优化

README.md

@@ -77,11 +77,11 @@ nginx: configuration file /usr/local/openresty-1.11.2.5/nginx/conf/nginx.conf te
 
 
 ###规则更新：
-     提供了后台管理 界面 http://xxxxxxx:81
-     登录  admin  admin
-     Web防护 ---- 黑名单/白名单----- 规则重置 
-     将文件中的初始规则 写入 lua 缓存，同时在这个后台可以实时修改 添加  删除 规则
-
+    <pre>
+     提供了后台管理 界面 http://xxxxxxx:81    登录  admin  admin
+
+     Web防护 ---- 黑名单/白名单----- 规则重置       将文件中的初始规则 写入 lua 缓存，同时在这个后台可以实时修改 添加  删除 规则
+    </pre>
 
 ###一些说明：
 

nginx.conf

@@ -52,7 +52,7 @@ http {
 #            proxy_set_header Host $host;
             # proxy_set_header X-Real-IP $remote_addr;
 #            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-#            proxy_pass http://59.110.213.45:80;
+#            proxy_pass http://xx.xx.xx.xx:80;
             root   ft-waf;
             index  index.html index.htm;
         	}

util/util.lua

@@ -38,17 +38,17 @@ function _M.get_rule_files(rules_path)
     end
     return rule_files
 end
+
 -- if key exists
 function _M.rdskeyexists(key)
-   local res ,err =  redisop.zcount(key,0,100)
+    local res, err = redisop.zcount(key, 0, 100)
     if tonumber(res) > 0 then
         return true
     else
         return false
     end
-
-
 end
+
 --config from file to redis
 function _M.rules_to_redis(rules_path)
     local rule_files = _M.get_rule_files(rules_path)
@@ -64,8 +64,7 @@ function _M.rules_to_redis(rules_path)
         if table_rules ~= nil then
             for _, table_rule in pairs(table_rules) do
                 local score = _M.cacheInc()
-                redisop.zadd(rule_name,score,cjson.encode(table_rule))
-
+                redisop.zadd(rule_name, score, cjson.encode(table_rule))
             end
         end
     end
@@ -83,7 +82,7 @@ function _M.get_rules(rules_path)
     end
 
     for rule_name, rule_file in pairs(rule_files) do
-        local res ,err = redisop.zrevrange(rule_name,'0','-1')
+        local res, err = redisop.zrevrange(rule_name, '0', '-1')
         local json_rules = res.body
         local t_rule = {}
         local table_rules = cjson.decode(json_rules)
@@ -95,8 +94,8 @@ function _M.get_rules(rules_path)
         end
         local limit = ngx.shared.limit
         local dataj = cjson.encode(t_rule)
-        limit:set(rule_name,cjson.encode(t_rule))
-        ngx.log(ngx.ERR,rule_name..':----:'..limit:get(rule_name))
+        limit:set(rule_name, cjson.encode(t_rule))
+        ngx.log(ngx.ERR, rule_name .. ':----:' .. limit:get(rule_name))
         _M.RULE_TABLE[rule_name] = t_rule
     end
     return (_M.RULE_TABLE)
@@ -141,7 +140,7 @@ function _M.log_record(config_log_dir, attack_type, url, data, ruletag)
     local user_agent = _M.get_user_agent()
     local server_name = ngx.var.server_name
     local local_time = ngx.localtime()
-    local  logtime =  os.time()
+    local logtime = os.time()
     local log_json_obj = {
         client_ip = client_IP,
         local_time = local_time,
@@ -153,30 +152,29 @@ function _M.log_record(config_log_dir, attack_type, url, data, ruletag)
         rule_tag = ruletag,
     }
 
-    local log_line = cjson.encode(log_json_obj)
     local score = _M.cacheInc()
-
-
-    local logerr = redisop.zadd('ft_log_'..attack_type,score,log_line..'')
+    log_json_obj['score'] = score
+    log_json_obj['filename'] = 'ft_log_' .. attack_type
+    local log_line = cjson.encode(log_json_obj)
+    local logerr = _M.addlog2file();
     if logerr then
-        ngx.log(ngx.ERR,logerr)
+        ngx.log(ngx.ERR, logerr)
     end
 
-        --针对 CC攻击的IP 进行计数
+    --针对 CC攻击的IP 进行计数
     if attack_type == 'CC_Attack' then
-        redisop.CCattackInc('top_cc_attack',1,client_IP)
+        redisop.CCattackInc('top_cc_attack', 1, client_IP)
     end
 end
 
 
 -- WAF response
 function _M.waf_output()
 
-        ngx.header.content_type = "text/html"
-        ngx.status = ngx.HTTP_FORBIDDEN
-        ngx.say(string.format(config.config_output_html, _M.get_client_ip()))
-        ngx.exit(ngx.status)
-
+    ngx.header.content_type = "text/html"
+    ngx.status = ngx.HTTP_FORBIDDEN
+    ngx.say(string.format(config.config_output_html, _M.get_client_ip()))
+    ngx.exit(ngx.status)
 end
 
 -- set bad guys ip to ngx.shared dict
@@ -189,23 +187,36 @@ function _M.set_bad_guys(bad_guy_ip, expire_time)
         badGuys:set(bad_guy_ip, 1, expire_time)
     end
 end
+
 -- nginx cache 计数器
 function _M.cacheInc()
     local limitinc = ngx.shared.limit
     local incData = limitinc:get("ft_inc")
-    if(incData==nil or tonumber(incData)<100) then
+    if (incData == nil or tonumber(incData) < 100) then
         local time = os.time()
-        limitinc:set("ft_inc",time-1533016650)
-       local res ,err  = limitinc:incr("ft_inc",1)
-        return  res
+        limitinc:set("ft_inc", time - 1533016650)
+        local res, err = limitinc:incr("ft_inc", 1)
+        return res
     end
-    local res ,err = limitinc:incr("ft_inc",1)
+    local res, err = limitinc:incr("ft_inc", 1)
     return res
-
 end
+
 function _M.cjson_decode(str)
     return cjson.decode(str)
 end
 
+function _M.addlog2file(value)
+    local LOG_LINE = value
+    local LOG_NAME = "/usr/local/openresty/nginx/logs/ft_waf.log"
+    local file = io.open(LOG_NAME, "a")
+    if file == nil then
+        return
+    end
+    file:write(LOG_LINE .. "\n")
+    file:flush()
+    file:close()
+end
+
 
 return _M

util/waf.lua

@@ -125,7 +125,10 @@ function _M.cc_attack_check()
                  CCseconds = tonumber(string.match(rule, '/(.*)'))
             end
         end
-
+        --当次数为0时表示解除CC攻击
+        if CCcount~= nil and CCcount ==0 then
+            return false
+        end
         local ATTACK_URI = ngx.var.uri
         local CC_TOKEN = util.get_client_ip() .. ATTACK_URI