mirror of
https://github.com/potats0/lua-resty-coraza.git
synced 2025-06-28 17:41:00 +03:00
api
This commit is contained in:
potatso
parent
0bb183e78d
commit
fc7baf2f38
@ -50,7 +50,7 @@ function _M.do_access_filter()
|
|||||||
request.build_and_process_body(transaction)
|
request.build_and_process_body(transaction)
|
||||||
|
|
||||||
ngx_ctx.action, ngx_ctx.status_code = coraza.intervention(transaction)
|
ngx_ctx.action, ngx_ctx.status_code = coraza.intervention(transaction)
|
||||||
_M.do_handle()
|
|
||||||
end
|
end
|
||||||
|
|
||||||
function _M.do_free()
|
function _M.do_free()
|
||||||
@ -67,15 +67,10 @@ function _M.do_handle()
|
|||||||
-- If request has disrupted by coraza, the transaction is freed and set to nil.
|
-- If request has disrupted by coraza, the transaction is freed and set to nil.
|
||||||
-- Response which was disrupted doesn't make sense.
|
-- Response which was disrupted doesn't make sense.
|
||||||
if ngx_ctx.action ~= nil and ngx_ctx.transaction ~= nil then
|
if ngx_ctx.action ~= nil and ngx_ctx.transaction ~= nil then
|
||||||
nlog(warn_fmt([[Transaction %s request: "%s" is interrupted by policy. Action is %s]],
|
nlog(warn_fmt([[Transaction %s request: "%s" is interrupted by policy. Action is %s]], ngx_ctx.request_id, ngx_var.request, ngx_ctx.action))
|
||||||
ngx_ctx.request_id, ngx_var.request, ngx_ctx.action))
|
|
||||||
if ngx_ctx.action == "drop" then
|
if ngx_ctx.action == "drop" then
|
||||||
ngx.status = ngx_ctx.status_code
|
ngx_ctx.is_disrupted = true
|
||||||
local ok, msg = pcall(ngx.say, fmt(consts.BLOCK_CONTENT_FORMAT, ngx_ctx.status_code))
|
return ngx_ctx.status_code, fmt(consts.BLOCK_CONTENT_FORMAT, ngx_ctx.status_code)
|
||||||
if ok == false then
|
|
||||||
nlog(err_fmt(msg))
|
|
||||||
end
|
|
||||||
return ngx.exit(ngx.status)
|
|
||||||
-- TODO: disrupted by more action
|
-- TODO: disrupted by more action
|
||||||
--elseif ngx_ctx.action == "deny" then
|
--elseif ngx_ctx.action == "deny" then
|
||||||
-- ngx.status = ngx_ctx.status_code
|
-- ngx.status = ngx_ctx.status_code
|
||||||
@ -87,11 +82,39 @@ function _M.do_handle()
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function _M.do_interrupt()
|
||||||
|
-- transaction is interrupted by policy, be free firstly.
|
||||||
|
-- If request has disrupted by coraza, the transaction is freed and set to nil.
|
||||||
|
-- Response which was disrupted doesn't make sense.
|
||||||
|
if ngx_ctx.is_disrupted == true and ngx.get_phase() == "header_filter" then
|
||||||
|
nlog(debug_fmt("Transaction %s has been disrupted at request phrase. ignore",
|
||||||
|
ngx_ctx.request_id))
|
||||||
|
return
|
||||||
|
end
|
||||||
|
local status_code, block_msg = _M.do_handle()
|
||||||
|
if status_code ~= nil then
|
||||||
|
ngx.status = ngx_ctx.status_code
|
||||||
|
local ok, msg = pcall(ngx.say, block_msg)
|
||||||
|
if ok == false then
|
||||||
|
nlog(err_fmt(msg))
|
||||||
|
end
|
||||||
|
return ngx.exit(ngx.status)
|
||||||
|
-- TODO: disrupted by more action
|
||||||
|
-- elseif ngx_ctx.action == "deny" then
|
||||||
|
-- ngx.status = ngx_ctx.status_code
|
||||||
|
---- NYI: cannot call this C function (yet)
|
||||||
|
---- ngx.header.content_type = consts.BLOCK_CONTENT_TYPE
|
||||||
|
-- ngx.say(fmt(consts.BLOCK_CONTENT_FORMAT, ngx_ctx.status_code))
|
||||||
|
-- eturn ngx.exit(ngx.status)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
function _M.do_header_filter()
|
function _M.do_header_filter()
|
||||||
if ngx_ctx.action ~= nil then
|
if ngx_ctx.is_disrupted == true then
|
||||||
-- If request was interrupted by coraza at access_by_lua phrase, the ngx_ctx.transaction will be set nil.
|
-- If request was interrupted by coraza at access_by_lua phrase, the ngx_ctx.transaction will be set nil.
|
||||||
-- We can bypass the check.
|
-- We can bypass the check.
|
||||||
nlog(debug_fmt("Transaction %s has been disrupted at request phrase. ignore", ngx_ctx.request_id))
|
nlog(debug_fmt("Transaction %s has been disrupted at request phrase. ignore",
|
||||||
|
ngx_ctx.request_id))
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
local h = ngx.resp.get_headers(0, true)
|
local h = ngx.resp.get_headers(0, true)
|
||||||
@ -112,7 +135,6 @@ function _M.do_header_filter()
|
|||||||
--coraza.process_response_body(ngx_ctx.transaction)
|
--coraza.process_response_body(ngx_ctx.transaction)
|
||||||
|
|
||||||
ngx_ctx.action, ngx_ctx.status_code = coraza.intervention(ngx_ctx.transaction)
|
ngx_ctx.action, ngx_ctx.status_code = coraza.intervention(ngx_ctx.transaction)
|
||||||
_M.do_handle()
|
|
||||||
end
|
end
|
||||||
|
|
||||||
return _M
|
return _M
|
||||||
|
|||||||
@ -17,6 +17,7 @@ our $LocationConfig = <<'_EOC_';
|
|||||||
access_by_lua_block {
|
access_by_lua_block {
|
||||||
local coraza = require "resty.coraza"
|
local coraza = require "resty.coraza"
|
||||||
coraza.do_access_filter()
|
coraza.do_access_filter()
|
||||||
|
coraza.do_interrupt()
|
||||||
}
|
}
|
||||||
|
|
||||||
content_by_lua_block {
|
content_by_lua_block {
|
||||||
@ -26,6 +27,7 @@ our $LocationConfig = <<'_EOC_';
|
|||||||
header_filter_by_lua_block{
|
header_filter_by_lua_block{
|
||||||
local coraza = require "resty.coraza"
|
local coraza = require "resty.coraza"
|
||||||
coraza.do_header_filter()
|
coraza.do_header_filter()
|
||||||
|
coraza.do_interrupt()
|
||||||
}
|
}
|
||||||
|
|
||||||
log_by_lua_block{
|
log_by_lua_block{
|
||||||
|
|||||||
@ -17,6 +17,7 @@ our $LocationConfig = <<'_EOC_';
|
|||||||
access_by_lua_block {
|
access_by_lua_block {
|
||||||
local coraza = require "resty.coraza"
|
local coraza = require "resty.coraza"
|
||||||
coraza.do_access_filter()
|
coraza.do_access_filter()
|
||||||
|
coraza.do_interrupt()
|
||||||
}
|
}
|
||||||
|
|
||||||
content_by_lua_block {
|
content_by_lua_block {
|
||||||
@ -26,6 +27,7 @@ our $LocationConfig = <<'_EOC_';
|
|||||||
header_filter_by_lua_block{
|
header_filter_by_lua_block{
|
||||||
local coraza = require "resty.coraza"
|
local coraza = require "resty.coraza"
|
||||||
coraza.do_header_filter()
|
coraza.do_header_filter()
|
||||||
|
coraza.do_interrupt()
|
||||||
}
|
}
|
||||||
|
|
||||||
log_by_lua_block{
|
log_by_lua_block{
|
||||||
|
|||||||
@ -16,6 +16,7 @@ our $LocationConfig = <<'_EOC_';
|
|||||||
access_by_lua_block {
|
access_by_lua_block {
|
||||||
local coraza = require "resty.coraza"
|
local coraza = require "resty.coraza"
|
||||||
coraza.do_access_filter()
|
coraza.do_access_filter()
|
||||||
|
coraza.do_interrupt()
|
||||||
}
|
}
|
||||||
|
|
||||||
content_by_lua_block {
|
content_by_lua_block {
|
||||||
@ -25,6 +26,7 @@ our $LocationConfig = <<'_EOC_';
|
|||||||
header_filter_by_lua_block{
|
header_filter_by_lua_block{
|
||||||
local coraza = require "resty.coraza"
|
local coraza = require "resty.coraza"
|
||||||
coraza.do_header_filter()
|
coraza.do_header_filter()
|
||||||
|
coraza.do_interrupt()
|
||||||
}
|
}
|
||||||
|
|
||||||
log_by_lua_block{
|
log_by_lua_block{
|
||||||
|
|||||||
@ -20,6 +20,7 @@ our $LocationConfig = <<'_EOC_';
|
|||||||
access_by_lua_block {
|
access_by_lua_block {
|
||||||
local coraza = require "resty.coraza"
|
local coraza = require "resty.coraza"
|
||||||
coraza.do_access_filter()
|
coraza.do_access_filter()
|
||||||
|
coraza.do_interrupt()
|
||||||
}
|
}
|
||||||
|
|
||||||
content_by_lua_block {
|
content_by_lua_block {
|
||||||
@ -29,6 +30,7 @@ our $LocationConfig = <<'_EOC_';
|
|||||||
header_filter_by_lua_block{
|
header_filter_by_lua_block{
|
||||||
local coraza = require "resty.coraza"
|
local coraza = require "resty.coraza"
|
||||||
coraza.do_header_filter()
|
coraza.do_header_filter()
|
||||||
|
coraza.do_interrupt()
|
||||||
}
|
}
|
||||||
|
|
||||||
log_by_lua_block{
|
log_by_lua_block{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user