It works not good as I expected #332
Description
I want to study lua-resty-waf, some how I find that there is no interception function when deployed to the website. . . (Laughs) Isn't my installation wrong?
And I also used someone else's Docker, https://github.com/Kusumoto/docker-openresty, it worked correctly, and I found that I could n’t intercept some basic rules. Describe in detail:
90000_custom.json line 171 has a (should be) a rule to block a specific UA, but I used postman to disguise this UA, User-Agent: Mozilla / 5.0 (compatible; Zollard; Linux), and found that it is not useful at all.
This is my nginx.conf:
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
init_by_lua_block {
-- use resty.core for performance improvement, see the status note above
require "resty.core"
-- require the base module
local lua_resty_waf = require "resty.waf"
-- this translates and calculates a ruleset called 'ruleset_name'
local ok, errs = pcall(function()
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/11000_whitelist.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/20000_http_violation.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/21000_http_anomaly.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/35000_user_agent.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/40000_generic_attack.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/41000_sqli.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/42000_xss.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/90000_custom.json")
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/99000_scoring.json")
end)
-- errs is an array-like table
if errs then
for i = 1, #errs do
ngx.log(ngx.ERR, errs[i])
end
end
-- perform some preloading and optimization
lua_resty_waf.init()
}
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
# location / {
# root html;
# index index.html index.htm;
# }
location / {
access_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:set_option("add_ruleset", "11000_whitelist.json")
waf:set_option("add_ruleset", "20000_http_violation.json")
waf:set_option("add_ruleset", "21000_http_anomaly.json")
waf:set_option("add_ruleset", "35000_user_agent.json")
waf:set_option("add_ruleset", "40000_generic_attack.json")
waf:set_option("add_ruleset", "41000_sqli.json")
waf:set_option("add_ruleset", "42000_xss.json")
waf:set_option("add_ruleset", "90000_custom.json")
waf:set_option("add_ruleset", "99000_scoring.json")
-- define options that will be inherited across all scopes
waf:set_option("debug", false)
waf:set_option("mode", "ACTIVE")
-- this may be desirable for low-traffic or testing sites
-- by default, event logs are not written until the buffer is full
-- for testing, flush the log buffer every 5 seconds
--
-- this is only necessary when configuring a remote TCP/UDP
-- socket server for event logs. otherwise, this is ignored
waf:set_option("event_log_periodic_flush", 5)
-- run the firewall
waf:exec()
}
header_filter_by_lua_block {
local lua_resty_waf = require "resty.waf"
-- note that options set in previous handlers (in the same scope)
-- do not need to be set again
local waf = lua_resty_waf:new()
waf:exec()
}
body_filter_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:exec()
}
log_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:exec()
}
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Thanks to you looking in my question.