|
local modsec = require "modsec"
|
|
|
|
local ok, err = modsec.init("/etc/owasp/modsec.conf")
|
|
if not ok then
|
|
print(err)
|
|
return
|
|
end
|
|
|
|
local transaction = modsec.transaction()
|
|
|
|
if not transaction then
|
|
print("Failed to initialize transaction")
|
|
end
|
|
|
|
-- evaluate connection info and request headers
|
|
local req_attr = lighty.r.req_attr
|
|
local url = req_attr["uri.scheme"]
|
|
.. "://"
|
|
.. req_attr["uri.authority"]
|
|
.. req_attr["uri.path-raw"]
|
|
.. (req_attr["uri.query"] and ("?" .. req_attr["uri.query"]) or "")
|
|
|
|
local res, err = transaction:eval_connection(req_attr["request.remote-addr"],req_attr["request.remote-port"],
|
|
req_attr["uri.authority"],req_attr["request.server-port"],url,
|
|
req_attr["request.method"],req_attr["request.protocol"])
|
|
|
|
if err then
|
|
print("Failed to evaluate connection: ",err)
|
|
end
|
|
|
|
local res, err = transaction:eval_request_headers(lighty.r.req_header)
|
|
|
|
if err then
|
|
print("Failed to evaluate request headers: ",err)
|
|
end
|
|
|
|
--[[ evaluate request body
|
|
Currently no way to evaluate request body
|
|
but this function must be run even with nil as arguments
|
|
]]
|
|
|
|
local res, err = transaction:eval_request_body(nil,nil)
|
|
|
|
if err then
|
|
print("Failed to evaluate request body: ",err)
|
|
end
|
|
|
|
-- Here decision could be made upon modsecurity variables whether handle this request or not
|
|
local score = tonumber(transaction.var.tx.anomaly_score)
|
|
|
|
if score >= 8 then
|
|
print("This request looks nasty overall score is: "..score)
|
|
return 403
|
|
end
|