CDN/NextWeb
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update openresty

Browse Source
This commit is contained in:
hoangvv 2024-11-18 15:34:39 +07:00
parent 77f821baa3
commit 79d2300456
31 changed files with 1001 additions and 2425 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2425
dev/nextweb.json
View File

File diff suppressed because it is too large Load Diff

BIN
dev/nextweb.json.zip
View File

Binary file not shown.

BIN
dev/nextweb/openresty/1.21.4.3-0-focal/openresty-1.21.4.3-0-focal.tar.gz
View File

Binary file not shown.

18
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/conf/conf.d/00.default.conf Normal file
View File

@ -0,0 +1,18 @@
map "" $empty {
default "";
}
server
{
listen 80;
listen 443 ssl http2;
server_name _;
ssl_ciphers aNULL;
ssl_certificate data:$empty;
ssl_certificate_key data:$empty;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
index 404.html;
root /usr/share/nginx/html;
}

18
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/conf/conf.d/default.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 80 ;
server_name 127.0.0.1 host.docker.internal;
charset utf-8;
default_type text/html;
location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
location /nginx_status {
stub_status on;
access_log off;
}
root /usr/share/nginx/html;
}

13
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/conf/fastcgi-php.conf Normal file
View File

@ -0,0 +1,13 @@
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
#fastcgi_param PATH_INFO $path_info;
fastcgi_read_timeout 3600;
fastcgi_index index.php;

24
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/conf/fastcgi_params Normal file
View File

@ -0,0 +1,24 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

98
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/conf/mime.types Normal file
View File

@ -0,0 +1,98 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

47
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/conf/nginx.conf Normal file
View File

@ -0,0 +1,47 @@
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
error_log /dev/stdout notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server_tokens off;
access_log /var/log/nginx/access.log main;
access_log /dev/stdout main;
sendfile on;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
client_max_body_size 50m;
keepalive_timeout 60;
keepalive_requests 100000;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
lua_code_cache on;
lua_shared_dict limit 10m;
lua_package_path "/www/common/waf/?.lua;/usr/local/openresty/lualib/?.lua;";
init_by_lua_file /www/common/waf/init.lua;
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
include /usr/local/openresty/nginx/conf/conf.d/*.conf;
}

14
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/data.yml Executable file
View File

@ -0,0 +1,14 @@
additionalProperties:
formFields:
- default: 80
envKey: PANEL_APP_PORT_HTTP
labelEn: HTTP Port
labelZh: HTTP 端口
required: true
type: number
- default: 443
envKey: PANEL_APP_PORT_HTTPS
labelEn: HTTPS Port
labelZh: HTTPS 端口
required: true
type: number

18
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/docker-compose.yml Normal file
View File

@ -0,0 +1,18 @@
version: '3'
services:
openresty:
image: openresty/openresty:1.21.4.3-0-focal
container_name: ${CONTAINER_NAME}
restart: always
network_mode: host
volumes:
- ./conf/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf
- ./conf/fastcgi_params:/usr/local/openresty/nginx/conf/fastcgi_params
- ./conf/fastcgi-php.conf:/usr/local/openresty/nginx/conf/fastcgi-php.conf
- ./log:/var/log/nginx
- ./conf/conf.d:/usr/local/openresty/nginx/conf/conf.d/
- ./www:/www
- ./root:/usr/share/nginx/html
- /etc/localtime:/etc/localtime
labels:
createdBy: "Apps"

6
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/root/404.html Normal file
View File

@ -0,0 +1,6 @@
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>

37
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/root/index.html Normal file
View File

@ -0,0 +1,37 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>恭喜,站点创建成功!</title>
<style>
.container {
width: 60%;
margin: 10% auto 0;
background-color: #f0f0f0;
padding: 2% 5%;
border-radius: 10px
}
ul {
padding-left: 20px;
}
ul li {
line-height: 2.3
}
a {
color: #20a53a
}
</style>
</head>
<body>
<div class="container">
<h1>恭喜, 站点创建成功!</h1>
<h3>这是默认index.html本页面由系统自动生成</h3>
<ul>
<li>您可以修改、删除或覆盖本页面</li>
</ul>
</div>
</body>
</html>

33
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/root/stop/index.html Normal file
View File

@ -0,0 +1,33 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>抱歉,站点已暂停</title>
<style>
html,body,div,h1,*{margin:0;padding:0;}
body{
background-color:#fefefe;
color:#333
}
.box{
width:580px;
margin:0 auto;
}
h1{
font-size:20px;
text-align:center;
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAQAAABpN6lAAAAACXBIWXMAAAsTAAALEwEAmpwYAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAH+UlEQVR42uyde3AV1RnAfyFpTCBpFIVoaxUpSQSEAezwMDUJRK11DOTDAjJTtPRBBx1bK/VRO7T1VdFCRx6j6DgjltaamcIJWBpICRg0MFjGio6BRGKp4iOUMtBEkiBJ+ocxzQ17957de3bv3WY//mDYc75zzve73549z4+Ubga2DCIEEAIIAYQAQgAhgBBACCAEEAIIAYQAQgAhgBBACCAEEAIIAYQAQgADR9L8q0pyGUM+BRRwIVlkk00mp2ilhRaaaaCBRupVs78AUrzfF5ChlFBKKQVa2RuooYaX1fH/AwCSgfAdrnHxonWxneeoVO2BBSBj+BHzODeuQk5QwSpVHzgAMo6l3GSog+1iAw+ptwIDQPJZRjkpRgvtRnGfeifpAUgGP+NezvHkp+rgMR413ycYBCDX8hRf9bTHOsRt6q9JCUDSeJQlhh3f+mVYzv3qTJIBkIup4Crfxi6vcrP6IIkAyNVs5AJfh2/HmK1eSZK5gJRR7bP5cAHb5MakACC3sJGMBMxhMlGyIOEAZBHr/JxO9ZvGPS8/SGgfILPYQGpC57KdzFabEwRACtmeEOePlDZK1Z4EAJBR7GVoUqxoHGeKOuRzHyDpVCSJ+TCUFyXd707wN0wieeRKHvP1FZCZbCLZpEz92ScAkkMDuZqZD7CTowxnBpc7fK+3cJghTKBE00ebKVAn3X1NncrDmuYf4YfqL33Gi09zkZbeaR5kuero0cvjaaZraOXyAHf64AEygX1a3/5/UKzej9AcSS0Xx9Rrp1xti9BLZR3f1qjxDJPcrBs57QTXaJl/mvJI80G9yzy6Ymr+ONJ8UJ0s5G9avrzG86+AfJNCrYxPqDfPfqh281wMvT3qGQu9M+gNeYvkWq894OdaubpYFSVlZQzN31o/VvupMdg+twCkRPP3fyPacoV6iw9t3+KtUdNe0qq5WAq99ID7NfO9bpP2d5u0g6o1atpeoz7qBoCMRPcNO+YyrdllWl+5Xi7xygNu0c6Z6jJtkEu9iM86CzwBIE4KHm6TNsx2MOOuTLc/lCMPKGSkdpmTbTB+zUbvcsmJmjZVu/Z8meoFgHIHZY6WvKhmnG/bljIj9Zd7AaDEkV/dFeX5T2LoLRHL9sg0rnZQ+3TjAORcJjoCsEgstknkOubE0JvAEgu9DJ51tj4gXzTtAUUOR4yD+FP/10DG8gcNzV/Lt/rppVPBGEe1p1JkGoDj8RUXUSdzJeXzzk/ms0tr+ySNP8ojktkH28vMdFy7g/ZqTYdlk4tGfDYp3sG/GEYpIxzptVDFYQYziWmuNlwrlZhdEMnHnVzG91zpZTOXeCTfqAdIKqdIJ0jSwWDVZa4PuDRg5sM5XGqyExxO8GSYSQBZAQSQbRJAdgABZA10DzAKICOAADJNAmgLIIA2kwBaAwigdaADaAk9wCCAowEEcNQkgH9yOmDmd/CeQQCqk3cDBqBJdyqkuyDSGDAADtqrtx5wwOWCSKR8yiEOUE89H9HS8yeNLIYwhGxGkMco8hitP4iJKgdNA6iLqzndvMk2tlKnrPqSEz1/1/asPqQzjRmUMpkvuK7xVf2sektiORx3eZ6siSd5QX3sXFGGcSvf17xqFymdDFX/MQoAZB9XOm7IVlZTpeI6jy9F/NRmu8RaXlNTTL8CsNMhgD0sie8Ia88XaBe7ZDKro2+3WcgOJzXoOnalo2HobRSaML8HwmtM5Q4HUzJHpxi1T4lJk+b26H7meHHBTcayWasFjcpRv6F/TnA9v9TItYV56pOoRgxiFOP4Cl8il8FkkM6ntNPOMT7iQw7ytjoV1Q/elilU2e4ufya/cwZW3wNG0hTbW5mjOi21x3MD32Ayg231u2ikhmq2W4OQ86hlXIxP7gj1nicAQKpjHJLZw/TPT3j20cplIQsc7u59wibWU332gFZGsM92i71K3eCRB4CUsNMm+QTj+x+OlIncw02uBzSHWcva/ieAZS4VNjpfV3WeAQCps7kdeKda2a/TWkb8N7tOsorHI0+P2XhirSpxWoGz8d0jNvPvtX2aOESeYD8mLrblsJSmfvfDfuWifWY8wMYHHlf39ua5it9zmeGv4FYW/m9ALfWMtsjziipyXrDTEf7tWPby9J4NlbuoNW4+XM9+uab3X82WM4Db3RTsEIB6g6csE4oBJE2eYYVHNwmHUyWLACTFcvt7jbsgC25ujDRabpfOYgsvxLmvH1vuZgVLeeCs565vjJi7M9TN+1yC9/IBX7Z4OlO95K44F7N8tZnVVih9MR9L81e6Nd/ttbm7bU99+y2vc497Zbc3R/PYy3lJYX4ibo6Ceocy2pPA/DbK4jE/juvzqo75dCXY/E7mq93xFRFH/ABVyWIS+V+UdLNYxX2HNc4YInIrzyYohMIZvqvWx19M3EFUZCYVCThD0sY8958+owBAithou0hhXpIpigyoXUxgt4/m72aiKfMNhdRURyhmhU8d33KK1RFzBZqMJXYdT3ocS6yJxaZjiRkMqqqquYKHPTtM0cFDXGHafC/iCRawjFnG4wlWcp/y5JSCNxElx/MLZhuC0M0GHgxQRMleCGO5g5vJiauQk7wYyJiivRAyERYyw1VU2RrWsTHAUWX7YDif6ZQyQ/MiSyM17GCn+rc/g4oU/2YzciFjKOiNLJ1FNpm00UIrLXxMIw00UO/mNElAACSnhNHlQwAhgBBACCAEEAIIAYQAQgAhgBDAgJT/DgDyxCJjaj0UmAAAAABJRU5ErkJggg==) no-repeat top center;
padding-top:160px;
margin-top:30%;
font-weight:normal;
}
</style>
</head>
<body>
<div class="box">
<h1>抱歉!该站点已经被管理员停止运行,请联系管理员了解详情!</h1>
</div>
</body>
</html>

9
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/scripts/init.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
source ./.env
sed -i -E "s/(listen[[:space:]]+)(80)([[:space:]]*;)/\1${PANEL_APP_PORT_HTTP}\3/" conf/conf.d/00.default.conf
sed -i -E "s/(listen[[:space:]]+)(443)([[:space:]]+ssl[[:space:]]+http2;)/\1${PANEL_APP_PORT_HTTPS}\3/" conf/conf.d/00.default.conf
sed -i -E "s/(listen[[:space:]]+)(80)([[:space:]]*;)/\1${PANEL_APP_PORT_HTTP}\3/" conf/conf.d/default.conf

394
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/access.lua Normal file
View File

@ -0,0 +1,394 @@
local match = string.match
local ngxMatch=ngx.re.match
local unescape=ngx.unescape_uri
local get_headers = ngx.req.get_headers
local cjson = require "cjson"
local content_length=tonumber(ngx.req.get_headers()['content-length'])
local method=ngx.req.get_method()
local function optionIsOn(options)
return options == "on" or options == "On" or options == "ON"
end
local logPath = ngx.var.logdir
local rulePath = ngx.var.RulePath
local PostDeny = optionIsOn(ngx.var.postDeny)
local function getClientIp()
IP = ngx.var.remote_addr
if IP == nil then
IP = "unknown"
end
return IP
end
local function write(logfile,msg)
local fd = io.open(logfile,"ab")
if fd == nil then return end
fd:write(msg)
fd:flush()
fd:close()
end
local function log(method,url,data,ruletag)
local attackLog = optionIsOn(ngx.var.attackLog)
if attackLog then
local realIp = getClientIp()
local ua = ngx.var.http_user_agent
local servername=ngx.var.server_name
local time=ngx.localtime()
local line = nil
if ua then
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" \""..ua.."\" \""..ruletag.."\"\n"
else
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..ruletag.."\"\n"
end
local filename = logPath..'/'..servername.."_"..ngx.today().."_sec.log"
write(filename,line)
end
end
------------------------------------规则读取函数-------------------------------------------------------------------
local function read_json(var)
file = io.open(rulePath..'/'..var .. '.json',"r")
if file==nil then
return
end
str = file:read("*a")
file:close()
list = cjson.decode(str)
return list
end
local function select_rules(rules)
if not rules then return {} end
new_rules = {}
for i,v in ipairs(rules) do
if v[3] == 1 then
table.insert(new_rules,v[1])
end
end
return new_rules
end
local function read_str(var)
file = io.open(rulePath..'/'..var,"r")
if file==nil then
return
end
local str = file:read("*a")
file:close()
return str
end
local html=read_str('warn.html')
local function say_html()
local redirect = optionIsOn(ngx.var.redirect)
if redirect then
ngx.header.content_type = "text/html"
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(html)
ngx.exit(ngx.status)
end
end
local function whiteUrlCheck()
local urlWhiteAllow = optionIsOn(ngx.var.urlWhiteAllow)
if urlWhiteAllow then
local urlWhiteList = read_json('url_white')
if urlWhiteList ~= nil then
for _, rule in pairs(urlWhiteList) do
if ngxMatch(ngx.var.uri, rule, "isjo") then
return true
end
end
end
end
return false
end
local function fileExtCheck(ext)
local fileExtDeny = optionIsOn(ngx.var.fileExtDeny)
if fileExtDeny then
local fileExtBlockList = read_json('fileExtBlockList')
local items = Set(fileExtBlockList)
ext=string.lower(ext)
if ext then
for rule in pairs(items) do
if ngx.re.match(ext,rule,"isjo") then
log('POST',ngx.var.request_uri,"-","file attack with ext "..ext)
say_html()
end
end
end
end
return false
end
function Set (list)
local set = {}
for _, l in ipairs(list) do set[l] = true end
return set
end
local function getArgsCheck()
local argsDeny = optionIsOn(ngx.var.argsDeny)
if argsDeny then
local argsCheckList=select_rules(read_json('args_check'))
if argsCheckList then
for _,rule in pairs(argsCheckList) do
local uriArgs = ngx.req.get_uri_args()
for key, val in pairs(uriArgs) do
if type(val)=='table' then
local t={}
for k,v in pairs(val) do
if v == true then
v=""
end
table.insert(t,v)
end
data=table.concat(t, " ")
else
data=val
end
if data and type(data) ~= "boolean" and rule ~="" and ngxMatch(unescape(data),rule,"isjo") then
log('GET',ngx.var.request_uri,"-",rule)
say_html()
return true
end
end
end
end
end
return false
end
local function blockUrlCheck()
local urlBlockDeny = optionIsOn(ngx.var.urlBlockDeny)
if urlBlockDeny then
local urlBlockList=read_json('url_block')
for _, rule in pairs(urlBlockList) do
if rule ~= "" and ngxMatch(ngx.var.request_uri, rule, "isjo") then
log('GET', ngx.var.request_uri, "-", rule)
say_html()
return true
end
end
end
return false
end
function ua()
local ua = ngx.var.http_user_agent
if ua ~= nil then
local uaRules = select_rules(read_json('user_agent'))
for _,rule in pairs(uaRules) do
if rule ~="" and ngxMatch(ua,rule,"isjo") then
log('UA',ngx.var.request_uri,"-",rule)
say_html()
return true
end
end
end
return false
end
function body(data)
local postCheckList = select_rules(read_json('post_check'))
for _,rule in pairs(postCheckList) do
if rule ~="" and data~="" and ngxMatch(unescape(data),rule,"isjo") then
log('POST',ngx.var.request_uri,data,rule)
say_html()
return true
end
end
return false
end
local function cookieCheck()
local ck = ngx.var.http_cookie
local cookieDeny = optionIsOn(ngx.var.cookieDeny)
if cookieDeny and ck then
local cookieBlockList = select_rules(read_json('cookie_block'))
for _,rule in pairs(cookieBlockList) do
if rule ~="" and ngxMatch(ck,rule,"isjo") then
log('Cookie',ngx.var.request_uri,"-",rule)
say_html()
return true
end
end
end
return false
end
local function denyCC()
local ccRate = read_str('cc.json')
local ccDeny = optionIsOn(ngx.var.CCDeny)
if ccDeny and ccRate then
local uri=ngx.var.uri
ccCount=tonumber(string.match(ccRate,'(.*)/'))
ccSeconds=tonumber(string.match(ccRate,'/(.*)'))
local access_uri = getClientIp()..uri
local limit = ngx.shared.limit
local req,_=limit:get(access_uri)
if req then
if req > ccCount then
ngx.exit(503)
return true
else
limit:incr(access_uri,1)
end
else
limit:set(access_uri,1,ccSeconds)
end
end
return false
end
local function get_boundary()
local header = get_headers()["content-type"]
if not header then
return nil
end
if type(header) == "table" then
header = header[1]
end
local m = match(header, ";%s*boundary=\"([^\"]+)\"")
if m then
return m
end
return match(header, ";%s*boundary=([^\",;]+)")
end
local function whiteIpCheck()
local ipWhiteAllow = optionIsOn(ngx.var.ipWhiteAllow)
if ipWhiteAllow then
local ipWhiteList=read_json('ip_white')
if next(ipWhiteList) ~= nil then
for _,ip in pairs(ipWhiteList) do
if getClientIp()==ip then
return true
end
end
end
end
return false
end
local function blockIpCheck()
local ipBlockDeny = optionIsOn(ngx.var.ipBlockDeny)
if ipBlockDeny then
local ipBlockList=read_json('ip_block')
if next(ipBlockList) ~= nil then
for _,ip in pairs(ipBlockList) do
if getClientIp()==ip then
ngx.exit(403)
return true
end
end
end
end
return false
end
local function handleBodyKeyOrVal(kv)
if type(kv) == "table" then
if type(kv[1]) == "boolean" then
return
end
data = table.concat(kv, ", ")
else
data = kv
end
if data then
if type(data) ~= "boolean" then
body(data)
end
end
end
local function postCheck()
if method == "POST" then
local boundary = get_boundary()
local fileExtDeny = optionIsOn(ngx.var.fileExtDeny)
if boundary and fileExtDeny then
local protocol = ngx.var.server_protocol
if protocol == "HTTP/2.0" then
return
end
local len = string.len
local sock = ngx.req.socket()
if not sock then
return
end
ngx.req.init_body(128 * 1024)
sock:settimeout(0)
local contentLength = nil
contentLength = tonumber(ngx.req.get_headers()['content-length'])
local chunk_size = 4096
if contentLength < chunk_size then
chunk_size = contentLength
end
local size = 0
while size < contentLength do
local data, err, partial = sock:receive(chunk_size)
data = data or partial
if not data then
return
end
ngx.req.append_body(data)
if body(data) then
return true
end
size = size + len(data)
local m = ngxMatch(data, 'Content-Disposition: form-data; (.+)filename="(.+)\\.(.*)"', 'ijo')
if m then
fileExtCheck(m[3])
fileTranslate = true
else
if ngxMatch(data, "Content-Disposition:", 'isjo') then
fileTranslate = false
end
if fileTranslate == false then
if body(data) then
return true
end
end
end
local less = content_length - size
if less < chunk_size then
chunk_size = less
end
end
ngx.req.finish_body()
else
ngx.req.read_body()
local bodyObj = ngx.req.get_post_args()
if not bodyObj then
return
end
for key, val in pairs(bodyObj) do
handleBodyKeyOrVal(key)
handleBodyKeyOrVal(val)
end
end
end
end
if whiteIpCheck() then
elseif blockIpCheck() then
elseif denyCC() then
elseif ngx.var.http_Acunetix_Aspect then
ngx.exit(444)
elseif ngx.var.http_X_Scan_Memo then
ngx.exit(444)
elseif whiteUrlCheck() then
elseif ua() then
elseif blockUrlCheck() then
elseif getArgsCheck() then
elseif cookieCheck() then
elseif PostDeny then
postCheck()
else
return
end

1
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/init.lua Normal file
View File

@ -0,0 +1 @@
ngx.log(ngx.INFO,"init success")

26
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/args_check.json Normal file
View File

@ -0,0 +1,26 @@
[
["\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 1 ],
["(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 1 ],
["(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 1 ],
["base64_decode\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee43", 1],
["(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee44", 1 ],
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", "\u4e00\u53e5\u8bdd\u6728\u9a6c\u8fc7\u6ee45", 1],
["select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42", 1 ],
["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 1 ],
["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
["(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 1 ],
["\\<(iframe|script|body|img|layer|div|meta|style|base|object)", "XSS\u8fc7\u6ee41", 1],
["(invokefunction|call_user_func_array|\\\\think\\\\)", "ThinkPHP payload\u5c01\u5835", 1 ],
["^url_array\\[.*\\]$", "Metinfo6.x XSS\u6f0f\u6d1e", 1],
["(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(EXISTS\\(|SELECT\\#|\\(SELECT)", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(?:from.+?information_schema.+?)", "", 1],
["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
["'$", "test", 1],
["\\${jndi:", "log4j2\u62e6\u622a", 1 ],
["terrewrewrwr", "", 1]
]

1
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/cc.json Normal file
View File

@ -0,0 +1 @@
100/60

12
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/cookie_block.json Normal file
View File

@ -0,0 +1,12 @@
[
["base64_decode\\(","一句话木马过滤3",1],
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[","一句话木马过滤5",1],
["select.+(from|limit)","SQL注入过滤2",1],
["(?:(union(.*?)select))","SQL注入过滤3",1],
["sleep\\((\\s*)(\\d*)(\\s*)\\)","SQL注入过滤5",1],
["benchmark\\((.*)\\,(.*)\\)","SQL注入过滤6",1],
["(?:from\\W+information_schema\\W)","SQL注入过滤7",1],
["(?:(?:current_)user|database|schema|connection_id)\\s*\\(","SQL注入过滤8",1],
["into(\\s+)+(?:dump|out)file\\s*","SQL注入过滤9",1],
["group\\s+by.+\\(","SQL注入过滤10",1]
]

1
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/file_ext_block.json Normal file
View File

@ -0,0 +1 @@
["php","jsp"]

1
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/ip_block.json Normal file
View File

@ -0,0 +1 @@
[]

1
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/ip_white.json Normal file
View File

@ -0,0 +1 @@
[]

22
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/post_check.json Normal file
View File

@ -0,0 +1,22 @@
[
["\\.\\./\\.\\./", "\u76ee\u5f55\u4fdd\u62a41", 1],
["(?:etc\\/\\W*passwd)", "\u76ee\u5f55\u4fdd\u62a43", 1],
["(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "PHP\u6d41\u534f\u8bae\u8fc7\u6ee41", 1],
["base64_decode\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee41", 1],
["(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee42", 1],
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee43", 1],
["select.+(from|limit)", "SQL\u6ce8\u5165\u8fc7\u6ee42",1],
["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43",1],
["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
["(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48",1],
["(extractvalue\\(|concat\\(|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\(|right\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
["(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 1],
["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(EXISTS\\(|SELECT\\#|\\(SELECT|select\\()", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(?:from.+?information_schema.+?)", "", 1],
["\\${jndi:", "log4j2\u62e6\u622a", 1]
]

1
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/url_block.json Normal file
View File

@ -0,0 +1 @@
[]

1
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/url_white.json Normal file
View File

@ -0,0 +1 @@
[]

17
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/user_agent.json Normal file
View File

@ -0,0 +1,17 @@
[
["(WPScan|HTTrack|antSword|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/)", "\u5173\u952e\u8bcd\u8fc7\u6ee41", 1],
["(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\\(", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee42", 1],
["\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)", "\u4e00\u53e5\u8bdd*\u5c4f\u853d\u7684\u5173\u952e\u5b57*\u8fc7\u6ee43", 1],
["select\\s+.+(from|limit)\\s+", "SQL\u6ce8\u5165\u8fc7\u6ee42", 1],
["(?:(union(.*?)select))", "SQL\u6ce8\u5165\u8fc7\u6ee43", 1],
["benchmark\\((.*)\\,(.*)\\)", "SQL\u6ce8\u5165\u8fc7\u6ee46", 1],
["(?:from\\W+information_schema\\W)", "SQL\u6ce8\u5165\u8fc7\u6ee47", 1],
["(?:(?:current_)user|database|schema|connection_id)\\s*\\(", "SQL\u6ce8\u5165\u8fc7\u6ee48", 1],
["(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1],
["(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee402", 1],
["(substr\\()", "SQL\u6ce8\u5165\u8fc7\u6ee410", 1],
["(ORD\\(|MID\\(|IFNULL\\(|CAST\\(|CHAR\\))", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(EXISTS\\(|SELECT\\#|\\(SELECT)", "SQL\u6ce8\u5165\u8fc7\u6ee41", 1],
["(array_map\\(\"ass)", "\u83dc\u5200\u6d41\u91cf\u8fc7\u6ee4", 1],
["(bin\\(|ascii\\(|benchmark\\(|concat_ws\\(|group_concat\\(|strcmp\\(|left\\(|datadir\\(|greatest\\()", "SQL\u62a5\u9519\u6ce8\u5165\u8fc7\u6ee401", 1]
]

136
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/1.21.4.3-0-focal/www/common/waf/rules/warn.html Normal file
View File

@ -0,0 +1,136 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>网站防火墙</title>
<style>
p {
line-height: 20px;
}
ul {
list-style-type: none;
}
li {
list-style-type: none;
}
</style>
</head>
<body style="padding: 0; margin: 0; font: 14px/1.5 Microsoft Yahei, 宋体, sans-serif; color: #555">
<div style="margin: 0 auto; width: 1000px; padding-top: 200px; overflow: hidden">
<div style="width: 600px; margin: 0 auto;">
<div
style="
height: 40px;
line-height: 40px;
color: #fff;
font-size: 16px;
overflow: hidden;
background: #6bb3f6;
padding-left: 20px;
"
>
网站防火墙
</div>
<div
style="
border: 1px dashed #cdcece;
border-top: none;
font-size: 14px;
background: #fff;
color: #555;
line-height: 24px;
height: 220px;
padding: 20px 20px 0 20px;
overflow-y: auto;
background: #f3f7f9;
"
>
<p
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
<span style="font-weight: 600; color: #fc4f03">
您的请求带有不合法参数,已被网站管理员设置拦截!
</span>
</p>
<p
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
可能原因:您提交的内容包含危险的攻击请求
</p>
<p
style="
margin-top: 12px;
margin-bottom: 12px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 1;
text-indent: 0px;
"
>
如何解决:
</p>
<ul
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-list-indent: 1;
"
>
<li
style="
margin-top: 12px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
1检查提交内容
</li>
<li
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
2如网站托管请联系空间提供商
</li>
<li
style="
margin-top: 0px;
margin-bottom: 0px;
margin-left: 0px;
margin-right: 0px;
-qt-block-indent: 0;
text-indent: 0px;
"
>
3普通网站访客请联系网站管理员
</li>
</ul>
</div>
</div>
</div>
</body>
</html>

33
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/README.md Normal file
View File

@ -0,0 +1,33 @@
# OpenResty
OpenResty 是一个基于 Nginx 的高性能 Web 应用服务器,它将 Nginx 与 Lua 编程语言集成在一起,提供了强大的功能和灵活性。
## 主要功能:
### 高性能代理服务器
OpenResty 基于 Nginx 构建,继承了 Nginx 强大的反向代理和负载均衡功能。它能够处理大量并发请求,快速转发流量到后端服务器,确保网站的高性能和可用性。
### 动态内容生成
通过集成 Lua 编程语言OpenResty 允许开发人员在配置文件中编写动态内容生成逻辑。这意味着您可以使用 Lua 脚本来处理请求、生成响应,甚至连接到外部数据源,从而创建高度定制化的 Web 应用程序。
### 高级 URL 路由
OpenResty 支持灵活的 URL 路由和重写规则。您可以根据请求的 URL 对流量进行定向、分发和过滤,以满足不同的业务需求。这有助于构建 RESTful API 或处理复杂的 URL 映射。
### 缓存和性能优化
OpenResty 提供了强大的缓存功能,可以缓存静态资源或动态生成的内容,从而显著提高网站的响应速度。它还支持压缩、负载均衡、连接池等性能优化功能,确保最佳的用户体验。
### 安全性和访问控制
通过 Nginx 的安全模块和 Lua 编程OpenResty 提供了多层次的安全性控制包括防止恶意请求、DDoS 攻击和访问控制列表。它还支持 SSL/TLS 加密,保护数据传输的安全性。
### 第三方模块和插件
OpenResty 社区和生态系统丰富,有许多第三方模块和插件可供选择,包括缓存、反爬虫、访问日志、认证等。这些扩展功能可以根据需求轻松集成到 OpenResty 中。
### 轻量级和可扩展
OpenResty 采用模块化设计,使得它非常轻量级且易于扩展。您可以根据需要选择性地启用或禁用功能模块,以满足不同的应用场景。

19
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/data.yml Executable file
View File

@ -0,0 +1,19 @@
name: OpenResty
tags:
- Web 服务器
title: 基于 NGINX 和 LuaJIT 的 Web 平台
description: 基于 NGINX 和 LuaJIT 的 Web 平台
additionalProperties:
key: openresty
name: OpenResty
tags:
- Server
shortDescZh: 基于 NGINX 和 LuaJIT 的 Web 平台
shortDescEn: High performance web platform based on Nginx and LuaJIT
type: runtime
crossVersionUpdate: true
limit: 1
recommend: 1
website: https://openresty.org
github: https://github.com/openresty/openresty
document: http://openresty.org/cn/getting-started.html

BIN
dev/nextweb/openresty/1.21.4.3-0-focal/openresty/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.5 KiB