我们想在openresty waf的基础上做二次开发,比如再精确一些。比如我们先匹配到了select的url我们先打分10分,匹配到cc 1000/s我们再给这个ip打10分…直到100分我们就拉黑这个ip。
[openresty waf][1]
#cat reids_w.lua
require 'lib'
local redis = require "resty.redis"
function redis_hash_ip(white)
local red = redis:new()
local ok, err = red:connect("192.168.14.66", 6379)
if not ok then
ngx.log(ngx.ERR, "Failed to connect to Redis: ", err)
return false, "Failed to connect to Redis"
end
-- 认证Redis
-- local res, err = red:auth("123456lzx")
-- if not res then
-- ngx.log(ngx.ERR, "Failed to authenticate Redis: ", err)
-- return false, "Failed to authenticate Redis"
-- end
-- 检查列表中是否已存在要添加的值
local exists, err = red:lrange(get_client_ip(), 0, -1)
if exists then
for _, v in ipairs(exists) do
if v == white then
-- 如果要添加的值已经存在于列表中,则直接返回
red:set_keepalive(10000, 100)
return true, nil
end
end
end
-- 如果要添加的值不存在于列表中,则将其添加到列表头部
local res, err = red:lrem(get_client_ip(), 0, white)
if res < 0 then
ngx.log(ngx.ERR, "Failed to remove value from Redis list: ", err)
return false, "Failed to remove value from Redis list"
end
local success, err = red:lpush(get_client_ip(), white)
if not success then
ngx.log(ngx.ERR, "Failed to set value in Redis lpush: ", err)
return false, "Failed to set value in Redis lpush"
end
-- 关闭Redis连接
red:set_keepalive(10000, 100)
return true, nil
end
function redis_select()
local red = redis:new()
local ok, err = red:connect("192.168.14.66", 6379)
if not ok then
ngx.log(ngx.ERR, "Failed to connect to Redis: ", err)
return ngx.exit(500)
end
local res, err = red:lrange(get_client_ip(), 0, -1)
if not res then
return nil, "Failed to query Redis list: " .. err
else
for _, v in ipairs(res) do
ngx.log(ngx.INFO, "List value: ", v)
end
end
-- 关闭 Redis 连接(重用连接池中的连接)
red:set_keepalive(10000, 100)
return res, nil
end
![![2023-11-03T08:07:54.png][2]](https://img-blog.csdnimg.cn/d55ce91de1f643ea9f72928ce3dfca11.png)
![![2023-11-03T08:08:20.png][3]](https://img-blog.csdnimg.cn/1b58ce1ff87247f98d704fc648a28bc2.png)
![![2023-11-03T09:17:30.png][4]](https://img-blog.csdnimg.cn/078be1d733bc44b8a1957051e57ad90c.png)
请求url触犯代码
http://192.168.14.66 一分钟多访问一些,触发cc
http://192.168.14.66/.bash_history/ 触发url
...
查看redis里面是否写入数据,这是存得list数据,用ip做的name,然后那些触发得规则放在一个list里面。
![![2023-11-03T09:12:30.png][5]](https://img-blog.csdnimg.cn/596e9d4be7a945f5b8ed9bbf9071723d.png)
查看日志查出来的结果
![![2023-11-03T09:15:45.png][6]](https://img-blog.csdnimg.cn/465ef982aabd4ded9001fc3255191ef3.png)
