一、防火墻配置
參考 nginx配置lua防火墻
二、準備演示環境
1. 前端演示頁面
<html>
<head>
<title>登陸</title>
<meta charset="utf-8">
</head>
<body>
<div>
用戶名:<input type="text" name="user" id="txtUser"><br>
密碼:<input type="password" name="pwd" id="txtPassword"><br>
<input type="button" onclick="login('login')" value="登陸"> <br>
<div id="divMsg"></div>
<script>
function login(action) {
var httpRequest = new XMLHttpRequest()
httpRequest.onreadystatechange = function () {
if (httpRequest.readyState == 4) {
document.getElementById("divMsg").innerText = httpRequest.responseText
}
}
httpRequest.open('POST', `/api/${action}`, true)
httpRequest.setRequestHeader(
'Content-type',
'application/x-www-form-urlencoded'
)
var user = document.getElementById("txtUser").value
var pwd = document.getElementById("txtPassword").value
var str = `username=${user}&password=${pwd}`
httpRequest.send(str)
}
</script>
</div>
</body>
</html>
2. 服務端演示代碼,模擬SQL注入
@Autowired
JdbcTemplate jdbcTemplate;
/**
* 拼sql查詢
*
* @param user
* @return
*/
@PostMapping("/login")
public String login(User user) {
String sql = "select * from sys_user where user_name = '" + user.getUsername() + "' and pass_word = '" + user.getPassword() + "'";
System.out.println("SQL:");
System.out.println(sql);
List<Map<String, Object>> maps = jdbcTemplate.queryForList(sql);
System.out.println(maps.size());
if (maps.size() > 0) {
return"login success";
} else {
return"login fail";
}
}
3. nginx代理設置
location /api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.1.18:8093/;
}
4. 配置攔截參數(lua防火墻通過檢測post表單中的關鍵字實現攔截)。
# 設置SQL注入的關鍵參數
echo "'\s+or\s+" >> /usr/local/nginx/conf/ngx_lua_waf/wafconf/post
# 重新加載,使配置生效
/usr/local/nginx/sbin/nginx -s reload
三、效果演示
1. 正常登陸
2. 注入成功,在配置post攔截參數以前的效果
3. 注入被攔截,在配置post攔截參數以后的效果
閱讀原文:原文鏈接
該文章在 2025/7/1 23:48:34 編輯過
400 186 1886
