post做了修改，post_Mod只会对content-type 为 application/x-www-form-urlencoded 这种的进行过滤（非表单上传/raw类型），而不像以前的对post整体的body体进行过滤。表单上传后面会增加新的过滤。

from openstar.

那我来重新做一下测试看看，是不是这个情况。

from openstar.

还是不行啊。有没有即时聊天工具，供技术交流？

#api/debug调用结果。
{"_worker_id":0,"_Openstar_version":"v 1.5.0.8","_ip":"172.19.100.7","_ngx_configure":" --prefix=/opt/openresty/nginx --with-debug --with-cc-opt='-DNGX_LUA_USE_ASSERT -DNGX_LUA_ABORT_AT_PANIC -O2' --add-module=../ngx_devel_kit-0.3.0 --add-module=../echo-nginx-module-0.60 --add-module=../xss-nginx-module-0.05 --add-module=../ngx_coolkit-0.2rc3 --add-module=../set-misc-nginx-module-0.31 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.06 --add-module=../srcache-nginx-module-0.31 --add-module=../ngx_lua-0.10.7 --add-module=../ngx_lua_upstream-0.06 --add-module=../headers-more-nginx-module-0.32 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.17 --add-module=../redis2-nginx-module-0.13 --add-module=../redis-nginx-module-0.3.7 --add-module=../rds-json-nginx-module-0.14 --add-module=../rds-csv-nginx-module-0.07 --with-ld-opt=-Wl,-rpath,/opt/openresty/luajit/lib --pid-path=/var/run/nginx.pid --with-http_ssl_module","_ngx_version":1011002,"_worker_count":1,"_ngxVar":{"query_string":"","request_completion":"","request_time":"0.000","pid":"5927","host":"172.19.100.10","nginx_version":"1.11.2","request_uri":"/api/debug","remote_addr":"172.19.100.7","document_root":"/opt/openresty/nginx/html","connection":"9","http_host":"172.19.100.10:5460","request_method":"GET","msec":"1494406833.846","pipe":".","server_name":"localhost:5460","time_iso8601":"2017-05-10T17:00:33+08:00","uri":"/api/debug","server_addr":"172.19.100.10","realpath_root":"/opt/openresty/nginx/html","bytes_sent":"0","connection_requests":"1","request":"GET /api/debug HTTP/1.1","server_protocol":"HTTP/1.1","scheme":"http","document_uri":"/api/debug","request_filename":"/opt/openresty/nginx/html/api/debug","body_bytes_sent":"0","proxy_protocol_port":"","status":"000","hostname":"localhost.localdomain","time_local":"10/May/2017:17:00:33 +0800","request_length":"389","server_port":"5460","request_id":"71c788220b07184188ed2ec955b8d56a","proxy_protocol_addr":"","remote_port":"63094","limit_rate":"0"},"_ngx_prefix":"/opt/openresty/nginx/","_lua_version":"LuaJIT 2.1.0-beta2","_headers":{"host":"172.19.100.10:5460","accept-language":"zh-CN,zh;q=0.8","connection":"keep-alive","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8","accept-encoding":"gzip, deflate, sdch","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2979.0 Safari/537.36"},"_args":{},"_pid":5927,"_ngx_lua_version":10007}

#waf的配置，修改了一个地方more_set_headers 'Server: OpenStar 1.5.0.8';用于测试反馈。

#nginx配置，修改了一个地方，worker_processes 1;

#our.conf，proxy_pass是ok的。
#################### passport waf_cc by zhouj #################

2016年6月9日 11:26:36 up

upstream passport_web {
server 172.19.92.97:8080 max_fails=1 fail_timeout=10s;

}

server {
listen 80;
server_name www.test10.com;
access_log logs/mytest.access.log main;
error_log logs/mytest.debug.log debug;

#proxy_next_upstream http_502 http_504 http_404 error timeout invalid_header;

location ~* \.(gif|jpg|png|jpeg|bmp|css|js|flv|ico|swf|woff)$ {
    proxy_pass http://passport_web;
    access_log off;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    #proxy_set_header   X-Forwarded-For  $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_cache_valid 200 302 6h;
    proxy_cache_valid 301 1d;
    proxy_cache_valid any 1m;
    expires 30d;
    }

location /WebGoat {
    #92.97的8080端口，是允许的tomcat。
    proxy_pass http://172.19.92.97:8080/WebGoat;
    proxy_set_header   Host             $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    #proxy_set_header   X-Forwarded-For  $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }

}
####################################################

###############
#post_mod.json增加一个新的过滤规则
{
"state": "on",
"hostname": ["*",""],
"post_str": ["testpostbodydrop","jio"],
"action": "deny"
}

###############

#############request#############
###包头增加你说的字段Content-Type: application/x-www-form-urlencoded

POST /WebGoat/login.mvc HTTP/1.1
Host: www.test10.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2979.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=16B05686B08E321935090255506F7514
Connection: close
Content-Length: 16

testpostbodydrop

#############request#############

#############response##########
####直接透传过去了，这里405是97机器后台报的错误。没有被post_mod过滤掉。
##################
HTTP/1.1 405 Method Not Allowed
Date: Wed, 10 May 2017 09:14:21 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 1047
Connection: close
Allow: GET
Content-Language: en
Server: OpenStar 1.5.0.8

HTTP Status 405 - Request method 'POST' not supported

type Status report

message Request method 'POST' not supported

description The specified HTTP method is not allowed for the requested resource.

Apache Tomcat/7.0.59

from openstar.

POST /WebGoat/login.mvc HTTP/1.1
Host: www.test10.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2979.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=16B05686B08E321935090255506F7514
Connection: close
Content-Length: 16

a=testpostbodydrop&b=ddd

%%%%%%%%%%
试试上面的 post_Mod 是过滤值内容而不是过滤post的key.

一些web编程你在看看资料去

from openstar.

from openstar.

from openstar.

用你给的例子是一样的效果。

from openstar.

通过api检查 base 开关情况，检查各个mod规则情况，确定waf.conf在our.conf之前引用。
排查问题......

from openstar.

uri拦截是生效的，说明waf是加载正常的，our.conf引用，用的是默认配置的位置。

from openstar.