Cavemanon/Nginx-Lua-Anti-DDoS
8
Fork 0
mirror of https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS.git synced 2023-12-14 04:31:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update anti_ddos_challenge.lua

Browse Source 
WAF Web Application Firewall Improvement POST Data Filter : make both the values provided by connecting clients be regex patterns if need be. Allows for a wider scope of matching and stronger security over previous way i was doing it. Previously i was only matching the values for regex now you can match both keys and values for regex.
This commit is contained in:
C0nw0nk
2020-04-05 21:30:20 +01:00
committed by GitHub
parent a676eb63e6
commit 38273f533f
1 changed files with 16 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lua/anti_ddos_challenge.lua
View File

@ -532,12 +532,12 @@ Highly usefull for protecting your web application and backends from attacks zer
local WAF_POST_Request_table = { local WAF_POST_Request_table = {
--[[ --[[
{ {
"task", --match post data in requests with value task "^task$", --match post data in requests with value task
".*", --matching any ".*", --matching any
}, },
{ {
"name1", --exact match "^name1$", --regex match
"Henry", --regex or exact match "^.*y$", --regex or exact match
}, },
]] ]]
} }
@ -1289,31 +1289,27 @@ local function WAF_Post_Requests()
if next(args) ~= nil then --Check Post args table has contents if next(args) ~= nil then --Check Post args table has contents
local arguement1 = nil --create empty variable
local arguement2 = nil --create empty variable
local WAF_POST_Request_table_length = #WAF_POST_Request_table local WAF_POST_Request_table_length = #WAF_POST_Request_table
for i=1,WAF_POST_Request_table_length do for key, value in next, args do
local value = WAF_POST_Request_table[i] --put table value into variable local arguement1 = nil --create empty variable
local argument_name = value[1] or "" --get the WAF TABLE argument name or empty local arguement2 = nil --create empty variable
local argument_value = value[2] or "" --get the WAF TABLE arguement value or empty
local args_name = nil --variable to store POST data argument name for i=1,WAF_POST_Request_table_length do
local args_value = nil --variable to store POST data argument value local value = WAF_POST_Request_table[i] --put table value into variable
if args[argument_name] then local argument_name = value[1] or "" --get the WAF TABLE argument name or empty
args_name = argument_name --get the POST data argument name local argument_value = value[2] or "" --get the WAF TABLE arguement value or empty
args_value = args[argument_name] --get the POST data argument value local args_name = tostring(key) or "" --variable to store POST data argument name
if string.match(argument_name, args_name) then --if the argument name in my table matches the one in the POST request local args_value = tostring(value) or "" --variable to store POST data argument value
if string.match(args_name, argument_name) then --if the argument name in my table matches the one in the POST request
arguement1 = 1 arguement1 = 1
end end
if string.match(argument_value, args_value) then --if the argument value in my table matches the one the POST request if string.match(args_value, argument_value) then --if the argument value in my table matches the one the POST request
arguement2 = 1 arguement2 = 1
end end
if arguement1 and arguement2 then --if what would of been our empty vars have been changed to not empty meaning a WAF match then block the request if arguement1 and arguement2 then --if what would of been our empty vars have been changed to not empty meaning a WAF match then block the request
local output = ngx.exit(ngx.HTTP_FORBIDDEN) --deny user access local output = ngx.exit(ngx.HTTP_FORBIDDEN) --deny user access
return output return output
end end
else
--do nothing
end end
end end
end end