From bb66050fe3cc6ee26acadd5588f8949dee405b36 Mon Sep 17 00:00:00 2001 From: wiaamm Date: Thu, 4 Dec 2025 15:12:54 +0200 Subject: [PATCH] fix block page --- .../plugins/open-appsec-waf-kong-plugin/handler.lua | 13 ++++++++++--- .../open-appsec-waf-kong-plugin/nano_ffi.lua | 4 ---- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua b/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua index 0234c22..7a7bb92 100755 --- a/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua +++ b/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua @@ -8,6 +8,9 @@ local NanoHandler = {} NanoHandler.PRIORITY = 3000 NanoHandler.VERSION = "1.0.0" +NanoHandler.sessions = {} +NanoHandler.processed_requests = {} + function NanoHandler.init_worker() nano.init_attachment() end @@ -45,6 +48,11 @@ function NanoHandler.access(conf) local session_id = nano.generate_session_id() kong.service.request.set_header("x-session-id", tostring(session_id)) + if NanoHandler.processed_requests[session_id] then + kong.ctx.plugin.blocked = true + return + end + local session_data = nano.init_session(session_id) if not session_data then kong.log.err("Failed to initialize session - failing open (no session created)") @@ -73,9 +81,6 @@ function NanoHandler.access(conf) local verdict, response = nano.send_data(session_id, session_data, meta_data, req_headers, contains_body, nano.HttpChunkType.HTTP_REQUEST_FILTER) - -- Restart GC after send_data completes (was stopped in handle_start_transaction) - collectgarbage("restart") - if verdict == nano.AttachmentVerdict.DROP then kong.log.err("DROP verdict in access/send_data - session_id: ", session_id) kong.ctx.plugin.blocked = true @@ -191,6 +196,8 @@ function NanoHandler.access(conf) kong.ctx.plugin.session_data = nil return result end + + NanoHandler.processed_requests[session_id] = true end function NanoHandler.header_filter(conf) diff --git a/attachments/kong/plugins/open-appsec-waf-kong-plugin/nano_ffi.lua b/attachments/kong/plugins/open-appsec-waf-kong-plugin/nano_ffi.lua index 1839d5c..8c9e8de 100755 --- a/attachments/kong/plugins/open-appsec-waf-kong-plugin/nano_ffi.lua +++ b/attachments/kong/plugins/open-appsec-waf-kong-plugin/nano_ffi.lua @@ -292,10 +292,6 @@ function nano.handle_start_transaction() table.insert(nano.allocated_metadata, metadata) - -- Temporarily stop GC to ensure metadata isn't collected before it's used - -- Handler will restart GC after send_data completes - collectgarbage("stop") - return metadata end