Project

General

Profile

AbsoLUAtion » waf.lua

simple example of validating requests with modsecurity - prauat, 2021-11-03 17:17

 
1
local modsec = require "modsec"
2

    
3
local ok, err = modsec.init("/etc/owasp/modsec.conf")
4
if not ok then
5
	print(err)
6
	return
7
end
8

    
9
local transaction = modsec.transaction()
10

    
11
if not transaction then
12
	print("Failed to initialize transaction")
13
end
14

    
15
-- evaluate connection info and request headers
16
local req_attr = lighty.r.req_attr
17
local url = req_attr["uri.scheme"]
18
         .. "://" 
19
         .. req_attr["uri.authority"]
20
         .. req_attr["uri.path-raw"]
21
         .. (req_attr["uri.query"] and ("?" .. req_attr["uri.query"]) or "")
22

    
23
local res, err = transaction:eval_connection(req_attr["request.remote-addr"],req_attr["request.remote-port"],
24
						req_attr["uri.authority"],req_attr["request.server-port"],url,
25
                                                req_attr["request.method"],req_attr["request.protocol"])
26

    
27
if err then
28
	print("Failed to evaluate connection: ",err)
29
end
30

    
31
local res, err = transaction:eval_request_headers(lighty.r.req_header)
32

    
33
if err then
34
	print("Failed to evaluate request headers: ",err)
35
end
36

    
37
--[[ evaluate request body
38
Currently no way to evaluate request body
39
but this function must be run even with nil as arguments
40
]]
41

    
42
local res, err = transaction:eval_request_body(nil,nil)
43

    
44
if err then
45
	print("Failed to evaluate request body: ",err)
46
end
47

    
48
-- Here decision could be made upon modsecurity variables whether handle this request or not
49
local score = tonumber(transaction.var.tx.anomaly_score)
50

    
51
if score >= 8 then
52
	print("This request looks nasty overall score is: "..score)
53
	return 403
54
end
(6-6/6)