我們想在openresty waf的基礎(chǔ)上做二次開發(fā)，比如再精確一些。比如我們先匹配到了select的url我們先打分10分，匹配到cc 1000/s我們?cè)俳o這個(gè)ip打10分…直到100分我們就拉黑這個(gè)ip。

[openresty waf][1]

#cat reids_w.lua
require 'lib'
local redis = require "resty.redis"
function redis_hash_ip(white)local red = redis:new()local ok, err = red:connect("192.168.14.66", 6379)if not ok thenngx.log(ngx.ERR, "Failed to connect to Redis: ", err)return false, "Failed to connect to Redis"end-- 認(rèn)證Redis-- local res, err = red:auth("123456lzx")-- if not res then--   ngx.log(ngx.ERR, "Failed to authenticate Redis: ", err)--   return false, "Failed to authenticate Redis"-- end-- 檢查列表中是否已存在要添加的值local exists, err = red:lrange(get_client_ip(), 0, -1)if exists thenfor _, v in ipairs(exists) doif v == white then-- 如果要添加的值已經(jīng)存在于列表中，則直接返回red:set_keepalive(10000, 100)return true, nilendendend-- 如果要添加的值不存在于列表中，則將其添加到列表頭部local res, err = red:lrem(get_client_ip(), 0, white)if res < 0 thenngx.log(ngx.ERR, "Failed to remove value from Redis list: ", err)return false, "Failed to remove value from Redis list"endlocal success, err = red:lpush(get_client_ip(), white)if not success thenngx.log(ngx.ERR, "Failed to set value in Redis lpush: ", err)return false, "Failed to set value in Redis lpush"end-- 關(guān)閉Redis連接red:set_keepalive(10000, 100)return true, nil
endfunction redis_select()local red = redis:new()local ok, err = red:connect("192.168.14.66", 6379)if not ok thenngx.log(ngx.ERR, "Failed to connect to Redis: ", err)return ngx.exit(500)endlocal res, err = red:lrange(get_client_ip(), 0, -1)if not res thenreturn nil, "Failed to query Redis list: " .. errelsefor _, v in ipairs(res) dongx.log(ngx.INFO, "List value: ", v)endend-- 關(guān)閉 Redis 連接（重用連接池中的連接）red:set_keepalive(10000, 100)return res, nilend

請(qǐng)求url觸犯代碼

http://192.168.14.66 一分鐘多訪問一些，觸發(fā)cc
http://192.168.14.66/.bash_history/ 觸發(fā)url
...

查看redis里面是否寫入數(shù)據(jù)，這是存得list數(shù)據(jù)，用ip做的name，然后那些觸發(fā)得規(guī)則放在一個(gè)list里面。

查看日志查出來的結(jié)果

然后我們就可以根據(jù)redis里面的客戶ip做打分機(jī)制，當(dāng)然這只是一個(gè)基礎(chǔ)版本