Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

url_args_attack_check功能报错,请大神帮忙解决 #9

Open
Sirius2016 opened this issue Aug 23, 2017 · 5 comments
Open

url_args_attack_check功能报错,请大神帮忙解决 #9

Sirius2016 opened this issue Aug 23, 2017 · 5 comments

Comments

@Sirius2016
Copy link

waf的url_args_attack_check功能报错,请大神帮忙解决。
报错详细如下:

[C]: in function 'concat'
/usr/local/openresty1.11/nginx/conf/waf/init.lua:130: in function 'url_args_attack_check'
/usr/local/openresty1.11/nginx/conf/waf/access.lua:11: in function 'waf_main'
/usr/local/openresty1.11/nginx/conf/waf/access.lua:18: in function </usr/local/openresty1.11/nginx/conf/waf/access.lua:1>, client: 118.91.92.132, server: g.share.com, request: "GET /gamepage/egg.php?lxt&&cd=0&lt=d96628e0ads&vs=0 HTTP/1.1", host: "g.share.com"
@inbjo
Copy link

inbjo commented Feb 15, 2023

修改waf/init.lua 文件
RGS_DATA = table.concat(val, " ") 上面追加:

for k,v in ipairs(val) do
    if type(v) == "boolean" then
         table.remove(val,k)
    end
end

完整代码

function url_args_attack_check()
    if config_url_args_check == "on" then
        local ARGS_RULES = get_rule('args.rule')
        for _,rule in pairs(ARGS_RULES) do
            local REQ_ARGS = ngx.req.get_uri_args()
            for key, val in pairs(REQ_ARGS) do
                if type(val) == 'table' then
                     for k,v in ipairs(val) do
                       if type(v) == "boolean" then
                           table.remove(val,k)
                       end
                    end
                    ARGS_DATA = table.concat(val, " ")
                else
                    ARGS_DATA = val
                end
                if ARGS_DATA and type(ARGS_DATA) ~= "boolean" and rule ~="" and rulematch(unescape(ARGS_DATA),rule,"jo") then
                    log_record('Deny_URL_Args',ngx.var.request_uri,"-",rule)
                    if config_waf_enable == "on" then
                        waf_output()
                        return true
                    end
                end
            end
        end
    end
    return false
end

@dqzboy
Copy link

dqzboy commented Feb 19, 2023

修改waf/init.lua 文件 在RGS_DATA = table.concat(val, " ") 上面追加:

for k,v in ipairs(val) do
    if type(v) == "boolean" then
         table.remove(val,k)
    end
end

完整代码

function url_args_attack_check()
    if config_url_args_check == "on" then
        local ARGS_RULES = get_rule('args.rule')
        for _,rule in pairs(ARGS_RULES) do
            local REQ_ARGS = ngx.req.get_uri_args()
            for key, val in pairs(REQ_ARGS) do
                if type(val) == 'table' then
                     for k,v in ipairs(val) do
                       if type(v) == "boolean" then
                           table.remove(val,k)
                       end
                    end
                    ARGS_DATA = table.concat(val, " ")
                else
                    ARGS_DATA = val
                end
                if ARGS_DATA and type(ARGS_DATA) ~= "boolean" and rule ~="" and rulematch(unescape(ARGS_DATA),rule,"jo") then
                    log_record('Deny_URL_Args',ngx.var.request_uri,"-",rule)
                    if config_waf_enable == "on" then
                        waf_output()
                        return true
                    end
                end
            end
        end
    end
    return false
end

大佬。关于这个问题你遇到过吗?openresty 1.20版本

@dqzboy
Copy link

dqzboy commented Feb 19, 2023

[warn] 4042011#4042011: *961242 [lua] _G write guard:12: __newindex(): writing a global Lua variable ('CLIENT_IP') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables stack traceback: /usr/local/openresty/nginx/conf/waf/lib.lua:9: in function 'get_client_ip' /usr/local/openresty/nginx/conf/waf/init.lua:63: in function 'cc_attack_check' /usr/local/openresty/nginx/conf/waf/access.lua:7: in function 'waf_main'

@inbjo
Copy link

inbjo commented Feb 22, 2023

[warn] 4042011#4042011: *961242 [lua] _G write guard:12: __newindex(): writing a global Lua variable ('CLIENT_IP') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables stack traceback: /usr/local/openresty/nginx/conf/waf/lib.lua:9: in function 'get_client_ip' /usr/local/openresty/nginx/conf/waf/init.lua:63: in function 'cc_attack_check' /usr/local/openresty/nginx/conf/waf/access.lua:7: in function 'waf_main'

修改lib.lua 代码, CLIENT_IP 加个local 修饰就好了

function get_client_ip()
    local CLIENT_IP = ngx.req.get_headers()["X_real_ip"]
    if CLIENT_IP == nil then
        CLIENT_IP = ngx.req.get_headers()["X_Forwarded_For"]
    end
    if CLIENT_IP == nil then
        CLIENT_IP  = ngx.var.remote_addr
    end
    if CLIENT_IP == nil then
        CLIENT_IP  = "unknown"
    end
    return CLIENT_IP
end

推荐使用这个库 https://github.com/xsec-lab/x-waf 基于这个仓库优化了一遍代码代码规范的多。 不过还是存在url_args_attack_check 报错问题 记得加上我打的补丁就好了。

@dqzboy
Copy link

dqzboy commented Feb 27, 2023

谢谢大佬

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@inbjo @Sirius2016 @dqzboy