-
Notifications
You must be signed in to change notification settings - Fork 0
/
function.lua
186 lines (159 loc) · 6.12 KB
/
function.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
-- 函数判断规则
preg_find = ngx.re.find
preg_match = ngx.re.match
-- 载入配置文件
require "config"
-- 获取客户端IP
function getClientIp()
local headers = ngx.req.get_headers()
local clientIp = nil
if type(headers["X-Forwarded-For"]) == "table" then
clientIp = headers["X-Forwarded-For"][1]
else
clientIp = headers["X-Forwarded-For"]
end
if clientIp == nil then
clientIp = headers["X-Real-IP"]
end
if clientIp == nil then
clientIp = ngx.var.remote_addr
end
if preg_find(clientIp,",") then
local pos = string.find(clientIp, ",", 1)
clientIp = string.sub(clientIp,1,pos-1)
end
return clientIp
end
-- 根据ip地址获取国家
function getCountry()
local geo = require "maxminddb"
if not geo.initted() then
geo.init(geo_path)
end
local res,err=geo.lookup(getClientIp())
if not res then
return false
else
return res["code"]
end
end
-- IP校验
function ipCheck(ipAddress,ipValue)
local ipmatcher = require "ipmatcher"
local ip, err = ipmatcher.new_with_value(ipValue)
local data, err = ip:match(ipAddress)
if data then
return true
else
return false
end
end
-- 验证蜘蛛真假
function botsCheckResult(userAgent,clientIp)
-- 获取匹配的蜘蛛名称
local botAgent,err = preg_match(userAgent,config_bots_white_value,"ijo")
-- 验证规则
local botAgentRule = config_bots_check_value[botAgent[0]]
if type(botAgentRule) == "table" then
local ipmatcher = require "ipmatcher"
local ip, err = ipmatcher.new(botAgentRule)
local data, err = ip:match(clientIp)
if data then
return true
else
return false
end
else
-- 验证蜘蛛真假,host 反查ip
local handle = io.popen("host " ..clientIp)
local result = handle:read("*all")
handle:close()
--检查是否包含验证域名
if preg_find(result,botAgentRule,"ijo") then
return true
else
return false
end
end
end
-- 关闭redis连接
function close_redis(red)
-- 若果redis未连接
if not red then
return
end
--释放连接(连接池实现)
local pool_max_idle_time = 10000 --毫秒
local pool_size = 100 --连接池大小
-- 判断redis连接池
local ok, err = red:set_keepalive(pool_max_idle_time, pool_size)
if not ok then
ngx.say("错误:redis连接池已断开")
-- 终止执行
return ngx.exit(ngx.HTTP_OK)
end
end
--获取扩展名
function getExt()
local url = ngx.var.uri
local ext = url:match(".+%.(%w+)$")
if ext == nil then
ext = url:match(".+%.(%w+)%?%w+$")
end
if ext == nil then
ext = url:match(".+%.(%w+)%?%w=%w+$")
end
return ext
end
-- 获取请求参数
function getLogs()
local time = os.date("%Y-%m-%d %H:%M:%S")
local lua_logs = {}
-- 记录参数到 log_by_lua 段处理
lua_logs["host"] = ngx.re.sub(ngx.var.host,"www.","")
local status = ngx.status
if status == 0 then
status = 200
end
lua_logs["status"] = status
lua_logs["time"] = time
lua_logs["client"] = getClientIp()
lua_logs["remote"] = ngx.var.remote_addr
local headers = ngx.req.get_headers()
lua_logs["xffip"] = headers["X-Forwarded-For"]
lua_logs["cfip"] = headers["CF-Connecting-IP"]
lua_logs["uri"] = ngx.var.request_uri
lua_logs["method"] = ngx.var.request_method
-- 开启获取body数据
ngx.req.read_body()
lua_logs["post"] = ngx.req.get_body_data() or ""
lua_logs["agent"] = ngx.var.http_user_agent
lua_logs["header"] = ngx.req.get_headers()
return lua_logs
end
-- 提示内容
function sayHtml(title,msg)
-- 获取当前服务器时间
local time = os.date("%Y-%m-%d %H:%M:%S")
if config_status == "waf" or config_status == "logs" then
ngx.ctx.type = logs_type
local waf_logs = getLogs()
waf_logs["type"] = msg
ngx.ctx.waf = waf_logs
ngx.ctx.waf_path = waf_logs_dir
end
if config_status == "waf" then
-- 判断是否启用统一返回信息
if config_msg ~= "" then
msg = config_msg
end
if config_weihu == "on" then
ngx.status = 200
msg = config_weihu_msg
else
ngx.status = 403
end
ngx.say("<!doctype html><html><head><meta charset='utf-8'><title>安全组件拦截提示</title><style>* {-webkit-box-sizing: border-box;-moz-box-sizing: border-box;box-sizing: border-box;}html {font-family:sans-serif;font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0);}li{color:cadetblue;font-size:24px;}body{margin:0;font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff;}.container{max-width: 1200px;width:80%;margin:0px auto;}.jumbotron {margin-bottom: 30px;color: inherit;background-color: #eee;border-radius: 6px;padding: 48px 60px;}.jumbotron .h1, .jumbotron h1 {font-size: 60px;}.panel {margin-bottom: 20px;background-color: #fff;border: 1px solid transparent;border-radius: 4px;-webkit-box-shadow: 0 1px 1px rgba(0,0,0,.05);box-shadow: 0 1px 1px rgba(0,0,0,.05);}.panel-success {border-color: #d6e9c6;}.panel-success>.panel-heading {color: #3c763d;background-color: #dff0d8;border-color: #d6e9c6;}.panel-error{background-color:#dff0d8;border-color: #d6e9c6;color:gray;}.panel-heading {text-align:center;padding: 10px 15px;border-bottom: 1px solid transparent;border-top-left-radius: 3px;border-top-right-radius: 3px;}.jumbotron p {margin-bottom: 15px;font-size: 21px;font-weight: 200;}</style></head><body><div class='container' style='margin-top:9%;'><div class='jumbotron'><div class='panel panel-error'><div class='panel-heading' style='font-size: 60px;'>",title,"</div></div><div class='panel panel-success'><div class='panel-heading'><h1>",msg,"</h1></div></div><p style='text-align:center;margin-top:50px;'>时间: ",time," IP信息: ",getClientIp(),"</p></div></div></body></html>")
return ngx.exit(ngx.HTTP_OK)
end
end