[openresty] cc,黑白名单防御配置

下载安装 openresty

下载 https://github.com/unixhot/waf 配置

注意事项

在使用 unixhot 开源的 waf lua脚本时, 这里记录几个需要修改的地方

新增以下 到 http 块中,替换{path}为你自己的路径

 lua_shared_dict limit 50m; lua_package_path "{path}/openresty-1.19.9.1-win64/lualib/?.lua;{path}/openresty-1.19.9.1-win64/conf/waf/?.lua;"; init_by_lua_file "{path}/openresty-1.19.9.1-win64/conf/waf/init.lua"; access_by_lua_file "{path}/conf/waf/access.lua"; 
 config_rule_dir = "{path}/openresty-1.19.9.1-win64/conf/waf/rule-config" 
--enable/disable white url config_white_url_check = "on" --enable/disable white ip config_white_ip_check = "on" --enable/disable block ip config_black_ip_check = "on" --enable/disable url filtering config_url_check = "on" --enalbe/disable url args filtering config_url_args_check = "on" --enable/disable user agent filtering config_user_agent_check = "on" --enable/disable cookie deny filtering config_cookie_check = "on" --enable/disable cc filtering config_cc_check = "on" --cc rate the xxx of xxx seconds config_cc_rate = "20/60" --enable/disable post filtering config_post_check = "on" 
--config waf output redirect/html config_waf_output = "html" -- 如果 config_waf_output 配置为 redirect, 需要配置 config_waf_redirect_url --config_waf_redirect_url = "https://www.unixhot.com" config_output_html=[[ <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Language" content="zh-cn" /> <title>WAF</title> </head> <body> <h1 align="center"> 访问过于频繁,请稍后重试 </body> </html> ]] 

这里看lua代码, 黑名单、cc是直接403了,如果有需求可以自己改一下

测试配置

http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; lua_shared_dict limit 50m; lua_package_path "{path}/openresty-1.19.9.1-win64/lualib/?.lua;{path}/openresty-1.19.9.1-win64/conf/waf/?.lua;"; init_by_lua_file "{path}/openresty-1.19.9.1-win64/conf/waf/init.lua"; access_by_lua_file "{path}/conf/waf/access.lua"; server { listen 80; server_name localhost; location / { lua_code_cache off;  default_type text/html; content_by_lua_block { ngx.say("HelloWorld") } } } } 

本文只是一个采坑记录,这里感谢 unixhot 开源,github地址:https://github.com/unixhot/waf

原文链接:https://blog.csdn.net/queal/article/details/122844709?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522169114730816800227497644%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=169114730816800227497644&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~times_rank-3-122844709-null-null.268%5Ev1%5Ekoosearch&utm_term=cc%E9%98%B2%E6%8A%A4

原创文章,作者:优速盾-小U,如若转载,请注明出处:https://www.cdnb.net/bbs/archives/22385

(0)
上一篇 2024年3月14日 02:38
下一篇 2024年3月14日

相关推荐

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

优速盾注册领取大礼包www.cdnb.net
/sitemap.xml