forked from ADD-SP/ngx_waf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config
199 lines (159 loc) · 5.53 KB
/
config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
ngx_addon_name=ngx_http_waf_module
deps="$ngx_addon_dir/inc/ngx_http_waf_module_check.h \
$ngx_addon_dir/inc/ngx_http_waf_module_config.h \
$ngx_addon_dir/inc/ngx_http_waf_module_core.h \
$ngx_addon_dir/inc/ngx_http_waf_module_macro.h \
$ngx_addon_dir/inc/ngx_http_waf_module_type.h \
$ngx_addon_dir/inc/ngx_http_waf_module_util.h \
$ngx_addon_dir/inc/ngx_http_waf_module_ip_trie.h \
$ngx_addon_dir/inc/ngx_http_waf_module_token_bucket_set.h \
$ngx_addon_dir/inc/ngx_http_waf_module_mem_pool.h \
$ngx_addon_dir/inc/ngx_http_waf_module_lru_cache.h \
$ngx_addon_dir/inc/ngx_http_waf_module_under_attack.h"
srcs="$ngx_addon_dir/src/ngx_http_waf_module_core.c \
$ngx_addon_dir/inc/libinjection/src/libinjection_html5.c \
$ngx_addon_dir/inc/libinjection/src/libinjection_sqli.c \
$ngx_addon_dir/inc/libinjection/src/libinjection_xss.c"
ngx_http_waf_module_libs=""
ngx_http_waf_module_inc_path="$ngx_addon_dir/inc "
if [ -n "$LIB_UTHASH" ] ; then
ngx_http_waf_module_inc_path="${ngx_http_waf_module_inc_path} ${LIB_UTHASH}/include"
fi
# Check if the uthash library is installed.
ngx_feature="uthash library"
ngx_feature_name=
ngx_feature_run=no
ngx_feature_path=$ngx_http_waf_module_inc_path
ngx_feature_incs="#include <uthash.h>"
ngx_feature_libs=$ngx_http_waf_module_libs
ngx_feature_test=
. auto/feature
if [ $ngx_found = no ] ; then
PWD=$(pwd)
cat << END
$0: error: the $ngx_addon_name module requires the $ngx_feature.
Please run:
On Ubuntu or Debian:
apt-get update && apt-get install --yes uthash-dev
On Alpine:
apk update && apk add uthash-dev
On other OS:
cd /usr/local/src \\
&& git clone https://github.com/troydhanson/uthash.git \\
&& export LIB_UTHASH=/usr/local/src/uthash \\
&& cd $PWD
END
PWD=''
exit 1
fi
# Check if the C compiler supports the C99 standard.
ngx_feature="C99 features"
ngx_feature_name=
ngx_feature_run=yes
ngx_feature_path=$ngx_http_waf_module_inc_path
ngx_feature_incs=
ngx_feature_libs=$ngx_http_waf_module_libs
ngx_feature_test=$(cat << END
/* Declare variables in loops. */
for(int i = 0; i < 10; i++) {}
int i = 0, j = 0;
/* Short-circuit operation for logical expressions. */
if (i == 0 || !(j = 1)) {}
if (j == 1) { return 1; }
j = 0;
if (i != 0 && !(j = 1)) {}
if (j == 1) { return 1; }
END
)
. auto/feature
if [ $ngx_found = no ] ; then
cat << END
$0: error: the $ngx_addon_name module requires the $ngx_feature, make sure your C compiler supports and enables the C99 standard.
For gcc, you can enable the C99 standard by appending the parameter --with-cc-opt='-std=gnu99'.
END
exit 1
fi
# Check if libinjection exists.
ngx_feature="injection library"
ngx_feature_name=
ngx_feature_run=no
ngx_feature_path=$ngx_http_waf_module_inc_path
ngx_feature_incs=$(cat << END
#include <libinjection/src/libinjection.h>
#include <libinjection/src/libinjection_sqli.h>
END
)
ngx_feature_libs=$ngx_http_waf_module_libs
ngx_feature_test=
. auto/feature
if [ $ngx_found = no ] ; then
PWD=$(pwd)
cat << END
$0: error: the $ngx_addon_name module requires the $ngx_feature.
Please run cd $ngx_addon_dir && git clone https://github.com/libinjection/libinjection.git inc/libinjection && cd $PWD
END
PWD=''
exit 1
fi
if [ -n "$LIB_SODIUM" ] ; then
ngx_http_waf_module_inc_path="${ngx_http_waf_module_inc_path} ${LIB_SODIUM}/include"
ngx_http_waf_module_libs=" ${ngx_http_waf_module_libs} -L ${LIB_SODIUM}/lib -Wl,-Bstatic -l sodium -Wl,-Bdynamic "
else
ngx_http_waf_module_libs=" ${ngx_http_waf_module_libs} -l sodium "
fi
# Check if libsodium exists.
ngx_feature="sodium library"
ngx_feature_name=
ngx_feature_run=no
ngx_feature_path=$ngx_http_waf_module_inc_path
ngx_feature_incs='#include <sodium.h>'
ngx_feature_libs=$ngx_http_waf_module_libs
ngx_feature_test=
. auto/feature
if [ $ngx_found = no ] ; then
PWD=$(pwd)
cat << END
$0: error: the $ngx_addon_name module requires the $ngx_feature.
Please run:
On Ubuntu or Debian:
apt-get update && apt-get install --yes libsodium23 libsodium-dev
On Alpine:
apk update && apk add libsodium libsodium-dev
On other OS:
# You can remove directories libsodium-src and libsodium after installing the ngx_http_waf_module.
git clone https://github.com/jedisct1/libsodium --branch stable libsodium-src \\
&& cd libsodium-src \\
&& ./configure --prefix=$PWD/libsodium --with-pic \\
&& make -j\$(nproc) && make check -j \$(nproc) && make install \\
&& export LIB_SODIUM=$PWD/libsodium \\
&& cd $PWD
END
PWD=''
exit 1
fi
# Clear these variables to avoid affecting the installation of other modules.
ngx_feature=
ngx_feature_name=
ngx_feature_run=
ngx_feature_path=
ngx_feature_incs=
ngx_feature_libs=
ngx_feature_test=
if test -n "$ngx_module_link"; then
ngx_module_type=HTTP
ngx_module_name=$ngx_addon_name
ngx_module_deps=$deps
ngx_module_incs=$ngx_http_waf_module_inc_path
ngx_module_srcs=$srcs
ngx_module_libs=$ngx_http_waf_module_libs
# Let ngx_http_rewrite_module initialize before this module,
# so that this module can take effect before ngx_http_rewrite_module,
# because the initialization order and the effective order are reversed.
ngx_module_order="ngx_http_rewrite_module ${ngx_addon_name}"
. auto/module
else
HTTP_MODULES="$HTTP_MODULES ${ngx_addon_name}"
HTTP_DEPS-"$HTTP_DEPS $deps"
HTTP_INCS="$HTTP_INCS -I $ngx_addon_dir/inc"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $srcs"
fi