Public/Safe3-uusec-waf
2
0
Fork 0
mirror of https://github.com/Safe3/uusec-waf.git synced 2025-10-04 06:51:54 +08:00
Code Issues Projects Releases Packages Wiki Activity
Safe3-uusec-waf/rules/xxe-attack.lua
UUSEC Technology e66cca6014 v7.0.0 
### Feature Updates

**Interface & Management**

- Redesigned main program and management interface with improved aesthetics and usability, supports UI language switching (English/Chinese)
- Added Rule Collections functionality: Create custom rule templates for batch configuration
- Introduced whitelist rules that terminate further rule matching upon success
- UUSEC WAF Rules API intelligent suggestions during advanced rule editing:ml-citation
- New plugin management supporting hot-reloaded plugins to extend WAF capabilities

**Protocol & Optimization**

- Supports streaming responses for continuous data push (e.g., LLM stream outputs)
- Enables Host header modification during proxying for upstream service access
- Search engine validation: `waf.searchEngineValid(dns,ip,ua)` prevents high-frequency rules from affecting SEO indexing
- Interception log report generation (HTML/PDF exports)
- Automatic rotation of UUSEC WAF error/access logs to prevent performance issues

**Security & Infrastructure**

- Expanded free SSL certificate support: HTTP-01 & DNS-01 verification across 50+ domain providers
- Customizable advanced WAF settings: HTTP2, GZIP, HTTP Caching, SSL protocols, etc
- Cluster configuration: Manage UUSEC WAF nodes and ML servers via web UI
2025-07-02 09:47:41 +08:00

16 lines
No EOL
653 B
Lua
Raw Permalink Blame History

--[[
Rule name: XXE attack
Filtering stage: Request phase
Threat level: Critical
Rule description: The XML External Entity injection vulnerability, abbreviated as XXE vulnerability. When external entities are allowed to be referenced, constructing malicious content can lead to the reading of arbitrary files, execution of system commands, detection of internal network ports, attacks on internal network websites, and other hazards.
--]]
if waf.form and waf.form["RAW"] then
local m = waf.rgxMatch(waf.form["RAW"], "<!(?:DOCTYPE|ENTITY)[^>]+?\\bSYSTEM\\b", "jos")
if m then
return m, waf.form["RAW"], true
end
end
return false
Reference in a new issue View git blame Copy permalink