forked from ADD-SP/ngx_waf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config
290 lines (233 loc) · 8.02 KB
/
config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
ngx_addon_name=ngx_http_waf_module
deps="$ngx_addon_dir/inc/ngx_http_waf_module_check.h \
$ngx_addon_dir/inc/ngx_http_waf_module_config.h \
$ngx_addon_dir/inc/ngx_http_waf_module_core.h \
$ngx_addon_dir/inc/ngx_http_waf_module_macro.h \
$ngx_addon_dir/inc/ngx_http_waf_module_type.h \
$ngx_addon_dir/inc/ngx_http_waf_module_util.h \
$ngx_addon_dir/inc/ngx_http_waf_module_ip_trie.h \
$ngx_addon_dir/inc/ngx_http_waf_module_mem_pool.h \
$ngx_addon_dir/inc/ngx_http_waf_module_lru_cache.h \
$ngx_addon_dir/inc/ngx_http_waf_module_under_attack.h \
$ngx_addon_dir/inc/ngx_http_waf_module_vm.h \
$ngx_addon_dir/inc/ngx_http_waf_module_lexer.h \
$ngx_addon_dir/inc/ngx_http_waf_module_parser.tab.h"
srcs="$ngx_addon_dir/src/ngx_http_waf_module_core.c \
$ngx_addon_dir/src/ngx_http_waf_module_check.c \
$ngx_addon_dir/src/ngx_http_waf_module_config.c \
$ngx_addon_dir/src/ngx_http_waf_module_ip_trie.c \
$ngx_addon_dir/src/ngx_http_waf_module_lru_cache.c \
$ngx_addon_dir/src/ngx_http_waf_module_mem_pool.c \
$ngx_addon_dir/src/ngx_http_waf_module_under_attack.c \
$ngx_addon_dir/src/ngx_http_waf_module_util.c \
$ngx_addon_dir/src/ngx_http_waf_module_vm.c \
$ngx_addon_dir/src/ngx_http_waf_module_lexer.c \
$ngx_addon_dir/src/ngx_http_waf_module_parser.tab.c \
$ngx_addon_dir/inc/libinjection/src/libinjection_html5.c \
$ngx_addon_dir/inc/libinjection/src/libinjection_sqli.c \
$ngx_addon_dir/inc/libinjection/src/libinjection_xss.c"
ngx_http_waf_module_libs=""
ngx_http_waf_module_inc_path="$ngx_addon_dir/inc "
if [ -n "$LIB_UTHASH" ] ; then
ngx_http_waf_module_inc_path="${ngx_http_waf_module_inc_path} ${LIB_UTHASH}/include"
fi
which flex
if [ $? -ne 0 ] ; then
cat << END
$0: error: the $ngx_addon_name module requires the flex.
Please run:
On Ubuntu or Debian:
apt-get update && apt-get install --yes flex
On CentOS 7:
yum -y install flex
On Centos 8 or Fedora 33 or Fedora 34:
dnf install flex
On Alpine:
apk update && apk add --upgrade flex
On Arch:
1. Enable the core repository on /etc/pacman.conf:
[core]
Include = /etc/pacman.d/mirrorlist
2. Install flex xz package:
pacman -Syu flex
On FreeBSD 12 or FreeBSD 13:
pkg install flex
END
exit 1
fi
which bison
if [ $? -ne 0 ] ; then
cat << END
$0: error: the $ngx_addon_name module requires the bison.
Please run:
On Ubuntu or Debian:
apt-get update && apt-get install --yes bison
On CentOS 7:
yum -y install bison
On Centos 8 or Fedora 33 or Fedora 34:
dnf install bison
On Alpine:
apk update && apk add --upgrade bison
On Arch:
1. Enable the core repository on /etc/pacman.conf:
[core]
Include = /etc/pacman.d/mirrorlist
2. Install flex xz package:
pacman -Syu bison
On FreeBSD 12 or FreeBSD 13:
pkg install bison
END
exit 1
fi
is_gen='true'
if [ ! -e "${ngx_addon_dir}/inc/ngx_http_waf_module_lexer.h" ] ; then
is_gen='false'
elif [ ! -e "${ngx_addon_dir}/src/ngx_http_waf_module_lexer.c" ] ; then
is_gen='false'
elif [ ! -e "${ngx_addon_dir}/inc/ngx_http_waf_module_parser.tab.h" ] ; then
is_gen='false'
elif [ ! -e "${ngx_addon_dir}/src/ngx_http_waf_module_parser.tab.c" ] ; then
is_gen='false'
fi
if [ $is_gen != 'true' ] ; then
cat << END
$0: error: the $ngx_addon_name module requires the following command to be run to generate the necessary files.
cd $ngx_addon_dir && make && cd $(pwd)
END
exit 1
fi
# Check if the uthash library is installed.
ngx_feature="uthash library"
ngx_feature_name=
ngx_feature_run=no
ngx_feature_path=$ngx_http_waf_module_inc_path
ngx_feature_incs="#include <utstack.h>"
ngx_feature_libs=$ngx_http_waf_module_libs
ngx_feature_test=
. auto/feature
if [ $ngx_found = no ] ; then
PWD=$(pwd)
cat << END
$0: error: the $ngx_addon_name module requires the $ngx_feature.
Please run:
cd /usr/local/src \\
&& git clone https://github.com/troydhanson/uthash.git \\
&& export LIB_UTHASH=/usr/local/src/uthash \\
&& cd $PWD
END
PWD=''
exit 1
fi
# Check if the C compiler supports the C99 standard.
ngx_feature="C99 features"
ngx_feature_name=
ngx_feature_run=yes
ngx_feature_path=$ngx_http_waf_module_inc_path
ngx_feature_incs=
ngx_feature_libs=$ngx_http_waf_module_libs
ngx_feature_test=$(cat << END
/* Declare variables in loops. */
for(int i = 0; i < 10; i++) {}
int i = 0, j = 0;
/* Short-circuit operation for logical expressions. */
if (i == 0 || !(j = 1)) {}
if (j == 1) { return 1; }
j = 0;
if (i != 0 && !(j = 1)) {}
if (j == 1) { return 1; }
END
)
. auto/feature
if [ $ngx_found = no ] ; then
cat << END
$0: error: the $ngx_addon_name module requires the $ngx_feature, make sure your C compiler supports and enables the C99 standard.
For gcc, you can enable the C99 standard by appending the parameter --with-cc-opt='-std=gnu99'.
END
exit 1
fi
ngx_http_waf_module_inc_path="${ngx_http_waf_module_inc_path} ${ngx_addon_dir}/inc/libinjection/src"
# Check if libinjection exists.
ngx_feature="injection library"
ngx_feature_name=
ngx_feature_run=no
ngx_feature_path=$ngx_http_waf_module_inc_path
ngx_feature_incs=$(cat << END
#include <libinjection.h>
#include <libinjection_sqli.h>
#include <libinjection_xss.h>
END
)
ngx_feature_libs=$ngx_http_waf_module_libs
ngx_feature_test=
. auto/feature
if [ $ngx_found = no ] ; then
PWD=$(pwd)
cat << END
$0: error: the $ngx_addon_name module requires the $ngx_feature.
Please run cd $ngx_addon_dir && git clone https://github.com/libinjection/libinjection.git inc/libinjection && cd $PWD
END
PWD=''
exit 1
fi
if [ -n "$LIB_SODIUM" ] ; then
ngx_http_waf_module_inc_path="${ngx_http_waf_module_inc_path} ${LIB_SODIUM}/include"
ngx_http_waf_module_libs=" ${ngx_http_waf_module_libs} -L ${LIB_SODIUM}/lib -Wl,-Bstatic -l sodium -Wl,-Bdynamic "
else
ngx_http_waf_module_libs=" ${ngx_http_waf_module_libs} -l sodium "
fi
# Check if libsodium exists.
ngx_feature="sodium library"
ngx_feature_name=
ngx_feature_run=no
ngx_feature_path=$ngx_http_waf_module_inc_path
ngx_feature_incs='#include <sodium.h>'
ngx_feature_libs=$ngx_http_waf_module_libs
ngx_feature_test=
. auto/feature
if [ $ngx_found = no ] ; then
PWD=$(pwd)
cat << END
$0: error: the $ngx_addon_name module requires the $ngx_feature.
Please run:
On Ubuntu or Debian:
apt-get update && apt-get install --yes libsodium23 libsodium-dev
On Alpine:
apk update && apk add libsodium libsodium-dev
On other OS:
# You can remove directories libsodium-src and libsodium after installing the ngx_http_waf_module.
git clone https://github.com/jedisct1/libsodium.git --branch stable libsodium-src \\
&& cd libsodium-src \\
&& ./configure --prefix=$PWD/libsodium --with-pic \\
&& make -j\$(nproc) && make check -j \$(nproc) && make install \\
&& export LIB_SODIUM=$PWD/libsodium \\
&& cd $PWD
END
PWD=''
exit 1
fi
# Clear these variables to avoid affecting the installation of other modules.
ngx_feature=
ngx_feature_name=
ngx_feature_run=
ngx_feature_path=
ngx_feature_incs=
ngx_feature_libs=
ngx_feature_test=
if test -n "$ngx_module_link"; then
ngx_module_type=HTTP
ngx_module_name=$ngx_addon_name
ngx_module_deps=$deps
ngx_module_incs=$ngx_http_waf_module_inc_path
ngx_module_srcs=$srcs
ngx_module_libs=$ngx_http_waf_module_libs
# Let ngx_http_access_module initialize before this module,
# so that this module can take effect after ngx_http_access_module,
# because the initialization order and the effective order are reversed.
ngx_module_order="${ngx_addon_name} ngx_http_access_module"
. auto/module
else
HTTP_MODULES="$HTTP_MODULES ${ngx_addon_name}"
HTTP_DEPS-"$HTTP_DEPS $deps"
HTTP_INCS="$HTTP_INCS -I $ngx_addon_dir/inc $ngx_addon_dir/inc/libinjection/src"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $srcs"
fi