
|
|
||||||
if type(header) == "table" then
|
|
||||||
header = header[1]
|
|
||||||
end
|
|
||||||
|
|
||||||
local m = match(header, ";%s*boundary=\"([^\"]+)\"")
|
|
||||||
if m then
|
|
||||||
return m
|
|
||||||
end
|
|
||||||
|
|
||||||
return match(header, ";%s*boundary=([^\",;]+)")
|
|
||||||
end
|
|
||||||
|
|
||||||
local function whiteIpCheck()
|
|
||||||
local ipWhiteAllow = optionIsOn(ngx.var.ipWhiteAllow)
|
|
||||||
if ipWhiteAllow then
|
|
||||||
local ipWhiteList=read_json('ip_white')
|
|
||||||
if next(ipWhiteList) ~= nil then
|
|
||||||
for _,ip in pairs(ipWhiteList) do
|
|
||||||
if getClientIp()==ip then
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
|
|
||||||
local function blockIpCheck()
|
|
||||||
local ipBlockDeny = optionIsOn(ngx.var.ipBlockDeny)
|
|
||||||
if ipBlockDeny then
|
|
||||||
local ipBlockList=read_json('ip_block')
|
|
||||||
if next(ipBlockList) ~= nil then
|
|
||||||
for _,ip in pairs(ipBlockList) do
|
|
||||||
if getClientIp()==ip then
|
|
||||||
ngx.exit(403)
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
|
|
||||||
local function handleBodyKeyOrVal(kv)
|
|
||||||
if type(kv) == "table" then
|
|
||||||
if type(kv[1]) == "boolean" then
|
|
||||||
return
|
|
||||||
end
|
|
||||||
data = table.concat(kv, ", ")
|
|
||||||
else
|
|
||||||
data = kv
|
|
||||||
end
|
|
||||||
if data then
|
|
||||||
if type(data) ~= "boolean" then
|
|
||||||
body(data)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
local function postCheck()
|
|
||||||
if method == "POST" then
|
|
||||||
local boundary = get_boundary()
|
|
||||||
local fileExtDeny = optionIsOn(ngx.var.fileExtDeny)
|
|
||||||
if boundary and fileExtDeny then
|
|
||||||
local protocol = ngx.var.server_protocol
|
|
||||||
if protocol == "HTTP/2.0" then
|
|
||||||
return
|
|
||||||
end
|
|
||||||
local len = string.len
|
|
||||||
local sock = ngx.req.socket()
|
|
||||||
if not sock then
|
|
||||||
return
|
|
||||||
end
|
|
||||||
ngx.req.init_body(128 * 1024)
|
|
||||||
sock:settimeout(0)
|
|
||||||
local contentLength = nil
|
|
||||||
contentLength = tonumber(ngx.req.get_headers()['content-length'])
|
|
||||||
local chunk_size = 4096
|
|
||||||
if contentLength < chunk_size then
|
|
||||||
chunk_size = contentLength
|
|
||||||
end
|
|
||||||
local size = 0
|
|
||||||
while size < contentLength do
|
|
||||||
local data, err, partial = sock:receive(chunk_size)
|
|
||||||
data = data or partial
|
|
||||||
if not data then
|
|
||||||
return
|
|
||||||
end
|
|
||||||
ngx.req.append_body(data)
|
|
||||||
if body(data) then
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
size = size + len(data)
|
|
||||||
local m = ngxMatch(data, 'Content-Disposition: form-data; (.+)filename="(.+)\\.(.*)"', 'ijo')
|
|
||||||
if m then
|
|
||||||
fileExtCheck(m[3])
|
|
||||||
fileTranslate = true
|
|
||||||
else
|
|
||||||
if ngxMatch(data, "Content-Disposition:", 'isjo') then
|
|
||||||
fileTranslate = false
|
|
||||||
end
|
|
||||||
if fileTranslate == false then
|
|
||||||
if body(data) then
|
|
||||||
return true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
local less = content_length - size
|
|
||||||
if less < chunk_size then
|
|
||||||
chunk_size = less
|
|
||||||
end
|
|
||||||
end
|
|
||||||
ngx.req.finish_body()
|
|
||||||
else
|
|
||||||
ngx.req.read_body()
|
|
||||||
local bodyObj = ngx.req.get_post_args()
|
|
||||||
if not bodyObj then
|
|
||||||
return
|
|
||||||
end
|
|
||||||
for key, val in pairs(bodyObj) do
|
|
||||||
handleBodyKeyOrVal(key)
|
|
||||||
handleBodyKeyOrVal(val)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if whiteIpCheck() then
|
|
||||||
elseif blockIpCheck() then
|
|
||||||
elseif denyCC() then
|
|
||||||
elseif ngx.var.http_Acunetix_Aspect then
|
|
||||||
ngx.exit(444)
|
|
||||||
elseif ngx.var.http_X_Scan_Memo then
|
|
||||||
ngx.exit(444)
|
|
||||||
elseif whiteUrlCheck() then
|
|
||||||
elseif ua() then
|
|
||||||
elseif blockUrlCheck() then
|
|
||||||
elseif getArgsCheck() then
|
|
||||||
elseif cookieCheck() then
|
|
||||||
elseif PostDeny then
|
|
||||||
postCheck()
|
|
||||||
else
|
|
||||||
return
|
|
||||||
end
|
|
@ -1 +0,0 @@
|
|||||||
ngx.log(ngx.INFO,"init success")
|
|
@ -1,26 +0,0 @@
|
|||||||
[
|
|
||||||
["\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 1 ],
|
|
||||||
["(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 1 ],
|
|
||||||
["(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 1 ],
|
|
||||||
["base64_decode\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee43", 1],
|
|
||||||
["(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee44", 1 ],
|
|
||||||
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee45", 1],
|
|
||||||
["select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42", 1 ],
|
|
||||||
["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 1 ],
|
|
||||||
["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
|
|
||||||
["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
|
|
||||||
["(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 1 ],
|
|
||||||
["\\<(iframe|script|body|img|layer|div|meta|style|base|object)", "XSS\u8fc7\u6ee41", 1],
|
|
||||||
["(invokefunction|call_user_func_array|\\\\think\\\\)", "ThinkPHP payload\u5c01\u5835", 1 ],
|
|
||||||
["^url_array\\[.*\\]$", "Metinfo6.x XSS\u6f0f\u6d1e", 1],
|
|
||||||
["(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
|
|
||||||
["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
|
|
||||||
["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
|
|
||||||
["(EXISTS\\(|SELECT\\#|\\(SELECT)", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
|
|
||||||
["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
|
|
||||||
["(?:from.+?information_schema.+?)", "", 1],
|
|
||||||
["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
|
|
||||||
["'$", "test", 1],
|
|
||||||
["\\${jndi:", "log4j2\u62e6\u622a", 1 ],
|
|
||||||
["terrewrewrwr", "", 1]
|
|
||||||
]
|
|
@ -1 +0,0 @@
|
|||||||
100/60
|
|
@ -1,12 +0,0 @@
|
|||||||
[
|
|
||||||
["base64_decode\\(","一句话木马过滤3",1],
|
|
||||||
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[","一句话木马过滤5",1],
|
|
||||||
["select.+(from|limit)","SQL注入过滤2",1],
|
|
||||||
["(?:(union(.*?)select))","SQL注入过滤3",1],
|
|
||||||
["sleep\\((\\s*)(\\d*)(\\s*)\\)","SQL注入过滤5",1],
|
|
||||||
["benchmark\\((.*)\\,(.*)\\)","SQL注入过滤6",1],
|
|
||||||
["(?:from\\W+information_schema\\W)","SQL注入过滤7",1],
|
|
||||||
["(?:(?:current_)user|database|schema|connection_id)\\s*\\(","SQL注入过滤8",1],
|
|
||||||
["into(\\s+)+(?:dump|out)file\\s*","SQL注入过滤9",1],
|
|
||||||
["group\\s+by.+\\(","SQL注入过滤10",1]
|
|
||||||
]
|
|
@ -1 +0,0 @@
|
|||||||
["php","jsp"]
|
|
@ -1 +0,0 @@
|
|||||||
[]
|
|
@ -1 +0,0 @@
|
|||||||
[]
|
|
@ -1,22 +0,0 @@
|
|||||||
[
|
|
||||||
["\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 1],
|
|
||||||
["(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 1],
|
|
||||||
["(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 1],
|
|
||||||
["base64_decode\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee41", 1],
|
|
||||||
["(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee42", 1],
|
|
||||||
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee43", 1],
|
|
||||||
["select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42",1],
|
|
||||||
["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43",1],
|
|
||||||
["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
|
|
||||||
["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
|
|
||||||
["(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48",1],
|
|
||||||
["(extractvalue\\(|concat\\(|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
|
|
||||||
["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\(|right\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
|
|
||||||
["(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 1],
|
|
||||||
["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
|
|
||||||
["(EXISTS\\(|SELECT\\#|\\(SELECT|select\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
|
|
||||||
["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
|
|
||||||
["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
|
|
||||||
["(?:from.+?information_schema.+?)", "", 1],
|
|
||||||
["\\${jndi:", "log4j2\u62e6\u622a", 1]
|
|
||||||
]
|
|
@ -1 +0,0 @@
|
|||||||
[]
|
|
@ -1 +0,0 @@
|
|||||||
[]
|
|
@ -1,17 +0,0 @@
|
|||||||
[
|
|
||||||
["(WPScan|HTTrack|antSword|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/)", "\u5173\u952e\u8bcd\u8fc7\u6ee41", 1],
|
|
||||||
["(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee42", 1],
|
|
||||||
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee43", 1],
|
|
||||||
["select\\s+.+(from|limit)\\s+", "SQL\u6ce8\u5165\u8fc7\u6ee42", 1],
|
|
||||||
["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 1],
|
|
||||||
["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
|
|
||||||
["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
|
|
||||||
["(?:(?:current_)user|database|schema|connection_id)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 1],
|
|
||||||
["(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
|
|
||||||
["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
|
|
||||||
["(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 1],
|
|
||||||
["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\))", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
|
|
||||||
["(EXISTS\\(|SELECT\\#|\\(SELECT)", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
|
|
||||||
["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
|
|
||||||
["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1]
|
|
||||||
]
|
|
@ -1,136 +0,0 @@
|
|||||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
||||||
<head>
|
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
||||||
<title>网站防火墙</title>
|
|
||||||
<style>
|
|
||||||
p {
|
|
||||||
line-height: 20px;
|
|
||||||
}
|
|
||||||
ul {
|
|
||||||
list-style-type: none;
|
|
||||||
}
|
|
||||||
li {
|
|
||||||
list-style-type: none;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
|
|
||||||
<body style="padding: 0; margin: 0; font: 14px/1.5 Microsoft Yahei, 宋体, sans-serif; color: #555">
|
|
||||||
<div style="margin: 0 auto; width: 1000px; padding-top: 200px; overflow: hidden">
|
|
||||||
<div style="width: 600px; margin: 0 auto;">
|
|
||||||
<div
|
|
||||||
style="
|
|
||||||
height: 40px;
|
|
||||||
line-height: 40px;
|
|
||||||
color: #fff;
|
|
||||||
font-size: 16px;
|
|
||||||
overflow: hidden;
|
|
||||||
background: #6bb3f6;
|
|
||||||
padding-left: 20px;
|
|
||||||
"
|
|
||||||
>
|
|
||||||
网站防火墙
|
|
||||||
</div>
|
|
||||||
<div
|
|
||||||
style="
|
|
||||||
border: 1px dashed #cdcece;
|
|
||||||
border-top: none;
|
|
||||||
font-size: 14px;
|
|
||||||
background: #fff;
|
|
||||||
color: #555;
|
|
||||||
line-height: 24px;
|
|
||||||
height: 220px;
|
|
||||||
padding: 20px 20px 0 20px;
|
|
||||||
overflow-y: auto;
|
|
||||||
background: #f3f7f9;
|
|
||||||
"
|
|
||||||
>
|
|
||||||
<p
|
|
||||||
style="
|
|
||||||
margin-top: 0px;
|
|
||||||
margin-bottom: 0px;
|
|
||||||
margin-left: 0px;
|
|
||||||
margin-right: 0px;
|
|
||||||
-qt-block-indent: 0;
|
|
||||||
text-indent: 0px;
|
|
||||||
"
|
|
||||||
>
|
|
||||||
<span style="font-weight: 600; color: #fc4f03">
|
|
||||||
您的请求带有不合法参数,已被网站管理员设置拦截!
|
|
||||||
</span>
|
|
||||||
</p>
|
|
||||||
<p
|
|
||||||
style="
|
|
||||||
margin-top: 0px;
|
|
||||||
margin-bottom: 0px;
|
|
||||||
margin-left: 0px;
|
|
||||||
margin-right: 0px;
|
|
||||||
-qt-block-indent: 0;
|
|
||||||
text-indent: 0px;
|
|
||||||
"
|
|
||||||
>
|
|
||||||
可能原因:您提交的内容包含危险的攻击请求
|
|
||||||
</p>
|
|
||||||
<p
|
|
||||||
style="
|
|
||||||
margin-top: 12px;
|
|
||||||
margin-bottom: 12px;
|
|
||||||
margin-left: 0px;
|
|
||||||
margin-right: 0px;
|
|
||||||
-qt-block-indent: 1;
|
|
||||||
text-indent: 0px;
|
|
||||||
"
|
|
||||||
>
|
|
||||||
如何解决:
|
|
||||||
</p>
|
|
||||||
<ul
|
|
||||||
style="
|
|
||||||
margin-top: 0px;
|
|
||||||
margin-bottom: 0px;
|
|
||||||
margin-left: 0px;
|
|
||||||
margin-right: 0px;
|
|
||||||
-qt-list-indent: 1;
|
|
||||||
"
|
|
||||||
>
|
|
||||||
<li
|
|
||||||
style="
|
|
||||||
margin-top: 12px;
|
|
||||||
margin-bottom: 0px;
|
|
||||||
margin-left: 0px;
|
|
||||||
margin-right: 0px;
|
|
||||||
-qt-block-indent: 0;
|
|
||||||
text-indent: 0px;
|
|
||||||
"
|
|
||||||
>
|
|
||||||
1)检查提交内容;
|
|
||||||
</li>
|
|
||||||
<li
|
|
||||||
style="
|
|
||||||
margin-top: 0px;
|
|
||||||
margin-bottom: 0px;
|
|
||||||
margin-left: 0px;
|
|
||||||
margin-right: 0px;
|
|
||||||
-qt-block-indent: 0;
|
|
||||||
text-indent: 0px;
|
|
||||||
"
|
|
||||||
>
|
|
||||||
2)如网站托管,请联系空间提供商;
|
|
||||||
</li>
|
|
||||||
<li
|
|
||||||
style="
|
|
||||||
margin-top: 0px;
|
|
||||||
margin-bottom: 0px;
|
|
||||||
margin-left: 0px;
|
|
||||||
margin-right: 0px;
|
|
||||||
-qt-block-indent: 0;
|
|
||||||
text-indent: 0px;
|
|
||||||
"
|
|
||||||
>
|
|
||||||
3)普通网站访客,请联系网站管理员;
|
|
||||||
</li>
|
|
||||||
</ul>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
169
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/global.json
Normal file
169
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/global.json
Normal file
@ -0,0 +1,169 @@
|
|||||||
|
{
|
||||||
|
"waf": {
|
||||||
|
"state": "on",
|
||||||
|
"mode": "protection",
|
||||||
|
"secret": ""
|
||||||
|
},
|
||||||
|
"redis": {
|
||||||
|
"state": "off",
|
||||||
|
"host": "",
|
||||||
|
"port": 6379,
|
||||||
|
"password": "",
|
||||||
|
"ssl": false,
|
||||||
|
"poolSize": 10
|
||||||
|
},
|
||||||
|
"ipWhite": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "ipWhite",
|
||||||
|
"action": "allow"
|
||||||
|
},
|
||||||
|
"ipBlack": {
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny",
|
||||||
|
"type": "ipBlack",
|
||||||
|
"res": "ip"
|
||||||
|
},
|
||||||
|
"urlWhite": {
|
||||||
|
"type": "urlWhite",
|
||||||
|
"state": "on",
|
||||||
|
"action": "allow"
|
||||||
|
},
|
||||||
|
"urlBlack": {
|
||||||
|
"type": "urlBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"uaWhite": {
|
||||||
|
"type": "uaWhite",
|
||||||
|
"state": "off",
|
||||||
|
"action": "allow"
|
||||||
|
},
|
||||||
|
"uaBlack": {
|
||||||
|
"type": "uaBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"notFoundCount": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "notFoundCount",
|
||||||
|
"threshold": 30,
|
||||||
|
"duration": 10,
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"code": 403,
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"methodWhite": {
|
||||||
|
"type": "methodWhite",
|
||||||
|
"state": "on",
|
||||||
|
"code": 444,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"bot": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "bot",
|
||||||
|
"uri": "/1pwaf/bot/trap",
|
||||||
|
"action": "REDIRECT_JS",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"unknownWebsite": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "unknownWebsite",
|
||||||
|
"action": "deny",
|
||||||
|
"code": 403,
|
||||||
|
"res": "unknown"
|
||||||
|
},
|
||||||
|
"geoRestrict": {
|
||||||
|
"state": "off",
|
||||||
|
"rules": [],
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny",
|
||||||
|
"type": "geoRestrict",
|
||||||
|
"res": "geo"
|
||||||
|
},
|
||||||
|
"defaultIpBlack": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "defaultIpBlack",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"xss": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "xss",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"sql": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "sql",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"cc": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "cc",
|
||||||
|
"rule": "cc",
|
||||||
|
"tokenTimeOut": 1800,
|
||||||
|
"threshold": 100,
|
||||||
|
"duration": 20,
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"ccurl": {
|
||||||
|
"state": "off",
|
||||||
|
"type": "urlcc",
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"attackCount": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "attackCount",
|
||||||
|
"threshold": 10,
|
||||||
|
"duration": 60,
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"ipBlockTime": 3000
|
||||||
|
},
|
||||||
|
"fileExt": {
|
||||||
|
"state": "on",
|
||||||
|
"action": "deny",
|
||||||
|
"code": 403,
|
||||||
|
"type": "fileExtCheck"
|
||||||
|
},
|
||||||
|
"cookie": {
|
||||||
|
"type": "cookie",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"header": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "header",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"defaultUaBlack": {
|
||||||
|
"type": "defaultUaBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"defaultUrlBlack": {
|
||||||
|
"type": "defaultUrlBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"args": {
|
||||||
|
"type": "args",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,94 @@
|
|||||||
|
{
|
||||||
|
"waf": {
|
||||||
|
"state": "on",
|
||||||
|
"mode": "protection"
|
||||||
|
},
|
||||||
|
"args": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "args",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"defaultUaBlack": {
|
||||||
|
"type": "defaultUaBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"cookie": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "cookie",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"bot": {
|
||||||
|
"type": "bot",
|
||||||
|
"state": "on",
|
||||||
|
"uri": "/1pwaf/bot/trap",
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "off",
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"geoRestrict": {
|
||||||
|
"state": "off",
|
||||||
|
"rules": [],
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny",
|
||||||
|
"type": "geoRestrict",
|
||||||
|
"res": "geo"
|
||||||
|
},
|
||||||
|
"xss": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "xss",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"sql": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "sql",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"cc": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "cc",
|
||||||
|
"rule": "cc",
|
||||||
|
"tokenTimeOut": 1800,
|
||||||
|
"threshold": 100,
|
||||||
|
"duration": 10,
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"ccurl": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "ccurl",
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "off",
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"fileExt": {
|
||||||
|
"state": "on",
|
||||||
|
"action": "deny",
|
||||||
|
"code": 403,
|
||||||
|
"type": "fileExtCheck"
|
||||||
|
},
|
||||||
|
"header": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "header",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"defaultUrlBlack": {
|
||||||
|
"type": "defaultUrlBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"methodWhite": {
|
||||||
|
"type": "methodWhite",
|
||||||
|
"state": "on",
|
||||||
|
"code": 444,
|
||||||
|
"action": "deny"
|
||||||
|
}
|
||||||
|
}
|
14
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/waf.conf
Normal file
14
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/conf/waf.conf
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
lua_shared_dict waf_req_count 10m;
|
||||||
|
lua_shared_dict waf 30m;
|
||||||
|
lua_shared_dict waf_block_ip 10m;
|
||||||
|
lua_shared_dict waf_ip_arr 10m;
|
||||||
|
lua_shared_dict waf_limit 10m;
|
||||||
|
lua_shared_dict waf_sql 50m;
|
||||||
|
lua_shared_dict waf_locks 100k;
|
||||||
|
|
||||||
|
lua_code_cache on;
|
||||||
|
lua_package_path "/usr/local/openresty/1pwaf/?.lua;/usr/local/openresty/1pwaf/lib/?.lua;;";
|
||||||
|
init_by_lua_file /usr/local/openresty/1pwaf/init.lua;
|
||||||
|
access_by_lua_file /usr/local/openresty/1pwaf/waf.lua;
|
||||||
|
log_by_lua_file /usr/local/openresty/1pwaf/log_and_traffic.lua;
|
||||||
|
init_worker_by_lua_file /usr/local/openresty/1pwaf/worker.lua;
|
@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "1Panel WAF",
|
||||||
|
"version": "1.0.0"
|
||||||
|
}
|
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/cc.html
Normal file
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/cc.html
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
162
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/global.json
Normal file
162
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/global.json
Normal file
@ -0,0 +1,162 @@
|
|||||||
|
{
|
||||||
|
"waf": {
|
||||||
|
"state": "on",
|
||||||
|
"mode": "protection",
|
||||||
|
"secret": ""
|
||||||
|
},
|
||||||
|
"redis": {
|
||||||
|
"state": "off",
|
||||||
|
"host": "",
|
||||||
|
"port": 6379,
|
||||||
|
"password": "",
|
||||||
|
"ssl": false,
|
||||||
|
"poolSize": 10
|
||||||
|
},
|
||||||
|
"ipWhite": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "ipWhite",
|
||||||
|
"action": "allow"
|
||||||
|
},
|
||||||
|
"ipBlack": {
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny",
|
||||||
|
"type": "ipBlack",
|
||||||
|
"res": "ip"
|
||||||
|
},
|
||||||
|
"urlWhite": {
|
||||||
|
"type": "urlWhite",
|
||||||
|
"state": "on",
|
||||||
|
"action": "allow"
|
||||||
|
},
|
||||||
|
"urlBlack": {
|
||||||
|
"type": "urlBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"uaWhite": {
|
||||||
|
"type": "uaWhite",
|
||||||
|
"state": "off",
|
||||||
|
"action": "allow"
|
||||||
|
},
|
||||||
|
"uaBlack": {
|
||||||
|
"type": "uaBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"notFoundCount": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "notFoundCount",
|
||||||
|
"threshold": 30,
|
||||||
|
"duration": 10,
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"code": 403,
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"methodWhite": {
|
||||||
|
"type": "methodWhite",
|
||||||
|
"state": "on",
|
||||||
|
"code": 444,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"bot": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "bot",
|
||||||
|
"uri": "/1pwaf/bot/trap",
|
||||||
|
"action": "REDIRECT_JS",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"geoRestrict": {
|
||||||
|
"state": "off",
|
||||||
|
"rules": [],
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny",
|
||||||
|
"type": "geoRestrict",
|
||||||
|
"res": "geo"
|
||||||
|
},
|
||||||
|
"defaultIpBlack": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "defaultIpBlack",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"xss": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "xss",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"sql": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "sql",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"cc": {
|
||||||
|
"state": "off",
|
||||||
|
"type": "cc",
|
||||||
|
"rule": "cc",
|
||||||
|
"tokenTimeOut": 1800,
|
||||||
|
"threshold": 100,
|
||||||
|
"duration": 10,
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"ccurl": {
|
||||||
|
"state": "off",
|
||||||
|
"type": "urlcc",
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"ipBlockTime": 600
|
||||||
|
},
|
||||||
|
"attackCount": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "attackCount",
|
||||||
|
"threshold": 10,
|
||||||
|
"duration": 60,
|
||||||
|
"action": "deny",
|
||||||
|
"ipBlock": "on",
|
||||||
|
"ipBlockTime": 3000
|
||||||
|
},
|
||||||
|
"fileExt": {
|
||||||
|
"state": "on",
|
||||||
|
"action": "deny",
|
||||||
|
"code": 403,
|
||||||
|
"type": "fileExtCheck"
|
||||||
|
},
|
||||||
|
"cookie": {
|
||||||
|
"type": "cookie",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"header": {
|
||||||
|
"state": "on",
|
||||||
|
"type": "header",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"defaultUaBlack": {
|
||||||
|
"type": "defaultUaBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"defaultUrlBlack": {
|
||||||
|
"type": "defaultUrlBlack",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
},
|
||||||
|
"args": {
|
||||||
|
"type": "args",
|
||||||
|
"state": "on",
|
||||||
|
"code": 403,
|
||||||
|
"action": "deny"
|
||||||
|
}
|
||||||
|
}
|
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/ip.html
Normal file
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/default/ip.html
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
BIN
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/geo/BlackIP.mmdb
Normal file
BIN
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/geo/BlackIP.mmdb
Normal file
Binary file not shown.
After Width: | Height: | Size: 61 KiB |
BIN
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/geo/GeoIP.mmdb
Normal file
BIN
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/geo/GeoIP.mmdb
Normal file
Binary file not shown.
21
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/5s.html
Normal file
21
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/5s.html
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<title>5s</title>
|
||||||
|
<style>
|
||||||
|
#loadingContainer { position: absolute; top: 50%%; left: 50%%; transform: translate(-50%%, -50%%); display: flex; align-items: center; justify-content: center; flex-direction: column; background: #e8e8e8; width: 300px; height: 100px; border: 2px solid #e8e8e8; }
|
||||||
|
#loadingText { font-size: 18px; margin-top: 10px; }
|
||||||
|
#loadingSuccess { display: none; font-size: 24px; color: #7ac23c; margin-top: 10px; }
|
||||||
|
.loadingSpinner { border: 4px solid rgba(0, 0, 0, 0.1); border-top: 4px solid #7ac23c; border-radius: 50%%; width: 20px; height: 20px; animation: spin 1s linear infinite; margin-top: 10px; }
|
||||||
|
@keyframes spin { 0%% { transform: rotate(0deg); } 100%% { transform: rotate(360deg); } }
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div id="loadingContainer">
|
||||||
|
<div id="loadingText">正在验证...</div>
|
||||||
|
<div id="loadingSuccess">验证成功</div>
|
||||||
|
<div class="loadingSpinner"></div>
|
||||||
|
</div>
|
||||||
|
<script type="text/javascript" src="/5s_check_%s-%s-%s-.js"></script>
|
||||||
|
</body>
|
||||||
|
</html>
|
24
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/5s.js
Normal file
24
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/5s.js
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
window.onload = function () {
|
||||||
|
setTimeout(function () {
|
||||||
|
showSuccess();
|
||||||
|
verifySucc();
|
||||||
|
}, 5000);
|
||||||
|
|
||||||
|
function showSuccess() {
|
||||||
|
document.getElementById("loadingText").style.display = "none";
|
||||||
|
document.getElementById("loadingSuccess").style.display = "block";
|
||||||
|
document.querySelector(".loadingSpinner").style.display = "none";
|
||||||
|
}
|
||||||
|
|
||||||
|
function verifySucc() {
|
||||||
|
let xhr = new XMLHttpRequest();
|
||||||
|
xhr.onreadystatechange = function () {
|
||||||
|
if (xhr.readyState === 4 && xhr.status === 200) {
|
||||||
|
window.location.reload();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
const requestUrl = "%s-%s-%s-%s-%s-";
|
||||||
|
xhr.open("GET", requestUrl, true);
|
||||||
|
xhr.send();
|
||||||
|
}
|
||||||
|
}
|
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/cc.html
Normal file
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/cc.html
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/geo.html
Normal file
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/geo.html
Normal file
File diff suppressed because one or more lines are too long
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/ip.html
Normal file
75
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/ip.html
Normal file
File diff suppressed because one or more lines are too long
@ -0,0 +1,24 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="zh-cn">
|
||||||
|
<head>
|
||||||
|
<title>网站防火墙</title>
|
||||||
|
<style>
|
||||||
|
* { box-sizing: border-box; margin: 0; padding: 0; }
|
||||||
|
body { font-family: '微软雅黑', sans-serif; background-color: #282c34; color: #fff; text-align: center; padding: 50px; }
|
||||||
|
.main { max-width: 600px; margin: 10% auto; background-color: #3a3a3a; border-radius: 8px; padding: 20px; box-shadow: 0 4px 8px rgba(0, 0, 0, 0.2); }
|
||||||
|
.title { background: #ff4d4d; color: #fff; font-size: 24px; height: 60px; line-height: 60px; border-radius: 8px 8px 0 0; }
|
||||||
|
.content { background-color: #444; border: 1px solid #666; border-radius: 0 0 8px 8px; padding: 20px; margin-top: -1px; }
|
||||||
|
.t1 { color: #ff9999; font-weight: bold; margin: 0 0 20px; }
|
||||||
|
.footer { margin-top: 10px; font-size: 12px; color: #999; }
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div class="main">
|
||||||
|
<div class="title">网站防火墙</div>
|
||||||
|
<div class="content">
|
||||||
|
<p class="t1">您的请求不合法,已被拒绝</p>
|
||||||
|
</div>
|
||||||
|
<div class="footer">此网站防护来自 1Panel</div>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
26
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/slide.html
Normal file
26
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/slide.html
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<title>滑动认证</title>
|
||||||
|
<style>
|
||||||
|
#dragContainer {position:absolute;top:50%%;left:50%%;transform:translate(-50%%, -50%%);display:inline-block;background:#e8e8e8;width:300px;height:33px;border:2px solid #e8e8e8;}
|
||||||
|
#dragBg {position:absolute;background-color:#7ac23c;height:100%%;}
|
||||||
|
#dragText {position:absolute;width:100%%;height:100%%;text-align:center;line-height:33px;user-select:none;-webkit-user-select:none;}
|
||||||
|
#dragHandler {position:absolute;width:40px;height:100%%;cursor:pointer;box-sizing:border-box;overflow:hidden;}
|
||||||
|
#dragHandler.dragHandlerBg {background-color:#c0c0c0;}
|
||||||
|
#dragHandler.dragHandlerBg::before {content:'»';font-size:24px;position:absolute;top:50%%;left:50%%;transform:translate(-50%%, -50%%);color:#7ac23c;}
|
||||||
|
.dragHandlerOkBg {position:absolute;border-radius:50%%;background-color:#7ac23c;display:flex;justify-content:center;align-items:center;}
|
||||||
|
.dragHandlerOkBg::before {content:'\2713';font-size:16px;color:white;}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div>
|
||||||
|
<div id="dragContainer">
|
||||||
|
<div id="dragBg"></div>
|
||||||
|
<div id="dragText"></div>
|
||||||
|
<div id="dragHandler" class="dragHandlerBg"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<script type="text/javascript" src="/slide_check_%s-%s-%s-.js"></script>
|
||||||
|
</body>
|
||||||
|
</html>
|
82
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/slide.js
Normal file
82
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/html/slide.js
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
window.onload = function () {
|
||||||
|
(function () {
|
||||||
|
const dragContainer = document.getElementById("dragContainer");
|
||||||
|
const dragBg = document.getElementById("dragBg");
|
||||||
|
const dragText = document.getElementById("dragText");
|
||||||
|
const dragHandler = document.getElementById("dragHandler");
|
||||||
|
const maxHandleOffset = dragContainer.clientWidth - dragHandler.clientWidth;
|
||||||
|
let isVertifySucc = false;
|
||||||
|
|
||||||
|
initDrag();
|
||||||
|
|
||||||
|
function initDrag() {
|
||||||
|
dragText.textContent = "拖动滑块验证";
|
||||||
|
dragHandler.addEventListener("mousedown", onDragStart);
|
||||||
|
dragHandler.addEventListener("touchstart", onDragStart);
|
||||||
|
}
|
||||||
|
|
||||||
|
function onDragStart(a) {
|
||||||
|
a.preventDefault();
|
||||||
|
if (a.type === "mousedown" || (a.type === "touchstart" && a.touches.length === 1)) {
|
||||||
|
document.addEventListener("mousemove", onDragMove);
|
||||||
|
document.addEventListener("touchmove", onDragMove);
|
||||||
|
document.addEventListener("mouseup", onDragEnd);
|
||||||
|
document.addEventListener("touchend", onDragEnd);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function onDragMove(a) {
|
||||||
|
let clientX;
|
||||||
|
if (a.type === "mousemove") {
|
||||||
|
clientX = a.clientX;
|
||||||
|
} else if (a.type === "touchmove" && a.touches.length === 1) {
|
||||||
|
clientX = a.touches[0].clientX;
|
||||||
|
}
|
||||||
|
let containerOffsetX = clientX - dragContainer.getBoundingClientRect().left;
|
||||||
|
let left = containerOffsetX - dragHandler.clientWidth / 2;
|
||||||
|
if (left < 0) {
|
||||||
|
left = 0;
|
||||||
|
} else if (left > maxHandleOffset) {
|
||||||
|
left = maxHandleOffset;
|
||||||
|
}
|
||||||
|
dragHandler.style.left = left + "px";
|
||||||
|
dragBg.style.width = dragHandler.style.left;
|
||||||
|
}
|
||||||
|
|
||||||
|
function onDragEnd() {
|
||||||
|
document.removeEventListener("mousemove", onDragMove);
|
||||||
|
document.removeEventListener("touchmove", onDragMove);
|
||||||
|
document.removeEventListener("mouseup", onDragEnd);
|
||||||
|
document.removeEventListener("touchend", onDragEnd);
|
||||||
|
|
||||||
|
if (!isVertifySucc) {
|
||||||
|
let left = dragHandler.offsetLeft;
|
||||||
|
if (left >= maxHandleOffset) {
|
||||||
|
verifySucc();
|
||||||
|
} else {
|
||||||
|
dragHandler.style.left = "0px";
|
||||||
|
dragBg.style.width = "0px";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function verifySucc() {
|
||||||
|
isVertifySucc = true;
|
||||||
|
dragText.textContent = "验证通过";
|
||||||
|
dragText.style.color = "white";
|
||||||
|
dragHandler.setAttribute("class", "dragHandlerOkBg");
|
||||||
|
dragHandler.removeEventListener("mousedown", onDragStart);
|
||||||
|
dragHandler.removeEventListener("touchstart", onDragStart);
|
||||||
|
|
||||||
|
let xhr = new XMLHttpRequest();
|
||||||
|
xhr.onreadystatechange = function () {
|
||||||
|
if (xhr.readyState === 4 && xhr.status === 200) {
|
||||||
|
window.location.reload();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
const requestUrl = "%s-%s-%s-%s-%s-";
|
||||||
|
xhr.open("GET", requestUrl, true);
|
||||||
|
xhr.send();
|
||||||
|
}
|
||||||
|
})();
|
||||||
|
};
|
File diff suppressed because one or more lines are too long
@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
]
|
||||||
|
}
|
157
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/args.json
Normal file
157
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/args.json
Normal file
@ -0,0 +1,157 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject1",
|
||||||
|
"rule": "select.+(from|limit)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject2",
|
||||||
|
"rule": "(?:(union(.*?)select))",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject3",
|
||||||
|
"rule": "having|rongjitest",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject4",
|
||||||
|
"rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject5",
|
||||||
|
"rule": "benchmark\\((.*)\\,(.*)\\)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject6",
|
||||||
|
"rule": "group\\s+by.+\\(",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject7",
|
||||||
|
"rule": "(?:from\\W+information_schema\\W)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject8",
|
||||||
|
"rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject9",
|
||||||
|
"rule": "into(\\s+)+(?:dump|out)file\\s*",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject10",
|
||||||
|
"rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "args1",
|
||||||
|
"rule": "xwork.MethodAccessor",
|
||||||
|
"type": "args",
|
||||||
|
"description": "Struts 恶意参数过滤"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "args2",
|
||||||
|
"rule": "xwork\\.MethodAccessor",
|
||||||
|
"type": "args",
|
||||||
|
"description": "Struts 恶意参数过滤"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "oneWordTrojan1",
|
||||||
|
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
|
||||||
|
"type": "oneWordTrojan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "oneWordTrojan2",
|
||||||
|
"rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
|
||||||
|
"type": "oneWordTrojan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "protocolFilter1",
|
||||||
|
"rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
|
||||||
|
"type": "protocolFilter",
|
||||||
|
"description": "协议过滤"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter1",
|
||||||
|
"rule": "(?:etc\\/\\W*passwd)",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter2",
|
||||||
|
"rule": "java\\.lang",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter3",
|
||||||
|
"rule": "(?:etc\\/\\W*shadow)",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter4",
|
||||||
|
"rule": "(?:bin\\/\\W*sh)",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "xss1",
|
||||||
|
"rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
|
||||||
|
"type": "xss"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "xss2",
|
||||||
|
"rule": "(onmouseover|onerror|onload)\\=",
|
||||||
|
"type": "xss"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "xss3",
|
||||||
|
"rule": "base64_decode\\(",
|
||||||
|
"type": "xss"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "webshell1",
|
||||||
|
"rule": "/shell?cd+/tmp;\\s*rm+-rf\\+\\*;\\s*wget",
|
||||||
|
"type": "webshell"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "phpExec1",
|
||||||
|
"rule": "/systembc/password.php",
|
||||||
|
"type": "phpExec"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "scannerFilter1",
|
||||||
|
"rule": "(Acunetix-Aspect|Acunetix-Aspect-Password|Acunetix-Aspect-Queries|X-WIPP|X-RequestManager-Memo|X-Request-Memo|X-Scan-Memo)",
|
||||||
|
"type": "scannerFilter"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
138
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/cookie.json
Normal file
138
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/cookie.json
Normal file
@ -0,0 +1,138 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter1",
|
||||||
|
"rule": "\\.\\./",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter2",
|
||||||
|
"rule": "\\:\\$",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter3",
|
||||||
|
"rule": "\\$\\{",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter4",
|
||||||
|
"rule": "(?:etc\\/\\W*passwd)",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter5",
|
||||||
|
"rule": "java\\.lang",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject1",
|
||||||
|
"rule": "select.+(from|limit)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject2",
|
||||||
|
"rule": "(?:(union(.*?)select))",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject3",
|
||||||
|
"rule": "having|rongjitest",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject4",
|
||||||
|
"rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject5",
|
||||||
|
"rule": "benchmark\\((.*)\\,(.*)\\)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject6",
|
||||||
|
"rule": "group\\s+by.+\\(",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject7",
|
||||||
|
"rule": "(?:from\\W+information_schema\\W)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject8",
|
||||||
|
"rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject9",
|
||||||
|
"rule": "into(\\s+)+(?:dump|out)file\\s*",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject10",
|
||||||
|
"rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "args1",
|
||||||
|
"rule": "xwork.MethodAccessor",
|
||||||
|
"type": "args",
|
||||||
|
"description": "Struts 恶意参数过滤"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "args2",
|
||||||
|
"rule": "xwork\\.MethodAccessor",
|
||||||
|
"type": "args",
|
||||||
|
"description": "Struts 恶意参数过滤"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "oneWordTrojan1",
|
||||||
|
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
|
||||||
|
"type": "oneWordTrojan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "oneWordTrojan2",
|
||||||
|
"rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
|
||||||
|
"type": "oneWordTrojan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "protocolFilter1",
|
||||||
|
"rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
|
||||||
|
"type": "protocolFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state":"on",
|
||||||
|
"name":"scannerFilter1",
|
||||||
|
"rule":"(CustomCookie|acunetixCookie)",
|
||||||
|
"type": "scannerFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "xss1",
|
||||||
|
"rule": "base64_decode\\(",
|
||||||
|
"type": "xss"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,10 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "uaBlock1",
|
||||||
|
"rule": "HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/",
|
||||||
|
"type": "scannerFilter"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,184 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "\\.(htaccess|mysql_history|bash_history|DS_Store|git|idea|user\\.ini)",
|
||||||
|
"name": "dirFilter1",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "\\.(bak|inc|old|mdb|sql|backup|java|class)$",
|
||||||
|
"name": "dirFilter2",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "^/(vhost|bbs|host|wwwroot|www|site|root|backup|data|ftp|db|admin|website|web).*\\.(rar|sql|zip|tar\\.gz|tar)$",
|
||||||
|
"name": "dirFilter3",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "java\\.lang",
|
||||||
|
"name": "dirFilter4",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/(hack|shell|spy|phpspy)\\.php$",
|
||||||
|
"name": "phpExec1",
|
||||||
|
"type": "phpExec"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/(attachments|upimg|images|css|uploadfiles|html|uploads|templets|static|template|data|inc|forumdata|upload|includes|cache|avatar)/(\\\\w+).(php|jsp)",
|
||||||
|
"name": "phpExec2",
|
||||||
|
"type": "phpExec"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "(?:phpMyAdmin2|phpMyAdmin|phpmyadmin|dbadmin|pma|myadmin|admin|mysql)/scripts/setup%.php",
|
||||||
|
"name": "phpExec3",
|
||||||
|
"type": "phpExec"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
|
||||||
|
"name": "oneWordTrojan1",
|
||||||
|
"type": "oneWordTrojan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "(?:(union(.*?)select))",
|
||||||
|
"name": "sqlInject1",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "(phpmyadmin|jmx-console|jmxinvokerservlet)",
|
||||||
|
"name": "appFilter1",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "wp-includes/wlwmanifest.xml",
|
||||||
|
"name": "appFilter2",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "<php>die(@md5(HelloThinkCMF))</php>",
|
||||||
|
"name": "appFilter3",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/boaform/admin/formLogin",
|
||||||
|
"name": "appFilter4",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/password_change.cgi",
|
||||||
|
"name": "appFilter5",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/service/extdirect",
|
||||||
|
"name": "appFilter6",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/api/jsonws/invoke",
|
||||||
|
"name": "appFilter7",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/jars/upload",
|
||||||
|
"name": "appFilter8",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/example/tree/a/search",
|
||||||
|
"name": "appFilter9",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/actuator/gateway/routes/hacktest",
|
||||||
|
"name": "appFilter10",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/api/v1/method.callAnon/getPasswordPolicy",
|
||||||
|
"name": "appFilter11",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/functionRouter",
|
||||||
|
"name": "appFilter12",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/uploadfiles/apache.php.jpeg",
|
||||||
|
"name": "appFilter14",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/xxx/..;/admin/",
|
||||||
|
"name": "appFilter15",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/dvwa/js/dvwaPage.js",
|
||||||
|
"name": "appFilter16",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/api/index.php/v1/config/application",
|
||||||
|
"name": "appFilter17",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/WEB-INF/web.xml",
|
||||||
|
"name": "appFilter18",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/rest/tinymce/1/macro/preview",
|
||||||
|
"name": "appFilter19",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/pages/doenterpagevariables.action",
|
||||||
|
"name": "appFilter20",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/service/rest/beta/repositories/go/group",
|
||||||
|
"name": "appFilter21",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "/dvwa/js/add_event_listeners.js",
|
||||||
|
"name": "appFilter22",
|
||||||
|
"type": "appFilter"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,34 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "php",
|
||||||
|
"name": "php",
|
||||||
|
"type": "fileExt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "jsp",
|
||||||
|
"name": "jsp",
|
||||||
|
"type": "fileExt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "asp",
|
||||||
|
"name": "asp",
|
||||||
|
"type": "fileExt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "exe",
|
||||||
|
"name": "exe",
|
||||||
|
"type": "fileExt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "sh",
|
||||||
|
"name": "sh",
|
||||||
|
"type": "fileExt"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,28 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "appFilter1",
|
||||||
|
"rule": "TomcatBypass|Command|Base64",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "appFilter2",
|
||||||
|
"rule": "j\\S*ndi\\S*:\\S*(?:dap|dns)\\S+",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "appFilter3",
|
||||||
|
"rule": "(?:etc\\/\\W*passwd)",
|
||||||
|
"type": "appFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "scannerFilter1",
|
||||||
|
"rule": "(/acunetix-wvs-test-for-some-inexistent-file|netsparker|acunetix_wvs_security_test|AppScan|XSS@HERE)",
|
||||||
|
"type": "scannerFilter"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,130 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "GET",
|
||||||
|
"name": "GET",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "POST",
|
||||||
|
"name": "POST",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "PUT",
|
||||||
|
"name": "PUT",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "DELETE",
|
||||||
|
"name": "DELETE",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "PATCH",
|
||||||
|
"name": "PATCH",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "HEAD",
|
||||||
|
"name": "HEAD",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "OPTIONS",
|
||||||
|
"name": "OPTIONS",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "TRACE",
|
||||||
|
"name": "TRACE",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "CONNECT",
|
||||||
|
"name": "CONNECT",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "PROPFIND",
|
||||||
|
"name": "PROPFIND",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "PROPPATCH",
|
||||||
|
"name": "PROPPATCH",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "MKCOL",
|
||||||
|
"name": "MKCOL",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "COPY",
|
||||||
|
"name": "COPY",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "MOVE",
|
||||||
|
"name": "MOVE",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "LOCK",
|
||||||
|
"name": "LOCK",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "UNLOCK",
|
||||||
|
"name": "UNLOCK",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "LINK",
|
||||||
|
"name": "LINK",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "UNLINK",
|
||||||
|
"name": "UNLINK",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "WRAPPED",
|
||||||
|
"name": "WRAPPED",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "PROPFIND",
|
||||||
|
"name": "PROPFIND",
|
||||||
|
"type": "httpMethod"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"rule": "SRARCH",
|
||||||
|
"name": "SRARCH",
|
||||||
|
"type": "httpMethod"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
121
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/post.json
Normal file
121
apps/openresty/1.21.4.3-2-1-focal/1pwaf/data/rules/post.json
Normal file
@ -0,0 +1,121 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject1",
|
||||||
|
"rule": "select.+(from|limit)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject2",
|
||||||
|
"rule": "(?:(union(.*?)select))",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject3",
|
||||||
|
"rule": "having|rongjitest",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject4",
|
||||||
|
"rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject5",
|
||||||
|
"rule": "benchmark\\((.*)\\,(.*)\\)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject6",
|
||||||
|
"rule": "group\\s+by.+\\(",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject7",
|
||||||
|
"rule": "(?:from\\W+information_schema\\W)",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject8",
|
||||||
|
"rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "sqlInject9",
|
||||||
|
"rule": "into(\\s+)+(?:dump|out)file\\s*",
|
||||||
|
"type": "sqlInject"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "args1",
|
||||||
|
"rule": "xwork.MethodAccessor",
|
||||||
|
"type": "args",
|
||||||
|
"description": "Struts 恶意参数过滤"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "args2",
|
||||||
|
"rule": "xwork\\.MethodAccessor",
|
||||||
|
"type": "args",
|
||||||
|
"description": "Struts 恶意参数过滤"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "oneWordTrojan1",
|
||||||
|
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
|
||||||
|
"type": "oneWordTrojan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "protocolFilter1",
|
||||||
|
"rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
|
||||||
|
"type": "protocolFilter",
|
||||||
|
"description": "协议过滤"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "oneWordTrojan2",
|
||||||
|
"rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
|
||||||
|
"type": "oneWordTrojan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "xss1",
|
||||||
|
"rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
|
||||||
|
"type": "xss"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "xss2",
|
||||||
|
"rule": "(onmouseover|onerror|onload)\\=",
|
||||||
|
"type": "xss"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "xss3",
|
||||||
|
"rule": "base64_decode\\(",
|
||||||
|
"type": "xss"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter1",
|
||||||
|
"rule": "(?:etc\\/\\W*passwd)",
|
||||||
|
"type": "dirFilter"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"state": "on",
|
||||||
|
"name": "dirFilter2",
|
||||||
|
"rule": "java\\.lang",
|
||||||
|
"type": "dirFilter"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"rules": [
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"rules": []
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"rules": []
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"rules": []
|
||||||
|
}
|
@ -35,13 +35,9 @@ http {
|
|||||||
gzip_proxied expired no-cache no-store private auth;
|
gzip_proxied expired no-cache no-store private auth;
|
||||||
gzip_disable "MSIE [1-6]\.";
|
gzip_disable "MSIE [1-6]\.";
|
||||||
|
|
||||||
lua_code_cache on;
|
|
||||||
lua_shared_dict limit 10m;
|
|
||||||
lua_package_path "/www/common/waf/?.lua;/usr/local/openresty/lualib/?.lua;";
|
|
||||||
init_by_lua_file /www/common/waf/init.lua;
|
|
||||||
|
|
||||||
limit_conn_zone $binary_remote_addr zone=perip:10m;
|
limit_conn_zone $binary_remote_addr zone=perip:10m;
|
||||||
limit_conn_zone $server_name zone=perserver:10m;
|
limit_conn_zone $server_name zone=perserver:10m;
|
||||||
|
|
||||||
include /usr/local/openresty/nginx/conf/conf.d/*.conf;
|
include /usr/local/openresty/nginx/conf/conf.d/*.conf;
|
||||||
|
include /usr/local/openresty/1pwaf/data/conf/waf.conf;
|
||||||
}
|
}
|
@ -1,7 +1,7 @@
|
|||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
openresty:
|
openresty:
|
||||||
image: openresty/openresty:1.21.4.3-0-focal
|
image: 1panel/openresty:1.21.4.3-2-1-focal
|
||||||
container_name: ${CONTAINER_NAME}
|
container_name: ${CONTAINER_NAME}
|
||||||
restart: always
|
restart: always
|
||||||
network_mode: host
|
network_mode: host
|
||||||
@ -14,5 +14,6 @@ services:
|
|||||||
- ./www:/www
|
- ./www:/www
|
||||||
- ./root:/usr/share/nginx/html
|
- ./root:/usr/share/nginx/html
|
||||||
- /etc/localtime:/etc/localtime
|
- /etc/localtime:/etc/localtime
|
||||||
|
- ./1pwaf/data:/usr/local/openresty/1pwaf/data
|
||||||
labels:
|
labels:
|
||||||
createdBy: "Apps"
|
createdBy: "Apps"
|
Loading…
Reference in New Issue
Block a user