From 8c0326ee8fa6c97edaf04f450a5942cbd62d3834 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?=
 <virusdefender@users.noreply.github.com>
Date: Sun, 3 May 2015 23:01:13 +0800
Subject: [PATCH 1/5] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=AF=B9.git=E7=9B=AE?=
 =?UTF-8?q?=E5=BD=95=E8=AE=BF=E9=97=AE=E7=9A=84=E6=8B=A6=E6=88=AA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

增加对.git目录访问的拦截
---
 wafconf/url | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wafconf/url b/wafconf/url
index 31130d3..a48a430 100644
--- a/wafconf/url
+++ b/wafconf/url
@@ -1,4 +1,4 @@
-\.(svn|htaccess|bash_history)
+\.(svn|git|htaccess|bash_history)
 \.(bak|inc|old|mdb|sql|backup|java|class)$
 (vhost|bbs|host|wwwroot|www|site|root|hytop|flashfxp).*\.rar
 (phpmyadmin|jmx-console|jmxinvokerservlet)

From 62031899e195ad879a7e406fa46564c123dc818d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?=
 <virusdefender@users.noreply.github.com>
Date: Thu, 7 May 2015 19:29:43 +0800
Subject: [PATCH 2/5] Update init.lua

---
 init.lua | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/init.lua b/init.lua
index eb44bf0..890744e 100644
--- a/init.lua
+++ b/init.lua
@@ -10,6 +10,7 @@ UrlDeny = optionIsOn(UrlDeny)
 PostCheck = optionIsOn(postMatch)
 CookieCheck = optionIsOn(cookieMatch)
 WhiteCheck = optionIsOn(whiteModule)
+WhiteServerName = optionIsOn(WhiteServerName)
 PathInfoFix = optionIsOn(PathInfoFix)
 attacklog = optionIsOn(attacklog)
 CCDeny = optionIsOn(CCDeny)
@@ -66,6 +67,7 @@ uarules=read_rule('user-agent')
 wturlrules=read_rule('whiteurl')
 postrules=read_rule('post')
 ckrules=read_rule('cookie')
+white_servername = read_rule('white_servername')
 
 
 function say_html()
@@ -89,6 +91,24 @@ function whiteurl()
     end
     return false
 end
+
+
+function white_servername()
+    if WhiteServerName then:
+    	host = ngx.req.get_headers()["Host"]
+    	if host == nil then
+    	    return false;
+    	if white_servername ~= nil then
+    	    for _, rule in pairs(white_servername) do
+    	    	if ngxmatch(host, rule, "isjo") then
+    	    	    return true
+    	    	end
+            end
+        end
+    return false
+end
+
+        
 function fileExtCheck(ext)
     local items = Set(black_fileExt)
     ext=string.lower(ext)

From 4d79bb7d641aa3731cffc3d2f3ad34ec1d4e8897 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?=
 <virusdefender@users.noreply.github.com>
Date: Thu, 7 May 2015 19:30:26 +0800
Subject: [PATCH 3/5] Update waf.lua

---
 waf.lua | 1 +
 1 file changed, 1 insertion(+)

diff --git a/waf.lua b/waf.lua
index a6e5fdc..bd22f19 100644
--- a/waf.lua
+++ b/waf.lua
@@ -8,6 +8,7 @@ elseif ngx.var.http_Acunetix_Aspect then
 elseif ngx.var.http_X_Scan_Memo then
     ngx.exit(444)
 elseif whiteurl() then
+elseif white_servername() then
 elseif ua() then
 elseif url() then
 elseif args() then

From b89d6ea7550aa3c9c7f5125213431e497829f1fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?=
 <virusdefender@users.noreply.github.com>
Date: Thu, 7 May 2015 19:30:58 +0800
Subject: [PATCH 4/5] Update config.lua

---
 config.lua | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config.lua b/config.lua
index 6e66ce6..2f7144b 100644
--- a/config.lua
+++ b/config.lua
@@ -5,6 +5,7 @@ UrlDeny="on"
 Redirect="on"
 CookieMatch="on"
 postMatch="on" 
+WhiteServerName="on"
 whiteModule="on" 
 black_fileExt={"php","jsp"}
 ipWhitelist={"127.0.0.1"}

From b32ae8f7289517a654195c77a53b64d042fdadde Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?=
 <virusdefender@users.noreply.github.com>
Date: Thu, 7 May 2015 20:32:57 +0800
Subject: [PATCH 5/5] Update init.lua

---
 init.lua | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/init.lua b/init.lua
index 890744e..6807e27 100644
--- a/init.lua
+++ b/init.lua
@@ -15,6 +15,8 @@ PathInfoFix = optionIsOn(PathInfoFix)
 attacklog = optionIsOn(attacklog)
 CCDeny = optionIsOn(CCDeny)
 Redirect=optionIsOn(Redirect)
+
+
 function getClientIp()
         IP = ngx.req.get_headers()["X-Real-IP"]
         if IP == nil then
@@ -65,10 +67,14 @@ urlrules=read_rule('url')
 argsrules=read_rule('args')
 uarules=read_rule('user-agent')
 wturlrules=read_rule('whiteurl')
+white_servername_list = read_rule('white_servername')
 postrules=read_rule('post')
 ckrules=read_rule('cookie')
-white_servername = read_rule('white_servername')
 
+function debug(info)
+    write("/var/log/nginx/waf/debug.log", info)
+end
+    
 
 function say_html()
     if Redirect then
@@ -93,22 +99,28 @@ function whiteurl()
 end
 
 
+
 function white_servername()
-    if WhiteServerName then:
+    debug("white servername")
+    if 1==1 then
     	host = ngx.req.get_headers()["Host"]
     	if host == nil then
+            debug("nil host")
     	    return false;
-    	if white_servername ~= nil then
-    	    for _, rule in pairs(white_servername) do
+        end
+        debug(host)
+    	if white_servername_list ~= nil then
+    	    for _, rule in pairs(white_servername_list) do
     	    	if ngxmatch(host, rule, "isjo") then
     	    	    return true
     	    	end
             end
         end
-    return false
+        return false
+    end
 end
 
-        
+
 function fileExtCheck(ext)
     local items = Set(black_fileExt)
     ext=string.lower(ext)