feat: 升级 Openresty

openresty/1.21.4.3-3-3-focal/1pwaf/data/conf/global.json

@@ -0,0 +1,173 @@
+{
+  "waf": {
+    "state": "off",
+    "mode": "protection",
+    "secret": ""
+  },
+  "redis": {
+    "state": "off",
+    "host": "",
+    "port": 6379,
+    "password": "",
+    "ssl": false,
+    "poolSize": 10
+  },
+  "ipWhite": {
+    "state": "on",
+    "type": "ipWhite",
+    "action": "allow"
+  },
+  "ipBlack": {
+    "state": "on",
+    "code": 403,
+    "action": "deny",
+    "type": "ipBlack",
+    "res": "ip"
+  },
+  "urlWhite": {
+    "type": "urlWhite",
+    "state": "on",
+    "action": "allow"
+  },
+  "urlBlack": {
+    "type": "urlBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "uaWhite": {
+    "type": "uaWhite",
+    "state": "off",
+    "action": "allow"
+  },
+  "uaBlack": {
+    "type": "uaBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "notFoundCount": {
+    "state": "on",
+    "type": "notFoundCount",
+    "threshold": 30,
+    "duration": 10,
+    "action": "deny",
+    "ipBlock": "on",
+    "code": 403,
+    "ipBlockTime": 600
+  },
+  "methodWhite": {
+    "type": "methodWhite",
+    "state": "on",
+    "code": 444,
+    "action": "deny"
+  },
+  "bot": {
+    "state": "on",
+    "type": "bot",
+    "uri": "/1pwaf/bot/trap",
+    "action": "REDIRECT_JS",
+    "ipBlock": "on",
+    "ipBlockTime": 600
+  },
+  "unknownWebsite": {
+    "state": "on",
+    "type": "unknownWebsite",
+    "action": "deny",
+    "code": 403,
+    "res": "unknown"
+  },
+  "geoRestrict": {
+    "state": "off",
+    "rules": [],
+    "code": 403,
+    "action": "deny",
+    "type": "geoRestrict",
+    "res": "geo"
+  },
+  "defaultIpBlack": {
+    "state": "on",
+    "type": "defaultIpBlack",
+    "code": 403,
+    "action": "deny"
+  },
+  "xss": {
+    "state": "on",
+    "type": "xss",
+    "code": 403,
+    "action": "deny"
+  },
+  "sql": {
+    "state": "on",
+    "type": "sql",
+    "code": 403,
+    "action": "deny"
+  },
+  "cc": {
+    "state": "on",
+    "type": "cc",
+    "rule": "cc",
+    "tokenTimeOut": 1800,
+    "threshold": 100,
+    "duration": 10,
+    "action": "deny",
+    "ipBlock": "on",
+    "ipBlockTime": 600,
+    "mode": "uri"
+  },
+  "ccurl": {
+    "state": "off",
+    "type": "urlcc",
+    "action": "deny",
+    "ipBlock": "on",
+    "ipBlockTime": 600
+  },
+  "attackCount": {
+    "state": "on",
+    "type": "attackCount",
+    "threshold": 10,
+    "duration": 60,
+    "action": "deny",
+    "ipBlock": "on",
+    "ipBlockTime": 3000
+  },
+  "fileExt": {
+    "state": "off",
+    "action": "deny",
+    "code": 403,
+    "type": "fileExtCheck"
+  },
+  "cookie": {
+    "type": "cookie",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "header": {
+    "state": "on",
+    "type": "header",
+    "code": 403,
+    "action": "deny"
+  },
+  "defaultUaBlack": {
+    "type": "defaultUaBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "defaultUrlBlack": {
+    "type": "defaultUrlBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "args": {
+    "type": "args",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "cdn": {
+    "state": "off"
+  }
+}

openresty/1.21.4.3-3-3-focal/1pwaf/data/conf/siteConfig.json

@@ -0,0 +1,98 @@
+{
+  "waf": {
+    "state": "on",
+    "mode": "protection"
+  },
+  "args": {
+    "state": "on",
+    "type": "args",
+    "code": 403,
+    "action": "deny"
+  },
+  "defaultUaBlack": {
+    "type": "defaultUaBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "cookie": {
+    "state": "on",
+    "type": "cookie",
+    "code": 403,
+    "action": "deny"
+  },
+  "bot": {
+    "type": "bot",
+    "state": "on",
+    "uri": "/1pwaf/bot/trap",
+    "action": "deny",
+    "ipBlock": "off",
+    "ipBlockTime": 600
+  },
+  "geoRestrict": {
+    "state": "off",
+    "rules": [],
+    "code": 403,
+    "action": "deny",
+    "type": "geoRestrict",
+    "res": "geo"
+  },
+  "xss": {
+    "state": "on",
+    "type": "xss",
+    "code": 403,
+    "action": "deny"
+  },
+  "sql": {
+    "state": "on",
+    "type": "sql",
+    "code": 403,
+    "action": "deny"
+  },
+  "cc": {
+    "state": "on",
+    "type": "cc",
+    "rule": "cc",
+    "tokenTimeOut": 1800,
+    "threshold": 200,
+    "duration": 10,
+    "action": "deny",
+    "ipBlock": "on",
+    "ipBlockTime": 600,
+    "mode": "uri"
+  },
+  "ccurl": {
+    "state": "on",
+    "type": "ccurl",
+    "action": "deny",
+    "ipBlock": "off",
+    "ipBlockTime": 600
+  },
+  "fileExt": {
+    "state": "off",
+    "action": "deny",
+    "code": 403,
+    "type": "fileExtCheck"
+  },
+  "header": {
+    "state": "on",
+    "type": "header",
+    "code": 403,
+    "action": "deny"
+  },
+  "defaultUrlBlack": {
+    "type": "defaultUrlBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "methodWhite": {
+    "type": "methodWhite",
+    "state": "on",
+    "code": 444,
+    "action": "deny"
+  },
+  "cdn": {
+    "state": "off"
+  }
+}

openresty/1.21.4.3-3-3-focal/1pwaf/data/conf/waf.conf

@@ -0,0 +1,14 @@
+lua_shared_dict waf_req_count 10m;
+lua_shared_dict waf 50m;
+lua_shared_dict waf_block_ip 10m;
+lua_shared_dict waf_ip_arr 20m;
+lua_shared_dict waf_limit 10m;
+lua_shared_dict waf_sql 200m;
+lua_shared_dict waf_locks 100k;
+
+lua_code_cache on;
+lua_package_path "/usr/local/openresty/1pwaf/?.lua;/usr/local/openresty/1pwaf/lib/?.lua;;";
+init_by_lua_file  /usr/local/openresty/1pwaf/init.lua;
+access_by_lua_file /usr/local/openresty/1pwaf/waf.lua;
+log_by_lua_file /usr/local/openresty/1pwaf/log_and_traffic.lua;
+init_worker_by_lua_file /usr/local/openresty/1pwaf/worker.lua;

openresty/1.21.4.3-3-3-focal/1pwaf/data/conf/waf.json

@@ -0,0 +1,4 @@
+{
+  "name": "1Panel WAF",
+  "version": "1.0.0"
+}

openresty/1.21.4.3-3-3-focal/1pwaf/data/default/global.json

@@ -0,0 +1,173 @@
+{
+  "waf": {
+    "state": "off",
+    "mode": "protection",
+    "secret": ""
+  },
+  "redis": {
+    "state": "off",
+    "host": "",
+    "port": 6379,
+    "password": "",
+    "ssl": false,
+    "poolSize": 10
+  },
+  "ipWhite": {
+    "state": "on",
+    "type": "ipWhite",
+    "action": "allow"
+  },
+  "ipBlack": {
+    "state": "on",
+    "code": 403,
+    "action": "deny",
+    "type": "ipBlack",
+    "res": "ip"
+  },
+  "urlWhite": {
+    "type": "urlWhite",
+    "state": "on",
+    "action": "allow"
+  },
+  "urlBlack": {
+    "type": "urlBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "uaWhite": {
+    "type": "uaWhite",
+    "state": "off",
+    "action": "allow"
+  },
+  "uaBlack": {
+    "type": "uaBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "notFoundCount": {
+    "state": "on",
+    "type": "notFoundCount",
+    "threshold": 30,
+    "duration": 10,
+    "action": "deny",
+    "ipBlock": "on",
+    "code": 403,
+    "ipBlockTime": 600
+  },
+  "methodWhite": {
+    "type": "methodWhite",
+    "state": "on",
+    "code": 444,
+    "action": "deny"
+  },
+  "bot": {
+    "state": "on",
+    "type": "bot",
+    "uri": "/1pwaf/bot/trap",
+    "action": "REDIRECT_JS",
+    "ipBlock": "on",
+    "ipBlockTime": 600
+  },
+  "unknownWebsite": {
+    "state": "on",
+    "type": "unknownWebsite",
+    "action": "deny",
+    "code": 403,
+    "res": "unknown"
+  },
+  "geoRestrict": {
+    "state": "off",
+    "rules": [],
+    "code": 403,
+    "action": "deny",
+    "type": "geoRestrict",
+    "res": "geo"
+  },
+  "defaultIpBlack": {
+    "state": "on",
+    "type": "defaultIpBlack",
+    "code": 403,
+    "action": "deny"
+  },
+  "xss": {
+    "state": "on",
+    "type": "xss",
+    "code": 403,
+    "action": "deny"
+  },
+  "sql": {
+    "state": "on",
+    "type": "sql",
+    "code": 403,
+    "action": "deny"
+  },
+  "cc": {
+    "state": "on",
+    "type": "cc",
+    "rule": "cc",
+    "tokenTimeOut": 1800,
+    "threshold": 100,
+    "duration": 10,
+    "action": "deny",
+    "ipBlock": "on",
+    "ipBlockTime": 600,
+    "mode": "uri"
+  },
+  "ccurl": {
+    "state": "off",
+    "type": "urlcc",
+    "action": "deny",
+    "ipBlock": "on",
+    "ipBlockTime": 600
+  },
+  "attackCount": {
+    "state": "on",
+    "type": "attackCount",
+    "threshold": 10,
+    "duration": 60,
+    "action": "deny",
+    "ipBlock": "on",
+    "ipBlockTime": 3000
+  },
+  "fileExt": {
+    "state": "off",
+    "action": "deny",
+    "code": 403,
+    "type": "fileExtCheck"
+  },
+  "cookie": {
+    "type": "cookie",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "header": {
+    "state": "on",
+    "type": "header",
+    "code": 403,
+    "action": "deny"
+  },
+  "defaultUaBlack": {
+    "type": "defaultUaBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "defaultUrlBlack": {
+    "type": "defaultUrlBlack",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "args": {
+    "type": "args",
+    "state": "on",
+    "code": 403,
+    "action": "deny"
+  },
+  "cdn": {
+    "state": "off"
+  }
+}

openresty/1.21.4.3-3-3-focal/1pwaf/data/default/monitor.json

@@ -0,0 +1,30 @@
+{
+  "state": "off",
+  "exclude": {
+    "extensions": [
+      "png",
+      "gif",
+      "jpg",
+      "css",
+      "js",
+      "svg",
+      "jpeg",
+      "woff",
+      "woff2",
+      "bmp",
+      "swf",
+      "icon",
+      "ttf",
+      "eot"
+    ],
+    "status": [],
+    "uri": [
+      "/favicon.ico"
+    ],
+    "ua": [],
+    "ip": []
+  },
+  "log": {
+    "maxDay": 180
+  }
+}

openresty/1.21.4.3-3-3-focal/1pwaf/data/html/5s.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>5s</title>
+<style>
+#loadingContainer { position: absolute; top: 50%%; left: 50%%; transform: translate(-50%%, -50%%); display: flex; align-items: center; justify-content: center; flex-direction: column; background: #e8e8e8; width: 300px; height: 100px; border: 2px solid #e8e8e8; }
+#loadingText { font-size: 18px; margin-top: 10px; }
+#loadingSuccess { display: none; font-size: 24px; color: #7ac23c; margin-top: 10px; }
+.loadingSpinner { border: 4px solid rgba(0, 0, 0, 0.1); border-top: 4px solid #7ac23c; border-radius: 50%%; width: 20px; height: 20px; animation: spin 1s linear infinite; margin-top: 10px; }
+@keyframes spin { 0%% { transform: rotate(0deg); } 100%% { transform: rotate(360deg); } }
+</style>
+</head>
+<body>
+<div id="loadingContainer">
+    <div id="loadingText">正在验证...</div>
+    <div id="loadingSuccess">验证成功</div>
+    <div class="loadingSpinner"></div>
+</div>
+<script type="text/javascript" src="/5s_check_%s-%s-%s-.js"></script>
+</body>
+</html>

openresty/1.21.4.3-3-3-focal/1pwaf/data/html/slide.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>滑动认证</title>
+<style>
+#dragContainer {position:absolute;top:50%%;left:50%%;transform:translate(-50%%, -50%%);display:inline-block;background:#e8e8e8;width:300px;height:33px;border:2px solid #e8e8e8;}
+#dragBg {position:absolute;background-color:#7ac23c;height:100%%;}
+#dragText {position:absolute;width:100%%;height:100%%;text-align:center;line-height:33px;user-select:none;-webkit-user-select:none;}
+#dragHandler {position:absolute;width:40px;height:100%%;cursor:pointer;box-sizing:border-box;overflow:hidden;}
+#dragHandler.dragHandlerBg {background-color:#c0c0c0;}
+#dragHandler.dragHandlerBg::before {content:'»';font-size:24px;position:absolute;top:50%%;left:50%%;transform:translate(-50%%, -50%%);color:#7ac23c;}
+.dragHandlerOkBg {position:absolute;border-radius:50%%;background-color:#7ac23c;display:flex;justify-content:center;align-items:center;}
+.dragHandlerOkBg::before {content:'\2713';font-size:16px;color:white;}
+</style>
+</head>
+<body>
+<div>
+    <div id="dragContainer">
+        <div id="dragBg"></div>
+        <div id="dragText"></div>
+        <div id="dragHandler" class="dragHandlerBg"></div>
+    </div>
+</div>
+<script type="text/javascript" src="/slide_check_%s-%s-%s-.js"></script>
+</body>
+</html>

openresty/1.21.4.3-3-3-focal/1pwaf/data/rules/args.json

@@ -0,0 +1,157 @@
+{
+  "rules": [
+    {
+      "state": "on",
+      "name": "sqlInject1",
+      "rule": "select.+(from|limit)",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject2",
+      "rule": "(?:(union(.*?)select))",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject3",
+      "rule": "having|rongjitest",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject4",
+      "rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject5",
+      "rule": "benchmark\\((.*)\\,(.*)\\)",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject6",
+      "rule": "group\\s+by.+\\(",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject7",
+      "rule": "(?:from\\W+information_schema\\W)",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject8",
+      "rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject9",
+      "rule": "into(\\s+)+(?:dump|out)file\\s*",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject10",
+      "rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "args1",
+      "rule": "xwork.MethodAccessor",
+      "type": "args",
+      "description": "Struts 恶意参数过滤"
+    },
+    {
+      "state": "on",
+      "name": "args2",
+      "rule": "xwork\\.MethodAccessor",
+      "type": "args",
+      "description": "Struts 恶意参数过滤"
+    },
+    {
+      "state": "on",
+      "name": "oneWordTrojan1",
+      "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
+      "type": "oneWordTrojan"
+    },
+    {
+      "state": "on",
+      "name": "oneWordTrojan2",
+      "rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
+      "type": "oneWordTrojan"
+    },
+    {
+      "state": "on",
+      "name": "protocolFilter1",
+      "rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
+      "type": "protocolFilter",
+      "description": "协议过滤"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter1",
+      "rule": "(?:etc\\/\\W*passwd)",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter2",
+      "rule": "java\\.lang",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter3",
+      "rule": "(?:etc\\/\\W*shadow)",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter4",
+      "rule": "(?:bin\\/\\W*sh)",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "xss1",
+      "rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
+      "type": "xss"
+    },
+    {
+      "state": "on",
+      "name": "xss2",
+      "rule": "(onmouseover|onerror|onload)\\=",
+      "type": "xss"
+    },
+    {
+      "state": "on",
+      "name": "xss3",
+      "rule": "base64_decode\\(",
+      "type": "xss"
+    },
+    {
+      "state": "on",
+      "name": "webshell1",
+      "rule": "/shell?cd+/tmp;\\s*rm+-rf\\+\\*;\\s*wget",
+      "type": "webshell"
+    },
+    {
+      "state": "on",
+      "name": "phpExec1",
+      "rule": "/systembc/password.php",
+      "type": "phpExec"
+    },
+    {
+      "state": "on",
+      "name": "scannerFilter1",
+      "rule": "(Acunetix-Aspect|Acunetix-Aspect-Password|Acunetix-Aspect-Queries|X-WIPP|X-RequestManager-Memo|X-Request-Memo|X-Scan-Memo)",
+      "type": "scannerFilter"
+    }
+  ]
+}

openresty/1.21.4.3-3-3-focal/1pwaf/data/rules/cookie.json

@@ -0,0 +1,138 @@
+{
+  "rules": [
+    {
+      "state": "on",
+      "name": "dirFilter1",
+      "rule": "\\.\\./",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter2",
+      "rule": "\\:\\$",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter3",
+      "rule": "\\$\\{",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter4",
+      "rule": "(?:etc\\/\\W*passwd)",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter5",
+      "rule": "java\\.lang",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject1",
+      "rule": "select.+(from|limit)",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject2",
+      "rule": "(?:(union(.*?)select))",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject3",
+      "rule": "having|rongjitest",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject4",
+      "rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject5",
+      "rule": "benchmark\\((.*)\\,(.*)\\)",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject6",
+      "rule": "group\\s+by.+\\(",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject7",
+      "rule": "(?:from\\W+information_schema\\W)",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject8",
+      "rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject9",
+      "rule": "into(\\s+)+(?:dump|out)file\\s*",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "sqlInject10",
+      "rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "name": "args1",
+      "rule": "xwork.MethodAccessor",
+      "type": "args",
+      "description": "Struts 恶意参数过滤"
+    },
+    {
+      "state": "on",
+      "name": "args2",
+      "rule": "xwork\\.MethodAccessor",
+      "type": "args",
+      "description": "Struts 恶意参数过滤"
+    },
+    {
+      "state": "on",
+      "name": "oneWordTrojan1",
+      "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
+      "type": "oneWordTrojan"
+    },
+    {
+      "state": "on",
+      "name": "oneWordTrojan2",
+      "rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
+      "type": "oneWordTrojan"
+    },
+    {
+      "state": "on",
+      "name": "protocolFilter1",
+      "rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
+      "type": "protocolFilter"
+    },
+    {
+      "state":"on",
+      "name":"scannerFilter1",
+      "rule":"(CustomCookie|acunetixCookie)",
+      "type": "scannerFilter"
+    },
+    {
+      "state": "on",
+      "name": "xss1",
+      "rule": "base64_decode\\(",
+      "type": "xss"
+    }
+  ]
+}

openresty/1.21.4.3-3-3-focal/1pwaf/data/rules/defaultUaBlack.json

@@ -0,0 +1,10 @@
+{
+  "rules": [
+    {
+      "state": "on",
+      "name": "uaBlock1",
+      "rule": "HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/",
+      "type": "scannerFilter"
+    }
+  ]
+}

openresty/1.21.4.3-3-3-focal/1pwaf/data/rules/defaultUrlBlack.json

@@ -0,0 +1,196 @@
+{
+  "rules": [
+    {
+      "state": "on",
+      "rule": "\\.(htaccess|mysql_history|bash_history|DS_Store|git|idea|user\\.ini)",
+      "name": "dirFilter1",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "rule": "\\.(bak|inc|old|mdb|sql|backup|java|class)$",
+      "name": "dirFilter2",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "rule": "^/(vhost|bbs|host|wwwroot|www|site|root|backup|data|ftp|db|admin|website|web).*\\.(rar|sql|zip|tar\\.gz|tar)$",
+      "name": "dirFilter3",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "rule": "java\\.lang",
+      "name": "dirFilter4",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter5",
+      "rule": "(?:etc\\/\\W*passwd)",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "name": "dirFilter6",
+      "rule": "(?:bin\\/\\W*sh)",
+      "type": "dirFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/(hack|shell|spy|phpspy)\\.php$",
+      "name": "phpExec1",
+      "type": "phpExec"
+    },
+    {
+      "state": "on",
+      "rule": "/(attachments|upimg|images|css|uploadfiles|html|uploads|templets|static|template|data|inc|forumdata|upload|includes|cache|avatar)/(\\\\w+).(php|jsp)",
+      "name": "phpExec2",
+      "type": "phpExec"
+    },
+    {
+      "state": "on",
+      "rule": "(?:phpMyAdmin2|phpMyAdmin|phpmyadmin|dbadmin|pma|myadmin|admin|mysql)/scripts/setup%.php",
+      "name": "phpExec3",
+      "type": "phpExec"
+    },
+    {
+      "state": "on",
+      "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
+      "name": "oneWordTrojan1",
+      "type": "oneWordTrojan"
+    },
+    {
+      "state": "on",
+      "rule": "(?:(union(.*?)select))",
+      "name": "sqlInject1",
+      "type": "sqlInject"
+    },
+    {
+      "state": "on",
+      "rule": "(phpmyadmin|jmx-console|jmxinvokerservlet)",
+      "name": "appFilter1",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "wp-includes/wlwmanifest.xml",
+      "name": "appFilter2",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "<php>die(@md5(HelloThinkCMF))</php>",
+      "name": "appFilter3",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/boaform/admin/formLogin",
+      "name": "appFilter4",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/password_change.cgi",
+      "name": "appFilter5",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/service/extdirect",
+      "name": "appFilter6",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/api/jsonws/invoke",
+      "name": "appFilter7",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/jars/upload",
+      "name": "appFilter8",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/example/tree/a/search",
+      "name": "appFilter9",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/actuator/gateway/routes/hacktest",
+      "name": "appFilter10",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/api/v1/method.callAnon/getPasswordPolicy",
+      "name": "appFilter11",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/functionRouter",
+      "name": "appFilter12",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/uploadfiles/apache.php.jpeg",
+      "name": "appFilter14",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/xxx/..;/admin/",
+      "name": "appFilter15",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/dvwa/js/dvwaPage.js",
+      "name": "appFilter16",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/api/index.php/v1/config/application",
+      "name": "appFilter17",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/WEB-INF/web.xml",
+      "name": "appFilter18",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/rest/tinymce/1/macro/preview",
+      "name": "appFilter19",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/pages/doenterpagevariables.action",
+      "name": "appFilter20",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/service/rest/beta/repositories/go/group",
+      "name": "appFilter21",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "rule": "/dvwa/js/add_event_listeners.js",
+      "name": "appFilter22",
+      "type": "appFilter"
+    }
+  ]
+}

openresty/1.21.4.3-3-3-focal/1pwaf/data/rules/header.json

@@ -0,0 +1,28 @@
+{
+  "rules": [
+    {
+      "state": "on",
+      "name": "appFilter1",
+      "rule": "TomcatBypass|Command|Base64",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "name": "appFilter2",
+      "rule": "j\\S*ndi\\S*:\\S*(?:dap|dns)\\S+",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "name": "appFilter3",
+      "rule": "(?:etc\\/\\W*passwd)",
+      "type": "appFilter"
+    },
+    {
+      "state": "on",
+      "name": "scannerFilter1",
+      "rule": "(/acunetix-wvs-test-for-some-inexistent-file|netsparker|acunetix_wvs_security_test|AppScan|XSS@HERE)",
+      "type": "scannerFilter"
+    }
+  ]
+}

openresty/1.21.4.3-3-3-focal/conf/conf.d/00.default.conf

@@ -0,0 +1,18 @@
+map "" $empty {
+        default "";
+}
+
+server
+{
+    listen 80;
+    listen 443 ssl http2;
+    server_name _;
+
+    ssl_ciphers aNULL;
+    ssl_certificate data:$empty;
+    ssl_certificate_key data:$empty;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+
+    index 404.html;
+    root /usr/share/nginx/html;
+}

openresty/1.21.4.3-3-3-focal/conf/nginx.conf

@@ -0,0 +1,43 @@
+user  root;
+worker_processes  auto;
+error_log  /var/log/nginx/error.log notice;
+error_log  /dev/stdout notice;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    server_tokens off;
+    access_log  /var/log/nginx/access.log  main;
+    access_log /dev/stdout main;
+    sendfile        on;
+
+    server_names_hash_bucket_size 512;
+    client_header_buffer_size 32k;
+    client_max_body_size 50m;
+    keepalive_timeout 60;
+    keepalive_requests 100000;
+
+    gzip on;
+    gzip_min_length  1k;
+    gzip_buffers     4 16k;
+    gzip_http_version 1.1;
+    gzip_comp_level 2;
+    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
+    gzip_vary on;
+    gzip_proxied   expired no-cache no-store private auth;
+    gzip_disable   "MSIE [1-6]\.";
+
+    limit_conn_zone $binary_remote_addr zone=perip:10m;
+    limit_conn_zone $server_name zone=perserver:10m;
+
+    include /usr/local/openresty/nginx/conf/conf.d/*.conf;
+    include /usr/local/openresty/1pwaf/data/conf/waf.conf;
+}

openresty/1.21.4.3-3-3-focal/docker-compose.yml

@@ -0,0 +1,19 @@
+services:
+  openresty:
+    image: 1panel/openresty:1.21.4.3-3-3-focal
+    container_name: ${CONTAINER_NAME}
+    restart: always
+    network_mode: host
+    volumes:
+      - ./conf/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf
+      - ./conf/fastcgi_params:/usr/local/openresty/nginx/conf/fastcgi_params
+      - ./conf/fastcgi-php.conf:/usr/local/openresty/nginx/conf/fastcgi-php.conf
+      - ./conf/mime.types:/usr/local/openresty/nginx/conf/mime.types
+      - ./log:/var/log/nginx
+      - ./conf/conf.d:/usr/local/openresty/nginx/conf/conf.d/
+      - ./www:/www
+      - ./root:/usr/share/nginx/html
+      - /etc/localtime:/etc/localtime
+      - ./1pwaf/data:/usr/local/openresty/1pwaf/data
+    labels:
+      createdBy: "Apps"

openresty/1.21.4.3-3-3-focal/scripts/init.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+source ./.env
+
+sed -i -E "s/(listen[[:space:]]+)(80)([[:space:]]*;)/\1${PANEL_APP_PORT_HTTP}\3/" conf/conf.d/00.default.conf
+sed -i -E "s/(listen[[:space:]]+)(443)([[:space:]]+ssl[[:space:]]+http2;)/\1${PANEL_APP_PORT_HTTPS}\3/" conf/conf.d/00.default.conf
+
+sed -i -E "s/(listen[[:space:]]+)(80)([[:space:]]*;)/\1${PANEL_APP_PORT_HTTP}\3/" conf/conf.d/default.conf
+

openresty/1.27.1.1-1-focal/1pwaf/data/default/monitor.json

@@ -0,0 +1,30 @@
+{
+  "state": "off",
+  "exclude": {
+    "extensions": [
+      "png",
+      "gif",
+      "jpg",
+      "css",
+      "js",
+      "svg",
+      "jpeg",
+      "woff",
+      "woff2",
+      "bmp",
+      "swf",
+      "icon",
+      "ttf",
+      "eot"
+    ],
+    "status": [],
+    "uri": [
+      "/favicon.ico"
+    ],
+    "ua": [],
+    "ip": []
+  },
+  "log": {
+    "maxDay": 180
+  }
+}

openresty/1.27.1.1-1-focal/1pwaf/data/html/5s.js

@@ -0,0 +1,24 @@
+window.onload = function () {
+    setTimeout(function () {
+        showSuccess();
+        verifySucc();
+    }, 5000);
+
+    function showSuccess() {
+        document.getElementById("loadingText").style.display = "none";
+        document.getElementById("loadingSuccess").style.display = "block";
+        document.querySelector(".loadingSpinner").style.display = "none";
+    }
+
+    function verifySucc() {
+        let xhr = new XMLHttpRequest();
+        xhr.onreadystatechange = function () {
+            if (xhr.readyState === 4 && xhr.status === 200) {
+                window.location.reload();
+            }
+        };
+        const requestUrl = "%s-%s-%s-%s-%s-";
+        xhr.open("GET", requestUrl, true);
+        xhr.send();
+    }
+}

openresty/1.27.1.1-1-focal/1pwaf/data/html/redirect.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html lang="zh-cn">
+<head>
+  <title>网站防火墙</title>
+  <style>
+* { box-sizing: border-box; margin: 0; padding: 0; }
+body { font-family: '微软雅黑', sans-serif; background-color: #282c34; color: #fff; text-align: center; padding: 50px; }
+.main { max-width: 600px; margin: 10% auto; background-color: #3a3a3a; border-radius: 8px; padding: 20px; box-shadow: 0 4px 8px rgba(0, 0, 0, 0.2); }
+.title { background: #ff4d4d; color: #fff; font-size: 24px; height: 60px; line-height: 60px; border-radius: 8px 8px 0 0; }
+.content { background-color: #444; border: 1px solid #666; border-radius: 0 0 8px 8px; padding: 20px; margin-top: -1px; }
+.t1 { color: #ff9999; font-weight: bold; margin: 0 0 20px; }
+.footer { margin-top: 10px; font-size: 12px; color: #999; }
+  </style>
+</head>
+<body>
+<div class="main">
+  <div class="title">网站防火墙</div>
+  <div class="content">
+    <p class="t1">您的请求不合法，已被拒绝</p>
+  </div>
+  <div class="footer">此网站防护来自 1Panel</div>
+</div>
+</body>
+</html>

openresty/1.27.1.1-1-focal/1pwaf/data/html/slide.js

@@ -0,0 +1,82 @@
+window.onload = function () {
+    (function () {
+        const dragContainer = document.getElementById("dragContainer");
+        const dragBg = document.getElementById("dragBg");
+        const dragText = document.getElementById("dragText");
+        const dragHandler = document.getElementById("dragHandler");
+        const maxHandleOffset = dragContainer.clientWidth - dragHandler.clientWidth;
+        let isVertifySucc = false;
+
+        initDrag();
+
+        function initDrag() {
+            dragText.textContent = "拖动滑块验证";
+            dragHandler.addEventListener("mousedown", onDragStart);
+            dragHandler.addEventListener("touchstart", onDragStart);
+        }
+
+        function onDragStart(a) {
+            a.preventDefault();
+            if (a.type === "mousedown" || (a.type === "touchstart" && a.touches.length === 1)) {
+                document.addEventListener("mousemove", onDragMove);
+                document.addEventListener("touchmove", onDragMove);
+                document.addEventListener("mouseup", onDragEnd);
+                document.addEventListener("touchend", onDragEnd);
+            }
+        }
+
+        function onDragMove(a) {
+            let clientX;
+            if (a.type === "mousemove") {
+                clientX = a.clientX;
+            } else if (a.type === "touchmove" && a.touches.length === 1) {
+                clientX = a.touches[0].clientX;
+            }
+            let containerOffsetX = clientX - dragContainer.getBoundingClientRect().left;
+            let left = containerOffsetX - dragHandler.clientWidth / 2;
+            if (left < 0) {
+                left = 0;
+            } else if (left > maxHandleOffset) {
+                left = maxHandleOffset;
+            }
+            dragHandler.style.left = left + "px";
+            dragBg.style.width = dragHandler.style.left;
+        }
+
+        function onDragEnd() {
+            document.removeEventListener("mousemove", onDragMove);
+            document.removeEventListener("touchmove", onDragMove);
+            document.removeEventListener("mouseup", onDragEnd);
+            document.removeEventListener("touchend", onDragEnd);
+
+            if (!isVertifySucc) {
+                let left = dragHandler.offsetLeft;
+                if (left >= maxHandleOffset) {
+                    verifySucc();
+                } else {
+                    dragHandler.style.left = "0px";
+                    dragBg.style.width = "0px";
+                }
+            }
+        }
+
+        function verifySucc() {
+            isVertifySucc = true;
+            dragText.textContent = "验证通过";
+            dragText.style.color = "white";
+            dragHandler.setAttribute("class", "dragHandlerOkBg");
+            dragHandler.removeEventListener("mousedown", onDragStart);
+            dragHandler.removeEventListener("touchstart", onDragStart);
+
+            let xhr = new XMLHttpRequest();
+            xhr.onreadystatechange = function () {
+                if (xhr.readyState === 4 && xhr.status === 200) {
+                    window.location.reload();
+                }
+            };
+            const requestUrl = "%s-%s-%s-%s-%s-";
+            xhr.open("GET", requestUrl, true);
+            xhr.send();
+        }
+    })();
+};

openresty/1.27.1.1-1-focal/1pwaf/data/rules/cdn.json

@@ -0,0 +1,48 @@
+{
+  "rules": [
+    {
+      "rule": "x-forwarded-for"
+    },
+    {
+      "rule": "x-real-ip"
+    },
+    {
+      "rule": "x-forwarded"
+    },
+    {
+      "rule": "forwarded-for"
+    },
+    {
+      "rule": "forwarded"
+    },
+    {
+      "rule": "true-client-ip"
+    },
+    {
+      "rule": "client-ip"
+    },
+    {
+      "rule": "ali-cdn-real-ip"
+    },
+    {
+      "rule": "cdn-src-ip"
+    },
+    {
+      "rule": "cdn-real-ip"
+    },
+    {
+      "rule": "cf-connecting-ip"
+    },
+    {
+      "rule": "x-cluster-client-ip"
+    },
+    {
+      "rule": "wl-proxy-client-ip"
+    },
+    {
+      "rule": "proxy-client-ip"
+    }
+  ],
+  "type": "headers",
+  "header": "x-real-ip"
+}

openresty/1.27.1.1-1-focal/1pwaf/data/rules/fileExt.json

@@ -0,0 +1,34 @@
+{
+  "rules": [
+    {
+      "state": "on",
+      "rule": "php",
+      "name": "php",
+      "type": "fileExt"
+    },
+    {
+      "state": "on",
+      "rule": "jsp",
+      "name": "jsp",
+      "type": "fileExt"
+    },
+    {
+      "state": "on",
+      "rule": "asp",
+      "name": "asp",
+      "type": "fileExt"
+    },
+    {
+      "state": "on",
+      "rule": "exe",
+      "name": "exe",
+      "type": "fileExt"
+    },
+    {
+      "state": "on",
+      "rule": "sh",
+      "name": "sh",
+      "type": "fileExt"
+    }
+  ]
+}

openresty/1.27.1.1-1-focal/1pwaf/data/rules/ipBlack.json

@@ -0,0 +1,4 @@
+{
+  "rules": [
+  ]
+}

openresty/1.27.1.1-1-focal/1pwaf/data/rules/ipWhite.json

@@ -0,0 +1,4 @@
+{
+  "rules": [
+  ]
+}

openresty/1.27.1.1-1-focal/1pwaf/data/rules/methodWhite.json

@@ -0,0 +1,130 @@
+{
+  "rules": [
+    {
+      "state": "on",
+      "rule": "GET",
+      "name": "GET",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "POST",
+      "name": "POST",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "PUT",
+      "name": "PUT",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "DELETE",
+      "name": "DELETE",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "PATCH",
+      "name": "PATCH",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "HEAD",
+      "name": "HEAD",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "OPTIONS",
+      "name": "OPTIONS",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "TRACE",
+      "name": "TRACE",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "CONNECT",
+      "name": "CONNECT",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "PROPFIND",
+      "name": "PROPFIND",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "PROPPATCH",
+      "name": "PROPPATCH",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "MKCOL",
+      "name": "MKCOL",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "COPY",
+      "name": "COPY",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "MOVE",
+      "name": "MOVE",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "LOCK",
+      "name": "LOCK",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "UNLOCK",
+      "name": "UNLOCK",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "LINK",
+      "name": "LINK",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "UNLINK",
+      "name": "UNLINK",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "WRAPPED",
+      "name": "WRAPPED",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "PROPFIND",
+      "name": "PROPFIND",
+      "type": "httpMethod"
+    },
+    {
+      "state": "on",
+      "rule": "SRARCH",
+      "name": "SRARCH",
+      "type": "httpMethod"
+    }
+  ]
+}

openresty/1.27.1.1-1-focal/1pwaf/data/rules/post.json

@@ -0,0 +1,121 @@
+{
+    "rules": [
+        {
+            "state": "on",
+            "name": "sqlInject1",
+            "rule": "select.+(from|limit)",
+            "type": "sqlInject"
+        },
+        {
+            "state": "on",
+            "name": "sqlInject2",
+            "rule": "(?:(union(.*?)select))",
+            "type": "sqlInject"
+        },
+        {
+            "state": "on",
+            "name": "sqlInject3",
+            "rule": "having|rongjitest",
+            "type": "sqlInject"
+        },
+        {
+            "state": "on",
+            "name": "sqlInject4",
+            "rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
+            "type": "sqlInject"
+        },
+        {
+            "state": "on",
+            "name": "sqlInject5",
+            "rule": "benchmark\\((.*)\\,(.*)\\)",
+            "type": "sqlInject"
+        },
+        {
+            "state": "on",
+            "name": "sqlInject6",
+            "rule": "group\\s+by.+\\(",
+            "type": "sqlInject"
+        },
+        {
+            "state": "on",
+            "name": "sqlInject7",
+            "rule": "(?:from\\W+information_schema\\W)",
+            "type": "sqlInject"
+        },
+        {
+            "state": "on",
+            "name": "sqlInject8",
+            "rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
+            "type": "sqlInject"
+        },
+        {
+            "state": "on",
+            "name": "sqlInject9",
+            "rule": "into(\\s+)+(?:dump|out)file\\s*",
+            "type": "sqlInject"
+        },
+        {
+            "state": "on",
+            "name": "args1",
+            "rule": "xwork.MethodAccessor",
+            "type": "args",
+            "description": "Struts 恶意参数过滤"
+        },
+        {
+            "state": "on",
+            "name": "args2",
+            "rule": "xwork\\.MethodAccessor",
+            "type": "args",
+            "description": "Struts 恶意参数过滤"
+        },
+        {
+            "state": "on",
+            "name": "oneWordTrojan1",
+            "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
+            "type": "oneWordTrojan"
+        },
+        {
+            "state": "on",
+            "name": "protocolFilter1",
+            "rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
+            "type": "protocolFilter",
+            "description": "协议过滤"
+        },
+        {
+            "state": "on",
+            "name": "oneWordTrojan2",
+            "rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
+            "type": "oneWordTrojan"
+        },
+        {
+            "state": "on",
+            "name": "xss1",
+            "rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
+            "type": "xss"
+        },
+        {
+            "state": "on",
+            "name": "xss2",
+            "rule": "(onmouseover|onerror|onload)\\=",
+            "type": "xss"
+        },
+        {
+            "state": "on",
+            "name": "xss3",
+            "rule": "base64_decode\\(",
+            "type": "xss"
+        },
+        {
+            "state": "on",
+            "name": "dirFilter1",
+            "rule": "(?:etc\\/\\W*passwd)",
+            "type": "dirFilter"
+        },
+        {
+            "state": "on",
+            "name": "dirFilter2",
+            "rule": "java\\.lang",
+            "type": "dirFilter"
+        }
+    ]
+}

openresty/1.27.1.1-1-focal/1pwaf/data/rules/uaBlack.json

@@ -0,0 +1,4 @@
+{
+  "rules": [
+  ]
+}