89 lines
2.1 KiB
Lua
89 lines
2.1 KiB
Lua
-- 公共配置文件
|
||
-- 集中管理所有模块的通用配置
|
||
|
||
local _M = {}
|
||
|
||
-- ============================================
|
||
-- IP速率限制配置
|
||
-- ============================================
|
||
_M.rate_limit = {
|
||
-- 是否启用
|
||
enabled = true,
|
||
|
||
-- 共享内存字典名称(需在nginx.conf中定义)
|
||
shared_dict = "ip_rate_limit",
|
||
|
||
-- 时间窗口(秒):统计多长时间内的请求
|
||
time_window = 60,
|
||
|
||
-- 最大请求次数:时间窗口内允许的最大请求数
|
||
max_requests = 100,
|
||
|
||
-- 处置策略:allow / rate_limit / block
|
||
action = "rate_limit",
|
||
|
||
-- HTTP状态码(根据action自动设置,也可手动指定)
|
||
status_code = nil,
|
||
|
||
-- 拒绝访问时的响应消息
|
||
message = nil
|
||
}
|
||
|
||
-- ============================================
|
||
-- User-Agent限制配置
|
||
-- ============================================
|
||
_M.ua_limit = {
|
||
-- 是否启用
|
||
enabled = false,
|
||
|
||
-- 处置策略:allow / rate_limit / block
|
||
action = "block",
|
||
|
||
-- HTTP状态码
|
||
status_code = 403,
|
||
|
||
-- 拒绝访问时的响应消息
|
||
message = "Access denied",
|
||
|
||
-- 黑名单User-Agent列表(匹配到的UA会被阻止)
|
||
blacklist = {
|
||
-- "BadBot",
|
||
-- "Scraper",
|
||
-- "Spider"
|
||
},
|
||
|
||
-- 白名单User-Agent列表(匹配到的UA总是放行)
|
||
whitelist = {
|
||
-- "Googlebot",
|
||
-- "Bingbot"
|
||
}
|
||
}
|
||
|
||
-- ============================================
|
||
-- 域名配置(IP速率限制模块使用)
|
||
-- ============================================
|
||
_M.domains = {
|
||
-- 在此添加需要启用限流的域名
|
||
-- 留空表示对所有域名生效
|
||
-- 示例:
|
||
-- "example.com",
|
||
-- "api.example.com",
|
||
}
|
||
|
||
-- ============================================
|
||
-- 日志配置(所有模块共用)
|
||
-- ============================================
|
||
_M.log_config = {
|
||
-- 是否启用日志
|
||
enabled = true,
|
||
|
||
-- 日志级别:DEBUG, INFO, WARN, ERROR
|
||
log_level = "INFO",
|
||
log_path = "/usr/local/openresty/nginx/logs/waf.log",
|
||
|
||
log_request_details = true,
|
||
log_allowed = true
|
||
}
|
||
|
||
return _M
|