- Remove telemetry: disabled all phone-home (installation notify, false positives, behavior tracking, upgrade tips) - Version branding: removed 'ce-' prefix, product name changed to '长亭雷池 WAF' - Detection engine enhancement: strict preset enables all 17 modules with aggressive configs - Multi-user RBAC: admin/operator/viewer roles with password + TOTP 2FA - Rate limiting: nginx limit_req per website (RPS, burst, action) - JS Challenge: browser fingerprint verification page with cookie-based bypass - Security fixes: removed InsecureSkipVerify, hardcoded credentials, NO_AUTH backdoor
This commit is contained in:
@@ -0,0 +1,36 @@
|
||||
local consts = require "resty.t1k.constants"
|
||||
local log = require "resty.t1k.log"
|
||||
|
||||
local fmt = string.format
|
||||
|
||||
local ngx = ngx
|
||||
|
||||
local log_fmt = log.fmt
|
||||
|
||||
local _M = {
|
||||
_VERSION = '1.0.0'
|
||||
}
|
||||
|
||||
function _M.handle(t)
|
||||
local t_type = type(t)
|
||||
if t_type ~= "table" then
|
||||
local err = log_fmt("invalid result type: %s", t_type)
|
||||
return nil, err
|
||||
end
|
||||
|
||||
local action = t["action"]
|
||||
if action == consts.ACTION_PASSED then
|
||||
return true, nil
|
||||
elseif action == consts.ACTION_BLOCKED then
|
||||
ngx.status = t["status"] or ngx.HTTP_FORBIDDEN
|
||||
ngx.header.content_type = consts.BLOCK_CONTENT_TYPE
|
||||
ngx.say(fmt(consts.BLOCK_CONTENT_FORMAT, ngx.status, t["event_id"]))
|
||||
|
||||
return ngx.exit(ngx.status)
|
||||
else
|
||||
local err = log_fmt("unknown action from t1k server: %s", action)
|
||||
return nil, err
|
||||
end
|
||||
end
|
||||
|
||||
return _M
|
||||
Reference in New Issue
Block a user