{"id":13775621,"url":"https://github.com/wubonetcn/luawaf","last_synced_at":"2025-05-11T08:32:40.749Z","repository":{"id":45010658,"uuid":"191518780","full_name":"wubonetcn/luawaf","owner":"wubonetcn","description":"A secure and privately deployable web application firewall(WAF).一个安全、可私有部署的Web应用防火墙(WAF)。","archived":false,"fork":false,"pushed_at":"2022-06-11T07:48:59.000Z","size":11,"stargazers_count":64,"open_issues_count":7,"forks_count":16,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-11-17T10:40:06.090Z","etag":null,"topics":["firewalls","lua","nginx","waf"],"latest_commit_sha":null,"homepage":"","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wubonetcn.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-06-12T07:18:08.000Z","updated_at":"2024-03-27T13:15:48.000Z","dependencies_parsed_at":"2022-09-03T02:50:30.884Z","dependency_job_id":null,"html_url":"https://github.com/wubonetcn/luawaf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wubonetcn%2Fluawaf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wubonetcn%2Fluawaf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wubonetcn%2Fluawaf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wubonetcn%2Fluawaf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wubonetcn","download_url":"https://codeload.github.com/wubonetcn/luawaf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253540126,"owners_count":21924518,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firewalls","lua","nginx","waf"],"created_at":"2024-08-03T17:01:42.862Z","updated_at":"2025-05-11T08:32:40.514Z","avatar_url":"https://github.com/wubonetcn.png","language":"Lua","funding_links":[],"categories":["\u003ca id=\"af9d2b4988d35a2a634c042a1c66bb8c\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"6e28befd418dc5b22fb3fd234db322d3\"\u003e\u003c/a\u003e翻墙"],"readme":"# LUAWAF\nA web application firewall(WAF) written in lua.\n## How to use\n1. Install OpenResty\n```shell\nyum update -y\nyum install readline-devel pcre-devel openssl-devel perl gcc automake autoconf libtool make epel-release redis -y\ncd Downloads\nwget https://openresty.org/download/openresty-1.15.8.1.tar.gz\ntar -xzvf openresty-1.15.8.1.tar.gz\ncd openresty-1.15.8.1\n./configure --with-luajit\\\n            --with-http_iconv_module\ngmake\ngmake install\necho export PATH=$PATH:/usr/local/openresty/nginx/sbin \u003e\u003e /etc/profile\nsource /etc/profile\n```\n2. Clone this project\n```shell\ngit clone https://github.com/wubonetcn/luawaf.git\ncp luawaf /usr/local/openresty/nginx/conf/\n```\n3. Edit `/usr/local/openresty/nginx/conf/nginx.conf`\n```\nvim /usr/local/openresty/nginx/conf/nginx.conf\n```\n/usr/local/openresty/nginx/conf/nginx.conf\n```\n#user  nobody;\nworker_processes  1;\n\nerror_log  logs/error.log;\n#error_log  logs/error.log  notice;\n#error_log  logs/error.log  info;\n\n#pid        logs/nginx.pid;\n\n\nevents {\n    worker_connections  1024;\n}\n\n\nhttp {\n    include       mime.types;\n    default_type  application/octet-stream;\n\n    #log_format  main  '$remote_addr - $remote_user [$time_local] \"$request\" '\n    #                  '$status $body_bytes_sent \"$http_referer\" '\n    #                  '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n    #access_log  logs/access.log  main;\n\n    sendfile        on;\n    #tcp_nopush     on;\n\n    #keepalive_timeout  0;\n    keepalive_timeout  65;\n\n    #gzip  on;\n\n    server {\n        listen       80;\n        server_name  localhost;\n\n        #charset koi8-r;\n\n        #access_log  logs/host.access.log  main;\n\n        location / {\n            root   html;\n            index  index.html index.htm;\n        }\n\n        #error_page  404              /404.html;\n\n        # redirect server error pages to the static page /50x.html\n        #\n        error_page   500 502 503 504  /50x.html;\n        location = /50x.html {\n            root   html;\n        }\n\n        # proxy the PHP scripts to Apache listening on 127.0.0.1:80\n        #\n        #location ~ \\.php$ {\n        #    proxy_pass   http://127.0.0.1;\n        #}\n\n        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000\n        #\n        #location ~ \\.php$ {\n        #    root           html;\n        #    fastcgi_pass   127.0.0.1:9000;\n        #    fastcgi_index  index.php;\n        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;\n        #    include        fastcgi_params;\n        #}\n\n        # deny access to .htaccess files, if Apache's document root\n        # concurs with nginx's one\n        #\n        #location ~ /\\.ht {\n        #    deny  all;\n        #}\n    }\n\n\n    # another virtual host using mix of IP-, name-, and port-based configuration\n    #\n    #server {\n    #    listen       8000;\n    #    listen       somename:8080;\n    #    server_name  somename  alias  another.alias;\n\n    #    location / {\n    #        root   html;\n    #        index  index.html index.htm;\n    #    }\n    #}\n\n\n    # HTTPS server\n    #\n    #server {\n    #    listen       443 ssl;\n    #    server_name  localhost;\n\n    #    ssl_certificate      cert.pem;\n    #    ssl_certificate_key  cert.key;\n\n    #    ssl_session_cache    shared:SSL:1m;\n    #    ssl_session_timeout  5m;\n\n    #    ssl_ciphers  HIGH:!aNULL:!MD5;\n    #    ssl_prefer_server_ciphers  on;\n\n    #    location / {\n    #        root   html;\n    #        index  index.html index.htm;\n    #    }\n    #}\n    \n    \n    lua_package_path \"/usr/local/openresty/nginx/conf/luawaf/?.lua;/usr/local/openresty/lualib/?.lua;;\";\n    lua_shared_dict limit 10m;\n    init_by_lua_file  /usr/local/openresty/nginx/conf/luawaf/init.lua; \n    access_by_lua_file /usr/local/openresty/nginx/conf/luawaf/main.lua;\n\n}\n```\n4. Run Nginx\n```\nnginx\n```\nEnjoy it!\n## Fix bug\nPlease read this post.\n[《openresty的unescape_uri函数处理百分号后面字符的小特性》](https://www.cnxct.com/openresty-unescape_uri-feature-to-decode-char-after-percent-sign/)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwubonetcn%2Fluawaf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwubonetcn%2Fluawaf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwubonetcn%2Fluawaf/lists"}