SecRuleScript(实验)
说明:本指令创建一个特殊的规则,执行一个Lua脚本来决定是否匹配。从SecRule的主要区别是,没有目标,也没有操作符。这个脚本可以从ModSecurity获取任何变量并且用任何操作符检测他们。在动作列表里的第二个选项参数是和SecRule里的相同的。
语法:SecRuleScript /path/to/script.lua [ACTIONS]
例子:SecRuleScript "/path/to/file.lua" "block"
处理阶段:任何
适用范围:任何
版本:2.5.0
属地/备注:无
注意
所有的Lua脚本在配置时被编译和缓存在内存中。要重新加载脚本需重启Apache来重新加载整个ModSecurity配置。
示例脚本:
-- Your script must define the main entry
-- point, as below.
function main()
-- Log something at level 1. Normally you shouldn't be
-- logging anything, especially not at level 1, but this is
-- just to show you can. Useful for debugging.
m.log(1, "Hello world!");
-- Retrieve one variable.
local var1 = m.getvar("REMOTE_ADDR");
-- Retrieve one variable, applying one transformation function.
-- The second parameter is a string.
local var2 = m.getvar("ARGS", "lowercase");
-- Retrieve one variable, applying several transformation functions.
-- The second parameter is now a list. You should note that m.getvar()
-- requires the use of comma to separate collection names from
-- variable names. This is because only one variable is returned.
local var3 = m.getvar("ARGS.p", { "lowercase", "compressWhitespace" } );
-- If you want this rule to match return a string
-- containing the error message. The message must contain the name
-- of the variable where the problem is located.
-- return "Variable ARGS:p looks suspicious!"
-- Otherwise, simply return nil.
return nil;
end
在这第一个例子中,我们只是检索一个变量。这种情况下变量的名称是众所周知的。然而,在许多情况下,你想要检查事先不知道的变量的名字,例如脚本参数。
例子显示使用m.getvars()来一次检索多变量:
function main()
-- Retrieve script parameters.
local d = m.getvars("ARGS", { "lowercase", "htmlEntityDecode" } );
-- Loop through the paramters.
for i = 1, #d do
-- Examine parameter value.
if (string.find(d[i].value, "<script")) then
-- Always specify the name of the variable where the
-- problem is located in the error message.
return ("Suspected XSS in variable " .. d[i].name .. ".");
end
end
-- Nothing wrong found.
return nil;
end
注意:
前往http://www.lua.org/了解更多的Lua编程语言。在线自助手册:http://www.lua.org/manual/5.1/。