@@ -65,127 +65,129 @@ http {
6565waf的配置文件位于` /usr/local/openresty/nginx/conf/waf/config.lua ` 中,详细的配置项如下:
6666
6767``` lua
68- -- WAF config file, enable = "on", disable = "off"
68+
69+ -- WAF config file, enable = "on", disable = "off"
70+
6971local _M = {
70- -- waf status
72+ -- waf status
7173 config_waf_enable = " on"
72- -- log dir
73- config_log_dir = " /tmp/waf_logs"
74- -- rule setting
75- config_rule_dir = " /usr/local/openresty/nginx/conf/waf/rules"
76- -- enable/disable white url
77- config_white_url_check = " on"
78- -- enable/disable white ip
79- config_white_ip_check = " on"
80- -- enable/disable block ip
81- config_black_ip_check = " on"
82- -- enable/disable url filtering
83- config_url_check = " on"
84- -- enalbe/disable url args filtering
85- config_url_args_check = " on"
86- -- enable/disable user agent filtering
87- config_user_agent_check = " on"
88- -- enable/disable cookie deny filtering
89- config_cookie_check = " on"
90- -- enable/disable cc filtering
91- config_cc_check = " on"
92- -- cc rate the xxx of xxx seconds
93- config_cc_rate = " 10/60"
94- -- enable/disable post filtering
95- config_post_check = " on"
96- -- config waf output redirect/html/jinghuashuiyue
97- config_waf_model = " html"
98- -- if config_waf_output ,setting url
99- config_waf_redirect_url = " http://xsec.io"
100- config_expire_time = 600 ,
101- config_output_html = [[
102- <html >
103- <head>
74+ -- log dir
75+ config_log_dir = " /tmp/waf_logs"
76+ -- rule setting
77+ config_rule_dir = " /usr/local/openresty/nginx/conf/waf/rules"
78+ -- enable/disable white url
79+ config_white_url_check = " on"
80+ -- enable/disable white ip
81+ config_white_ip_check = " on"
82+ -- enable/disable block ip
83+ config_black_ip_check = " on"
84+ -- enable/disable url filtering
85+ config_url_check = " on"
86+ -- enalbe/disable url args filtering
87+ config_url_args_check = " on"
88+ -- enable/disable user agent filtering
89+ config_user_agent_check = " on"
90+ -- enable/disable cookie deny filtering
91+ config_cookie_check = " on"
92+ -- enable/disable cc filtering
93+ config_cc_check = " on"
94+ -- cc rate the xxx of xxx seconds
95+ config_cc_rate = " 10/60"
96+ -- enable/disable post filtering
97+ config_post_check = " on"
98+ -- config waf output redirect/html/jinghuashuiyue
99+ config_waf_model = " html"
100+ -- if config_waf_output ,setting url
101+ config_waf_redirect_url = " http://xsec.io"
102+ config_expire_time = 600 ,
103+ config_output_html = [[
104+ <html>
105+ <head>
104106 <meta charset="UTF-8">
105107 <title>xsec waf</title>
106108 <style type="text/css">
107- body {
108- font-family: "Helvetica Neue", Helvetica, Arial;
109- font-size: 14px;
110- line-height: 20px;
111- font-weight: 400;
112- color: #3b3b3b;
113- -webkit-font-smoothing: antialiased;
114- font-smoothing: antialiased;
115- background: #f6f6f6;
116- }
117- .wrapper {
118- margin: 0 auto;
119- padding: 40px;
120- max-width: 980px;
121- }
122- .table {
123- margin: 0 0 40px 0;
124- box-shadow: 0 1px 3px rgba(0, 0, 0, 0.2);
125- display: table;
126- }
127- @media screen and (max-width: 580px) {
128- .table {
129- display: block;
130- }
131- }
132- .row {
133- display: table-row;
134- background: #f6f6f6;
135- }
136- .row:nth-of-type(odd) {
137- background: #e9e9e9;
138- }
139- .row.header {
140- font-weight: 900;
141- color: #ffffff;
142- background: #ea6153;
143- }
144- .row.green {
145- background: #27ae60;
146- }
147- .row.yellow {
148- background: #FF8C00;
149- }
150- @media screen and (max-width: 580px) {
151- .row {
152- padding: 8px 0;
153- display: block;
154- }
155- }
156- .cell {
157- padding: 6px 12px;
158- display: table-cell;
159- }
160- @media screen and (max-width: 580px) {
161- .cell {
162- padding: 2px 12px;
163- display: block;
164- }
165- }
166- </style>
167- </head>
168- <body>
169- <div class="wrapper">
170- <div class="table">
171- <div class="row header yellow">
172- <div class="cell">
173- 您的IP为 %s
174- </div>
175- <div class="cell">
176- 欢迎在遵守白帽子道德准则的情况下进行安全测试。
177- </div>
178- <div class="cell">
179- 109+ body {
110+ font-family: "Helvetica Neue", Helvetica, Arial;
111+ font-size: 14px;
112+ line-height: 20px;
113+ font-weight: 400;
114+ color: #3b3b3b;
115+ -webkit-font-smoothing: antialiased;
116+ font-smoothing: antialiased;
117+ background: #f6f6f6;
118+ }
119+ .wrapper {
120+ margin: 0 auto;
121+ padding: 40px;
122+ max-width: 980px;
123+ }
124+ .table {
125+ margin: 0 0 40px 0;
126+ box-shadow: 0 1px 3px rgba(0, 0, 0, 0.2);
127+ display: table;
128+ }
129+ @media screen and (max-width: 580px) {
130+ .table {
131+ display: block;
132+ }
133+ }
134+ .row {
135+ display: table-row;
136+ background: #f6f6f6;
137+ }
138+ .row:nth-of-type(odd) {
139+ background: #e9e9e9;
140+ }
141+ .row.header {
142+ font-weight: 900;
143+ color: #ffffff;
144+ background: #ea6153;
145+ }
146+ .row.green {
147+ background: #27ae60;
148+ }
149+ .row.yellow {
150+ background: #FF8C00;
151+ }
152+ @media screen and (max-width: 580px) {
153+ .row {
154+ padding: 8px 0;
155+ display: block;
156+ }
157+ }
158+ .cell {
159+ padding: 6px 12px;
160+ display: table-cell;
161+ }
162+ @media screen and (max-width: 580px) {
163+ .cell {
164+ padding: 2px 12px;
165+ display: block;
166+ }
167+ }
168+ </style>
169+ </head>
170+ <body>
171+ <div class="wrapper">
172+ <div class="table">
173+ <div class="row header yellow">
174+ <div class="cell">
175+ 您的IP为 %s
176+ </div>
177+ <div class="cell">
178+ 欢迎在遵守白帽子道德准则的情况下进行安全测试。
179+ </div>
180+ <div class="cell">
181+ 182+ </div>
183+ </div>
180184 </div>
181185 </div>
182- </div>
183-
184- </div>
185- </body>
186- </html>
187- ]]
186+ </body>
187+ </html>
188+ ]] ,
188189}
190+
189191return _M
190192```
191193
0 commit comments