1
|
local modsec = require "modsec"
|
2
|
|
3
|
local ok, err = modsec.init("/etc/owasp/modsec.conf")
|
4
|
if not ok then
|
5
|
print(err)
|
6
|
return
|
7
|
end
|
8
|
|
9
|
local transaction = modsec.transaction()
|
10
|
|
11
|
if not transaction then
|
12
|
print("Failed to initialize transaction")
|
13
|
end
|
14
|
|
15
|
-- evaluate connection info and request headers
|
16
|
local req_attr = lighty.r.req_attr
|
17
|
local url = req_attr["uri.scheme"]
|
18
|
.. "://"
|
19
|
.. req_attr["uri.authority"]
|
20
|
.. req_attr["uri.path-raw"]
|
21
|
.. (req_attr["uri.query"] and ("?" .. req_attr["uri.query"]) or "")
|
22
|
|
23
|
local res, err = transaction:eval_connection(req_attr["request.remote-addr"],req_attr["request.remote-port"],
|
24
|
req_attr["uri.authority"],req_attr["request.server-port"],url,
|
25
|
req_attr["request.method"],req_attr["request.protocol"])
|
26
|
|
27
|
if err then
|
28
|
print("Failed to evaluate connection: ",err)
|
29
|
end
|
30
|
|
31
|
local res, err = transaction:eval_request_headers(lighty.r.req_header)
|
32
|
|
33
|
if err then
|
34
|
print("Failed to evaluate request headers: ",err)
|
35
|
end
|
36
|
|
37
|
--[[ evaluate request body
|
38
|
Currently no way to evaluate request body
|
39
|
but this function must be run even with nil as arguments
|
40
|
]]
|
41
|
|
42
|
local res, err = transaction:eval_request_body(nil,nil)
|
43
|
|
44
|
if err then
|
45
|
print("Failed to evaluate request body: ",err)
|
46
|
end
|
47
|
|
48
|
-- Here decision could be made upon modsecurity variables whether handle this request or not
|
49
|
local score = tonumber(transaction.var.tx.anomaly_score)
|
50
|
|
51
|
if score >= 8 then
|
52
|
print("This request looks nasty overall score is: "..score)
|
53
|
return 403
|
54
|
end
|