Project

General

Profile

AbsoLUAtion » waf.lua

simple example of validating requests with modsecurity - prauat, 2021-11-03 17:17

 
local modsec = require "modsec"

local ok, err = modsec.init("/etc/owasp/modsec.conf")
if not ok then
print(err)
return
end

local transaction = modsec.transaction()

if not transaction then
print("Failed to initialize transaction")
end

-- evaluate connection info and request headers
local req_attr = lighty.r.req_attr
local url = req_attr["uri.scheme"]
.. "://"
.. req_attr["uri.authority"]
.. req_attr["uri.path-raw"]
.. (req_attr["uri.query"] and ("?" .. req_attr["uri.query"]) or "")

local res, err = transaction:eval_connection(req_attr["request.remote-addr"],req_attr["request.remote-port"],
req_attr["uri.authority"],req_attr["request.server-port"],url,
req_attr["request.method"],req_attr["request.protocol"])

if err then
print("Failed to evaluate connection: ",err)
end

local res, err = transaction:eval_request_headers(lighty.r.req_header)

if err then
print("Failed to evaluate request headers: ",err)
end

--[[ evaluate request body
Currently no way to evaluate request body
but this function must be run even with nil as arguments
]]

local res, err = transaction:eval_request_body(nil,nil)

if err then
print("Failed to evaluate request body: ",err)
end

-- Here decision could be made upon modsecurity variables whether handle this request or not
local score = tonumber(transaction.var.tx.anomaly_score)

if score >= 8 then
print("This request looks nasty overall score is: "..score)
return 403
end
(6-6/6)