基于openresty waf二次开发多次匹配到的ip再做拉黑

再做拉黑"/>

基于openresty waf二次开发多次匹配到的ip再做拉黑

我们想在openresty waf的基础上做二次开发，比如再精确一些。比如我们先匹配到了select的url我们先打分10分，匹配到cc 1000/s我们再给这个ip打10分…直到100分我们就拉黑这个ip。

[openresty waf][1]

#cat reids_w.lua
require 'lib'
local redis = require "resty.redis"
function redis_hash_ip(white)local red = redis:new()local ok, err = red:connect("192.168.14.66", 6379)if not ok thenngx.log(ngx.ERR, "Failed to connect to Redis: ", err)return false, "Failed to connect to Redis"end-- 认证Redis-- local res, err = red:auth("123456lzx")-- if not res then--   ngx.log(ngx.ERR, "Failed to authenticate Redis: ", err)--   return false, "Failed to authenticate Redis"-- end-- 检查列表中是否已存在要添加的值local exists, err = red:lrange(get_client_ip(), 0, -1)if exists thenfor _, v in ipairs(exists) doif v == white then-- 如果要添加的值已经存在于列表中，则直接返回red:set_keepalive(10000, 100)return true, nilendendend-- 如果要添加的值不存在于列表中，则将其添加到列表头部local res, err = red:lrem(get_client_ip(), 0, white)if res < 0 thenngx.log(ngx.ERR, "Failed to remove value from Redis list: ", err)return false, "Failed to remove value from Redis list"endlocal success, err = red:lpush(get_client_ip(), white)if not success thenngx.log(ngx.ERR, "Failed to set value in Redis lpush: ", err)return false, "Failed to set value in Redis lpush"end-- 关闭Redis连接red:set_keepalive(10000, 100)return true, nil
endfunction redis_select()local red = redis:new()local ok, err = red:connect("192.168.14.66", 6379)if not ok thenngx.log(ngx.ERR, "Failed to connect to Redis: ", err)return ngx.exit(500)endlocal res, err = red:lrange(get_client_ip(), 0, -1)if not res thenreturn nil, "Failed to query Redis list: " .. errelsefor _, v in ipairs(res) dongx.log(ngx.INFO, "List value: ", v)endend-- 关闭 Redis 连接（重用连接池中的连接）red:set_keepalive(10000, 100)return res, nilend

请求url触犯代码

http://192.168.14.66 一分钟多访问一些，触发cc
http://192.168.14.66/.bash_history/ 触发url
...

查看redis里面是否写入数据，这是存得list数据，用ip做的name，然后那些触发得规则放在一个list里面。

查看日志查出来的结果

然后我们就可以根据redis里面的客户ip做打分机制，当然这只是一个基础版本