mirror of
https://github.com/Safe3/uusec-waf.git
synced 2025-10-04 06:51:54 +08:00
e66cca6014
### Feature Updates **Interface & Management** - Redesigned main program and management interface with improved aesthetics and usability, supports UI language switching (English/Chinese) - Added Rule Collections functionality: Create custom rule templates for batch configuration - Introduced whitelist rules that terminate further rule matching upon success - UUSEC WAF Rules API intelligent suggestions during advanced rule editing:ml-citation - New plugin management supporting hot-reloaded plugins to extend WAF capabilities **Protocol & Optimization** - Supports streaming responses for continuous data push (e.g., LLM stream outputs) - Enables Host header modification during proxying for upstream service access - Search engine validation: `waf.searchEngineValid(dns,ip,ua)` prevents high-frequency rules from affecting SEO indexing - Interception log report generation (HTML/PDF exports) - Automatic rotation of UUSEC WAF error/access logs to prevent performance issues **Security & Infrastructure** - Expanded free SSL certificate support: HTTP-01 & DNS-01 verification across 50+ domain providers - Customizable advanced WAF settings: HTTP2, GZIP, HTTP Caching, SSL protocols, etc - Cluster configuration: Manage UUSEC WAF nodes and ML servers via web UI
68 lines
No EOL
1.5 KiB
Lua
68 lines
No EOL
1.5 KiB
Lua
--[[
|
|
Rule name: PHP Security Rule Set
|
|
Filtering stage: Request phase
|
|
Threat level: High
|
|
Rule description: Detecting vulnerabilities related to object serialization in PHP
|
|
--]]
|
|
|
|
|
|
local kvFilter = waf.kvFilter
|
|
local rgx = waf.rgxMatch
|
|
|
|
local function sMatch(v)
|
|
local m = rgx(v, "php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)|(?:ssh2(?:.(?:s(?:(?:ft|c)p|hell)|tunnel|exec))?|z(?:lib|ip)|(?:ph|r)ar|expect|bzip2|glob|ogg)://|\\bphpinfo\\s*\\(\\s*\\)", "joi")
|
|
if m then
|
|
return m, v
|
|
end
|
|
m = rgx(v, "[oOcC]:\\d+:\"\\w+\":\\d+:{.*?}", "jos")
|
|
if m then
|
|
return m, v
|
|
end
|
|
return false
|
|
end
|
|
|
|
local function fileContentMatch(v)
|
|
local m = rgx(v, "<\\?.+?\\$_(?:GET|POST|COOKIE|REQUEST|SERVER|FILES|SESSION)|<\\?php", "jos")
|
|
if m then
|
|
return m, v
|
|
end
|
|
return false
|
|
end
|
|
|
|
if rgx(waf.uri, "\\.php\\.", "joi") then
|
|
return true, waf.uri, true
|
|
end
|
|
|
|
local form = waf.form
|
|
if form then
|
|
local m, d = kvFilter(form["FORM"], sMatch)
|
|
if m then
|
|
return m, d, true
|
|
end
|
|
m, d = waf.knFilter(form["FILES"], fileContentMatch, 0)
|
|
if m then
|
|
return m, d, true
|
|
end
|
|
end
|
|
|
|
local queryString = waf.queryString
|
|
if queryString then
|
|
local m, d = kvFilter(queryString, sMatch)
|
|
if m then
|
|
return m, d, true
|
|
end
|
|
end
|
|
|
|
local cookies = waf.cookies
|
|
if cookies then
|
|
local m, d = kvFilter(cookies, sMatch)
|
|
if m then
|
|
return m, d, true
|
|
end
|
|
end
|
|
|
|
local m, d = kvFilter(waf.reqHeaders, sMatch)
|
|
if m then
|
|
return m, d, true
|
|
end
|
|
return false |