⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.19
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Server Software:
Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
apache
/
modsecurity-owasp-old
/
lua
/
View File Name :
appsensor_request_exception_profile.lua
function main() --[[ Global Vars ]] --[[ Import Profile Learning Thresholds [resource.min_traffic_threshold] Set the resource.min_traffic_threshold as the minimum number of "clean" transactions to profile/inspect before enforcement of the profile begins. [resource.min_pattern_threshold] resource.min_pattern_threshold is the minimum number of times that an individual match should occur in order to include the it into the learned profile ]] MinPatternThreshold = tonumber(m.getvar("RESOURCE.min_pattern_threshold")) MinTrafficThreshold = tonumber(m.getvar("RESOURCE.min_traffic_threshold")) TrafficCounter = m.getvar("RESOURCE.traffic_counter") if TrafficCounter == nil then TrafficCounter = "1" m.setvar("RESOURCE.traffic_counter", TrafficCounter) m.log(4, "Traffic Counter: " ..TrafficCounter.. ".") else TrafficCounter = tonumber(TrafficCounter + 1) m.setvar("RESOURCE.traffic_counter", TrafficCounter) m.log(4, "Traffic Counter: " ..TrafficCounter.. ".") end --[[ Profile Request Method ]] ProfileRequestMethod() --[[ Profile Number of Parameters/ARGS ]] ProfileNumOfArgs() --[[ Profile Parameter Names ]] ProfileArgsNames() --[[ Profile Parameter Lengths ]] ProfileArgsLength() --[[ Profile Parameter Character Class ]] ProfileArgCharClass() if (TrafficCounter == MinTrafficThreshold) then m.setvar("RESOURCE.enforce_re_profile", "1") end m.log(4, "Ending Profile Analyzer Script") return nil end --[[ Begin Profiler Functions ]] function ProfileArgCharClass() local Args = {} Args = m.getvars("ARGS", {"none"}) for k,v in pairs(Args) do name = v["name"]; value = v["value"]; m.log(4, "CharClass Check - Arg Name: " ..name.. " and Value: " ..value.. "."); --[[ Check for Digits Character Class ]] if string.match(value, "^%d+$") then m.log(4, "Parameter " ..name.. " payload matches digit class.") local EnforceArgCharClassDigits = m.getvar("RESOURCE.enforce_charclass_digits") if not (EnforceArgCharClassDigits) then local ArgDigitCounter = m.getvar("RESOURCE." ..name.. "_digit_counter") if not (ArgDigitCounter) then ArgDigitCounter = 1 m.log(4, "Creating " .. name .. " Digit Counter: " .. ArgDigitCounter) m.setvar("RESOURCE." .. name .. "_digit_counter", ArgDigitCounter) else ArgDigitCounter = ArgDigitCounter + 1 m.log(4, "Updating " .. name .. " Digit Counter: " .. ArgDigitCounter) m.setvar("RESOURCE." .. name .. "_digit_counter", ArgDigitCounter) end if (ArgDigitCounter == MinPatternThreshold) then if not (EnforceArgCharClassDigits) then EnforceArgCharClassDigits = name else EnforceArgCharClassDigits = EnforceArgCharClassDigits .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Digits Enforcement list: " .. EnforceArgCharClassDigits) m.setvar("RESOURCE.enforce_charclass_digits", EnforceArgCharClassDigits) m.setvar("!RESOURCE." .. name .. "_digit_counter", "0") end else local CheckArgCharClassDigits = string.find(EnforceArgCharClassDigits, name) if (CheckArgCharClassDigits) then m.log(4, "Arg Name: " .. name .. " already in Digits Enforcement list.") else local ArgDigitCounter = m.getvar("RESOURCE." ..name.. "_digit_counter") if not (ArgDigitCounter) then ArgDigitCounter = 1 m.log(4, "Creating " .. name .. " Digit Counter: " .. ArgDigitCounter) m.setvar("RESOURCE." .. name .. "_digit_counter", ArgDigitCounter) else ArgDigitCounter = ArgDigitCounter + 1 m.log(4, "Updating " .. name .. " Digit Counter: " .. ArgDigitCounter) m.setvar("RESOURCE." .. name .. "_digit_counter", ArgDigitCounter) end if (ArgDigitCounter == MinPatternThreshold) then if not (EnforceArgCharClassDigits) then EnforceArgCharClassDigits = name else EnforceArgCharClassDigits = EnforceArgCharClassDigits .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Digits Enforcement list: " .. EnforceArgCharClassDigits) m.setvar("RESOURCE.enforce_charclass_digits", EnforceArgCharClassDigits) end end end if (TrafficCounter == MinTrafficThreshold) then m.setvar("!RESOURCE." .. name .. "_digit_counter", "0") end --[[ Check for Email Class ]] elseif string.match(value, "^[A-Za-z0-9%.%%%+%-]+@[A-Za-z0-9%.%%%+%-]+%.%w%w%w?%w?$") then m.log(4, "Parameter " ..name.. " payload matches email class.") local EnforceArgCharClassEmail = m.getvar("RESOURCE.enforce_charclass_email") if not (EnforceArgCharClassEmail) then local ArgEmailCounter = m.getvar("RESOURCE." ..name.. "_email_counter") if not (ArgEmailCounter) then ArgEmailCounter = 1 m.log(4, "Creating " .. name .. " Email Counter: " .. ArgEmailCounter) m.setvar("RESOURCE." .. name .. "_email_counter", ArgEmailCounter) else ArgEmailCounter = ArgEmailCounter + 1 m.log(4, "Updating " .. name .. " Email Counter: " .. ArgEmailCounter) m.setvar("RESOURCE." .. name .. "_email_counter", ArgEmailCounter) end if (ArgEmailCounter == MinPatternThreshold) then if not (EnforceArgCharClassEmail) then EnforceArgCharClassEmail = name else EnforceArgCharClassEmail = EnforceArgCharClassEmail .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Email Enforcement list: " .. EnforceArgCharClassEmail) m.setvar("RESOURCE.enforce_charclass_email", EnforceArgCharClassEmail) end else local CheckArgCharClassEmail = string.find(EnforceArgCharClassEmail, name) if (CheckArgCharClassEmail) then m.log(4, "Arg Name: " .. name .. " already in Email Enforcement list.") else local ArgEmailCounter = m.getvar("RESOURCE." ..name.. "_email_counter") if not (ArgEmailCounter) then ArgEmailCounter = 1 m.log(4, "Creating " .. name .. " Email Counter: " .. ArgEmailCounter) m.setvar("RESOURCE." .. name .. "_email_counter", ArgEmailCounter) else ArgEmailCounter = ArgEmailCounter + 1 m.log(4, "Updating " .. name .. " Email Counter: " .. ArgEmailCounter) m.setvar("RESOURCE." .. name .. "_email_counter", ArgEmailCounter) end if (ArgEmailCounter == MinPatternThreshold) then if not (EnforceArgCharClassEmail) then EnforceArgCharClassEmail = name else EnforceArgCharClassEmail = EnforceArgCharClassEmail .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Email Enforcement list: " .. EnforceArgCharClassEmail) m.setvar("RESOURCE.enforce_charclass_email", EnforceArgCharClassEmail) end end end if (TrafficCounter == MinTrafficThreshold) then m.setvar("!RESOURCE." .. name .. "_email_counter", "0") end --[[ Check for URL Class ]] elseif string.match(value, "[A-Za-z]+://[A-Za-z0-9-_]+%.[A-Za-z0-9-_.]+/?") then m.log(4, "Parameter " ..name.. " payload matches url class.") local EnforceArgCharClassUrl = m.getvar("RESOURCE.enforce_charclass_url") if not (EnforceArgCharClassUrl) then local ArgUrlCounter = m.getvar("RESOURCE." ..name.. "_url_counter") if not (ArgUrlCounter) then ArgUrlCounter = 1 m.log(4, "Creating " .. name .. " Url Counter: " .. ArgUrlCounter) m.setvar("RESOURCE." .. name .. "_url_counter", ArgUrlCounter) else ArgUrlCounter = ArgUrlCounter + 1 m.log(4, "Updating " .. name .. " Url Counter: " .. ArgUrlCounter) m.setvar("RESOURCE." .. name .. "_url_counter", ArgUrlCounter) end if (ArgUrlCounter == MinPatternThreshold) then if not (EnforceArgCharClassUrl) then EnforceArgCharClassUrl = name else EnforceArgCharClassUrl = EnforceArgCharClassUrl .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Url Enforcement list: " .. EnforceArgCharClassUrl) m.setvar("RESOURCE.enforce_charclass_url", EnforceArgCharClassUrl) end else local CheckArgCharClassUrl = string.find(EnforceArgCharClassUrl, name) if (CheckArgCharClassUrl) then m.log(4, "Arg Name: " .. name .. " already in Url Enforcement list.") else local ArgUrlCounter = m.getvar("RESOURCE." ..name.. "_url_counter") if not (ArgUrlCounter) then ArgUrlCounter = 1 m.log(4, "Creating " .. name .. " Url Counter: " .. ArgUrlCounter) m.setvar("RESOURCE." .. name .. "_url_counter", ArgUrlCounter) else ArgUrlCounter = ArgUrlCounter + 1 m.log(4, "Updating " .. name .. " Url Counter: " .. ArgUrlCounter) m.setvar("RESOURCE." .. name .. "_url_counter", ArgUrlCounter) end if (ArgUrlCounter == MinPatternThreshold) then if not (EnforceArgCharClassUrl) then EnforceArgCharClassUrl = name else EnforceArgCharClassUrl = EnforceArgCharClassUrl .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Url Enforcement list: " .. EnforceArgCharClassUrl) m.setvar("RESOURCE.enforce_charclass_url", EnforceArgCharClassUrl) end end end if (TrafficCounter == MinTrafficThreshold) then m.setvar("!RESOURCE." .. name .. "_url_counter", "0") end --[[ Check for Path Class ]] elseif string.match(value, "[-a-zA-Z0-9/._]*/[-a-zA-Z0-9/._]*") then m.log(4, "Parameter " ..name.. " payload matches path class.") local EnforceArgCharClassPath = m.getvar("RESOURCE.enforce_charclass_path") if not (EnforceArgCharClassPath) then local ArgPathCounter = m.getvar("RESOURCE." ..name.. "_path_counter") if not (ArgPathCounter) then ArgPathCounter = 1 m.log(4, "Creating " .. name .. " Path Counter: " .. ArgPathCounter) m.setvar("RESOURCE." .. name .. "_path_counter", ArgPathCounter) else ArgPathCounter = ArgPathCounter + 1 m.log(4, "Updating " .. name .. " Path Counter: " .. ArgPathCounter) m.setvar("RESOURCE." .. name .. "_path_counter", ArgPathCounter) end if (ArgPathCounter == MinPatternThreshold) then if not (EnforceArgCharClassPath) then EnforceArgCharClassPath = name else EnforceArgCharClassPath = EnforceArgCharClassPath .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Path Enforcement list: " .. EnforceArgCharClassPath) m.setvar("RESOURCE.enforce_charclass_path", EnforceArgCharClassPath) end else local CheckArgCharClassPath = string.find(EnforceArgCharClassPath, name) if (CheckArgCharClassPath) then m.log(4, "Arg Name: " .. name .. " already in Path Enforcement list.") else local ArgPathCounter = m.getvar("RESOURCE." ..name.. "_path_counter") if not (ArgPathCounter) then ArgPathCounter = 1 m.log(4, "Creating " .. name .. " Path Counter: " .. ArgPathCounter) m.setvar("RESOURCE." .. name .. "_path_counter", ArgPathCounter) else ArgPathCounter = ArgPathCounter + 1 m.log(4, "Updating " .. name .. " Path Counter: " .. ArgPathCounter) m.setvar("RESOURCE." .. name .. "_path_counter", ArgPathCounter) end if (ArgPathCounter == MinPatternThreshold) then if not (EnforceArgCharClassPath) then EnforceArgCharClassPath = name else EnforceArgCharClassPath = EnforceArgCharClassPath .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Path Enforcement list: " .. EnforceArgCharClassPath) m.setvar("RESOURCE.enforce_charclass_path", EnforceArgCharClassPath) end end end if (TrafficCounter == MinTrafficThreshold) then m.setvar("!RESOURCE." .. name .. "_path_counter", "0") end --[[ Check for Flag Parameter Class ]] elseif string.match(value, "^$") then m.log(4, "Parameter " ..name.. " payload matches flag parameter class.") local EnforceArgCharClassFlag = m.getvar("RESOURCE.enforce_charclass_flag") if not (EnforceArgCharClassFlag) then local ArgFlagCounter = m.getvar("RESOURCE." ..name.. "_flag_counter") if not (ArgFlagCounter) then ArgFlagCounter = 1 m.log(4, "Creating " .. name .. " Flag Counter: " .. ArgFlagCounter) m.setvar("RESOURCE." .. name .. "_flag_counter", ArgFlagCounter) else ArgFlagCounter = ArgFlagCounter + 1 m.log(4, "Updating " .. name .. " Flag Counter: " .. ArgFlagCounter) m.setvar("RESOURCE." .. name .. "_flag_counter", ArgFlagCounter) end if (ArgFlagCounter == MinPatternThreshold) then if not (EnforceArgCharClassFlag) then EnforceArgCharClassFlag = name else EnforceArgCharClassFlag = EnforceArgCharClassFlag .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Flag Enforcement list: " .. EnforceArgCharClassFlag) m.setvar("RESOURCE.enforce_charclass_flag", EnforceArgCharClassFlag) end else local CheckArgCharClassFlag = string.find(EnforceArgCharClassFlag, name) if (CheckArgCharClassFlag) then m.log(4, "Arg Name: " .. name .. " already in Flag Enforcement list.") else local ArgFlagCounter = m.getvar("RESOURCE." ..name.. "_flag_counter") if not (ArgFlagCounter) then ArgFlagCounter = 1 m.log(4, "Creating " .. name .. " Flag Counter: " .. ArgFlagCounter) m.setvar("RESOURCE." .. name .. "_flag_counter", ArgFlagCounter) else ArgFlagCounter = ArgFlagCounter + 1 m.log(4, "Updating " .. name .. " Flag Counter: " .. ArgFlagCounter) m.setvar("RESOURCE." .. name .. "_flag_counter", ArgFlagCounter) end if (ArgFlagCounter == MinPatternThreshold) then if not (EnforceArgCharClassFlag) then EnforceArgCharClassFlag = name else EnforceArgCharClassFlag = EnforceArgCharClassFlag .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Flag Enforcement list: " .. EnforceArgCharClassFlag) m.setvar("RESOURCE.enforce_charclass_flag", EnforceArgCharClassFlag) end end end if (TrafficCounter == MinTrafficThreshold) then m.setvar("!RESOURCE." .. name .. "_flag_counter", "0") end --[[ Check for Alpha/Letters Character Class ]] elseif string.match(value, "^%a+$") then m.log(4, "Parameter " ..name.. " payload matches alpha class.") local EnforceArgCharClassAlpha = m.getvar("RESOURCE.enforce_charclass_alphas") if not (EnforceArgCharClassAlpha) then local ArgAlphaCounter = m.getvar("RESOURCE." ..name.. "_alpha_counter") if not (ArgAlphaCounter) then ArgAlphaCounter = 1 m.log(4, "Creating " .. name .. " Alpha Counter: " .. ArgAlphaCounter) m.setvar("RESOURCE." .. name .. "_alpha_counter", ArgAlphaCounter) else ArgAlphaCounter = ArgAlphaCounter + 1 m.log(4, "Updating " .. name .. " Alpha Counter: " .. ArgAlphaCounter) m.setvar("RESOURCE." .. name .. "_alpha_counter", ArgAlphaCounter) end if (ArgAlphaCounter == MinPatternThreshold) then if not (EnforceArgCharClassAlpha) then EnforceArgCharClassAlpha = name else EnforceArgCharClassAlpha = EnforceArgCharClassAlpha .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Alpha Enforcement list: " .. EnforceArgCharClassAlpha) m.setvar("RESOURCE.enforce_charclass_alphas", EnforceArgCharClassAlpha) m.setvar("!RESOURCE." .. name .. "_alpha_counter", "0") end else local CheckArgCharClassAlpha = string.find(EnforceArgCharClassAlpha, name) if (CheckArgCharClassAlpha) then m.log(4, "Arg Name: " .. name .. " already in Alpha Enforcement list.") else local ArgAlphaCounter = m.getvar("RESOURCE." ..name.. "_alpha_counter") if not (ArgAlphaCounter) then ArgAlphaCounter = 1 m.log(4, "Creating " .. name .. " Alpha Counter: " .. ArgAlphaCounter) m.setvar("RESOURCE." .. name .. "_alpha_counter", ArgAlphaCounter) else ArgAlphaCounter = ArgAlphaCounter + 1 m.log(4, "Updating " .. name .. " Alpha Counter: " .. ArgAlphaCounter) m.setvar("RESOURCE." .. name .. "_alpha_counter", ArgAlphaCounter) end if (ArgAlphaCounter == MinPatternThreshold) then if not (EnforceArgCharClassAlpha) then EnforceArgCharClassAlpha = name else EnforceArgCharClassAlpha = EnforceArgCharClassAlpha .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the Alpha Enforcement list: " .. EnforceArgCharClassAlpha) m.setvar("RESOURCE.enforce_charclass_alphas", EnforceArgCharClassAlpha) end end end if (TrafficCounter == MinTrafficThreshold) then m.setvar("!RESOURCE." .. name .. "_alpha_counter", "0") end --[[ Check for AlphaNumeric Character Class ]] elseif string.match(value, "^%w+$") then m.log(4, "Parameter " ..name.. " payload matches alphanumeric class.") local EnforceArgCharClassAlphaNumeric = m.getvar("RESOURCE.enforce_charclass_alphanumeric") if not (EnforceArgCharClassAlphaNumeric) then local ArgAlphaNumericCounter = m.getvar("RESOURCE." ..name.. "_alphanumeric_counter") if not (ArgAlphaNumericCounter) then ArgAlphaNumericCounter = 1 m.log(4, "Creating " .. name .. " AlphaNumeric Counter: " .. ArgAlphaNumericCounter) m.setvar("RESOURCE." .. name .. "_alphanumeric_counter", ArgAlphaNumericCounter) else ArgAlphaNumericCounter = ArgAlphaNumericCounter + 1 m.log(4, "Updating " .. name .. " AlphaNumeric Counter: " .. ArgAlphaNumericCounter) m.setvar("RESOURCE." .. name .. "_alphanumeric_counter", ArgAlphaNumericCounter) end if (ArgAlphaNumericCounter == MinPatternThreshold) then if not (EnforceArgCharClassAlphaNumeric) then EnforceArgCharClassAlphaNumeric = name else EnforceArgCharClassAlphaNumeric = EnforceArgCharClassAlphaNumeric .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the AlphaNumeric Enforcement list: " .. EnforceArgCharClassAlphaNumeric) m.setvar("RESOURCE.enforce_charclass_alphanumeric", EnforceArgCharClassAlphaNumeric) m.setvar("!RESOURCE." .. name .. "_alphanumeric_counter", "0") end else local CheckArgCharClassAlphaNumeric = string.find(EnforceArgCharClassAlphaNumeric, name) if (CheckArgCharClassAlphaNumeric) then m.log(4, "Arg Name: " .. name .. " already in AlphaNumeric Enforcement list.") else local ArgAlphaNumericCounter = m.getvar("RESOURCE." ..name.. "_alphanumeric_counter") if not (ArgAlphaNumericCounter) then ArgAlphaNumericCounter = 1 m.log(4, "Creating " .. name .. " AlphaNumeric Counter: " .. ArgAlphaNumericCounter) m.setvar("RESOURCE." .. name .. "_alphanumeric_counter", ArgAlphaNumericCounter) else ArgAlphaNumericCounter = ArgAlphaNumericCounter + 1 m.log(4, "Updating " .. name .. " AlphaNumeric Counter: " .. ArgAlphaNumericCounter) m.setvar("RESOURCE." .. name .. "_alphanumeric_counter", ArgAlphaNumericCounter) end if (ArgAlphaNumericCounter == MinPatternThreshold) then if not (EnforceArgCharClassAlphaNumeric) then EnforceArgCharClassAlphaNumeric = name else EnforceArgCharClassAlphaNumeric = EnforceArgCharClassAlphaNumeric .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the AlphaNumeric Enforcement list: " .. EnforceArgCharClassAlphaNumeric) m.setvar("RESOURCE.enforce_charclass_alphanumeric", EnforceArgCharClassAlphaNumeric) end end end if (TrafficCounter == MinTrafficThreshold) then m.setvar("!RESOURCE." .. name .. "_alphanumeric_counter", "0") end --[[ Check for SafeText Character Class ]] elseif string.match(value, "^[a-zA-Z0-9%s_%.%-]+$") then m.log(4, "Parameter " ..name.. " payload matches safetext class.") local EnforceArgCharClassSafeText = m.getvar("RESOURCE.enforce_charclass_safetext") if not (EnforceArgCharClassSafeText) then local ArgSafeTextCounter = m.getvar("RESOURCE." ..name.. "_safetext_counter") if not (ArgSafeTextCounter) then ArgSafeTextCounter = 1 m.log(4, "Creating " .. name .. " SafeText Counter: " .. ArgSafeTextCounter) m.setvar("RESOURCE." .. name .. "_safetext_counter", ArgSafeTextCounter) else ArgSafeTextCounter = ArgSafeTextCounter + 1 m.log(4, "Updating " .. name .. " SafeText Counter: " .. ArgSafeTextCounter) m.setvar("RESOURCE." .. name .. "_safetext_counter", ArgSafeTextCounter) end if (ArgSafeTextCounter == MinPatternThreshold) then if not (EnforceArgCharClassSafeText) then EnforceArgCharClassSafeText = name else EnforceArgCharClassSafeText = EnforceArgCharClassSafeText .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the SafeText Enforcement list: " .. EnforceArgCharClassSafeText) m.setvar("RESOURCE.enforce_charclass_safetext", EnforceArgCharClassSafeText) end else local CheckArgCharClassSafeText = string.find(EnforceArgCharClassSafeText, name) if (CheckArgCharClassSafeText) then m.log(4, "Arg Name: " .. name .. " already in SafeText Enforcement list.") else local ArgSafeTextCounter = m.getvar("RESOURCE." ..name.. "_safetext_counter") if not (ArgSafeTextCounter) then ArgSafeTextCounter = 1 m.log(4, "Creating " .. name .. " SafeText Counter: " .. ArgSafeTextCounter) m.setvar("RESOURCE." .. name .. "_safetext_counter", ArgSafeTextCounter) else ArgSafeTextCounter = ArgSafeTextCounter + 1 m.log(4, "Updating " .. name .. " SafeText Counter: " .. ArgSafeTextCounter) m.setvar("RESOURCE." .. name .. "_safetext_counter", ArgSafeTextCounter) end if (ArgSafeTextCounter == MinPatternThreshold) then if not (EnforceArgCharClassSafeText) then EnforceArgCharClassSafeText = name else EnforceArgCharClassSafeText = EnforceArgCharClassSafeText .. ", " .. name end m.log(4, "Arg Name: " .. name .. " Reached Pattern Threshold. Adding it to the SafeText Enforcement list: " .. EnforceArgCharClassSafeText) m.setvar("RESOURCE.enforce_charclass_safetext", EnforceArgCharClassSafeText) end end end if (TrafficCounter == MinTrafficThreshold) then m.setvar("!RESOURCE." .. name .. "_safetext_counter", "0") end end end end function ProfileArgsLength() local ArgsLength = {} ArgsLength = m.getvars("ARGS", {"none", "length"}) for k,v in pairs(ArgsLength) do name = v["name"]; value = v["value"]; m.log(4, "Arg Name: " ..name.. " and Length: " ..value.. "."); local EnforceArgLength = m.getvar("RESOURCE.enforce_" ..name .. "_length") if EnforceArgsLength ~= nil then local CheckArgsLength = string.find(EnforceArgLength, value) if (CheckArgsLength) then m.log(4, "Arg Name: " .. name .. " with Length: :" ..value.. " already in Enforcement list.") else local ArgLengthCounter = m.getvar("RESOURCE." .. name .. "_length_" ..value.. "_counter") if not (ArgLengthCounter) then ArgLengthCounter = 1 m.log(4, "Creating " .. name .. " Length " ..value.. " Counter: " .. ArgLengthCounter) m.setvar("RESOURCE." .. name .. "_length_" ..value.. "_counter", ArgLengthCounter) else ArgLengthCounter = ArgLengthCounter + 1 m.log(4, "Increasing " .. name .. " Length " .. value .. " Counter: " .. ArgLengthCounter) m.setvar("RESOURCE." .. name .. "_length_" ..value.. "_counter", ArgLengthCounter) end if (ArgLengthCounter == MinPatternThreshold) then if not (EnforceArgLength) then EnforceArgLength = value else EnforceArgLength = EnforceArgLength .. ", " .. value end m.log(4, "Arg Name: " .. name .. " with Length: " .. value .. " Reached Pattern Threshold. Adding it to the Enforcement list: " .. EnforceArgLength) m.setvar("RESOURCE.enforce_" ..name .. "_length", EnforceArgLength) end end else local ArgLengthCounter = m.getvar("RESOURCE." .. name .. "_length_" ..value.. "_counter") if not (ArgLengthCounter) then ArgLengthCounter = 1 m.log(4, "Creating " .. name .. " Length " ..value.. " Counter: " .. ArgLengthCounter) m.setvar("RESOURCE." .. name .. "_length_" ..value.. "_counter", ArgLengthCounter) else ArgLengthCounter = ArgLengthCounter + 1 m.log(4, "Increasing " .. name .. " Length " .. value .. " Counter: " .. ArgLengthCounter) m.setvar("RESOURCE." .. name .. "_length_" ..value.. "_counter", ArgLengthCounter) end if (ArgLengthCounter == MinPatternThreshold) then if not (EnforceArgLength) then EnforceArgLength = value else EnforceArgLength = EnforceArgLength .. ", " .. value end m.log(4, "Arg Name: " .. name .. " with Length: " .. value .. " Reached Pattern Threshold. Adding it to the Enforcement list: " .. EnforceArgLength) m.setvar("RESOURCE.enforce_" ..name.. "_length", EnforceArgLength) end end if (TrafficCounter == MinTrafficThreshold) then i=1 length_of_arg={} for num in string.gmatch(EnforceArgLength, "%d+") do length_of_arg[i]=num;i=i+1; end local MinArgLength = math.min(unpack(length_of_arg)) m.setvar("RESOURCE." .. name .. "_length_min", MinArgLength) local MaxArgLength = math.max(unpack(length_of_arg)) m.setvar("RESOURCE." .. name .. "_length_max", MaxArgLength) m.log(4, "Min Length of " .. name .. ": " ..MinArgLength.. " and Max Length: " ..MaxArgLength.. ".") m.setvar("!RESOURCE." .. name .. "_length_" ..value.. "_counter", "0") end end end function ProfileArgsNames() local ArgsNames = {} ArgsNames = m.getvars("ARGS_NAMES", {"none"}) local EnforceArgsNames = m.getvar("RESOURCE.enforce_args_names") for k,v in pairs(ArgsNames) do name = v["name"]; value = v["value"]; m.log(4, "ArgsName: " ..value.. "."); if EnforceArgsNames ~= nil then local CheckArgsNames = string.find(EnforceArgsNames, value) if (CheckArgsNames) then m.log(4, "Arg Name: " .. value .. " already in Enforcement list.") else local ArgsNamesCounter = m.getvar("RESOURCE.args_names_counter_" .. value) if not (ArgsNamesCounter) then ArgsNamesCounter = 1 m.log(4, "Creating " .. value .. " Pattern Score: " .. ArgsNamesCounter) m.setvar("RESOURCE.args_names_counter_" .. value, ArgsNamesCounter) else ArgsNamesCounter = ArgsNamesCounter + 1 m.log(4, "Increasing " .. value .. " Pattern Score to: " .. ArgsNamesCounter) m.setvar("RESOURCE.args_names_counter_" .. value, ArgsNamesCounter) end if (ArgsNamesCounter == MinPatternThreshold) then if not (EnforceArgsNames) then EnforceArgsNames = value else EnforceArgsNames = EnforceArgsNames .. ", " .. value end m.log(4, "Args Names: " .. value .. " Reached Pattern Threshold. Adding it to the Enforcement list: " .. EnforceArgsNames) m.setvar("RESOURCE.enforce_args_names", EnforceArgsNames) m.setvar("!RESOURCE.args_names_counter_" .. value, "0") end end else local ArgsNamesCounter = m.getvar("RESOURCE.args_names_counter_" .. value) if not (ArgsNamesCounter) then ArgsNamesCounter = 1 m.log(4, "Creating " .. value .. " Pattern Score: " .. ArgsNamesCounter) m.setvar("RESOURCE.args_names_counter_" .. value, ArgsNamesCounter) else ArgsNamesCounter = ArgsNamesCounter + 1 m.log(4, "Increasing " .. value .. " Pattern Score to: " .. ArgsNamesCounter) m.setvar("RESOURCE.args_names_counter_" .. value, ArgsNamesCounter) end if (ArgsNamesCounter == MinPatternThreshold) then if not (EnforceArgsNames) then EnforceArgsNames = value else EnforceArgsNames = EnforceArgsNames .. ", " .. value end m.log(4, "Args Names: " .. value .. " Reached Pattern Threshold. Adding it to the Enforcement list: " .. EnforceArgsNames) m.setvar("RESOURCE.enforce_args_names", EnforceArgsNames) m.setvar("!RESOURCE.args_names_counter_" .. value, "0") end end end end function ProfileRequestMethod() local RequestMethod = m.getvar("REQUEST_METHOD", {"none"}) local EnforceRequestMethods = m.getvar("RESOURCE.enforce_request_methods") if EnforceRequestMethods ~= nil then local CheckEnforceMethods = string.find(EnforceRequestMethods, RequestMethod) if (CheckEnforceMethods) then m.log(4, "Request Method " .. RequestMethod .. " already in Enforcement List.") end end local RequestMethodCounter = m.getvar("RESOURCE.request_method_counter_" .. RequestMethod) if not (RequestMethodCounter) then RequestMethodCounter = 1 m.log(4, "Creating " .. RequestMethod .. " Pattern Score: " .. RequestMethodCounter) m.setvar("RESOURCE.request_method_counter_" .. RequestMethod, RequestMethodCounter) else RequestMethodCounter = RequestMethodCounter + 1 m.log(4, "Increasing " .. RequestMethod .. " Pattern Score to: " .. RequestMethodCounter) m.setvar("RESOURCE.request_method_counter_" .. RequestMethod, RequestMethodCounter) end if (RequestMethodCounter == MinPatternThreshold) then if not (EnforceRequestMethods) then EnforceRequestMethods = RequestMethod else EnforceRequestMethods = EnforceRequestMethods .. ", " .. RequestMethod end m.log(4, "Request Method Reached Pattern Threshold. Adding it to the EnforceRequestMethods list: " .. EnforceRequestMethods) m.setvar("RESOURCE.enforce_request_methods", EnforceRequestMethods) end if (TrafficCounter == MinTrafficThreshold) then m.setvar("!RESOURCE.request_method_counter_" .. RequestMethod, "0") end end function ProfileNumOfArgs() local ARGS = {} local ARGS = m.getvars("ARGS", {"none"}) local NumOfArgs = tonumber(#ARGS) local EnforceNumOfArgs = m.getvar("RESOURCE.enforce_num_of_args") if EnforceNumOfArgs ~= nil then local CheckNumOfArgs = string.find(EnforceNumOfArgs, NumOfArgs) if (CheckNumOfArgs) then m.log(4, "ARGS #: " .. NumOfArgs .. " already in Enforcement List.") end end local NumOfArgsCounter = m.getvar("RESOURCE.NumOfArgs_counter_" .. NumOfArgs) if not (NumOfArgsCounter) then NumOfArgsCounter = 1 m.log(4, "Current # of ARGS: " ..NumOfArgs.. " has not been previously seen.") m.log(4, "Creating " .. NumOfArgs .. " Pattern Score to: " .. NumOfArgsCounter) m.setvar("RESOURCE.NumOfArgs_counter_" .. NumOfArgs, NumOfArgsCounter) else NumOfArgsCounter = NumOfArgsCounter + 1 m.log(4, "Current # of ARGS: " ..NumOfArgs.. " has been previously seen.") m.log(4, "Increasing " .. NumOfArgs .. " Pattern Score to: " .. NumOfArgsCounter) m.setvar("RESOURCE.NumOfArgs_counter_" .. NumOfArgs, NumOfArgsCounter) end if (NumOfArgsCounter == MinPatternThreshold) then if not (EnforceNumOfArgs) then EnforceNumOfArgs = NumOfArgs else EnforceNumOfArgs = EnforceNumOfArgs.. ", " ..NumOfArgs end m.log(4, "NumOfArgs Reached Pattern Threshold. Adding it to the EnforceRequestMethods list: " .. EnforceNumOfArgs) m.setvar("RESOURCE.enforce_num_of_args", EnforceNumOfArgs) end if (TrafficCounter == MinTrafficThreshold) then i=1 num_of_args={} for num in string.gmatch(EnforceNumOfArgs, "%d+") do num_of_args[i]=num;i=i+1; end local MinNumOfArgs = math.min(unpack(num_of_args)) m.setvar("RESOURCE.MinNumOfArgs", MinNumOfArgs) local MaxNumOfArgs = math.max(unpack(num_of_args)) m.setvar("RESOURCE.MaxNumOfArgs", MaxNumOfArgs) m.log(4, "Min # of ARGS: " ..MinNumOfArgs.. " and Max # of ARGS: " ..MaxNumOfArgs.. ".") m.setvar("!RESOURCE.NumOfArgs_counter_" .. NumOfArgs, "0") end end