Please help to make Dos rule work, thanks.

[ryanlycch]

I can't make Dos rule working on lua-resty-waf, the ab test didn't see failed request, didn't see log in logfile but can get other rule logs in logfile.

the dos rule used from https://gist.github.com/p0pr0ck5/73d13fc60e5f26ae4aa6ae8238f4c5d3, didn't change anything, just changed the name to 90000-custom.json and put it to rules directory.

The openresty version is : 1.11.2.4, the lua-resty-waf version is: 0.11.1

I also tried convert CRSv3.0 912-DOS rule but still can't work.

Is there any suggestions to help me to find out the problem.

Thanks very much and sorry for my bad English.

the nginx.conf [http] section:

`http { lua_shared_dict waf 10m;

init_by_lua_block { require "resty.core" local lua_resty_waf = require "resty.waf" lua_resty_waf.init() }

server { listen 80; servername ; root /var/www/waf; error_log /var/log/nginx/err_waf.log; access_log /var/log/nginx/access_waf.log;

location / {
  access_by_lua_block {
    local lua_resty_waf = require "resty.waf"
    local waf = lua_resty_waf:new()
    waf:set_option("storage_zone", "waf")
    waf:set_option("debug", true)
    waf:set_option("debug_log_level", ngx.DEBUG)
    waf:set_option("mode", "ACTIVE")
    waf:set_option("ignore_ruleset", "11000_whitelist")
    waf:set_option("ignore_ruleset", "20000_http_violation")
    waf:set_option("ignore_ruleset", "21000_http_anomaly")
    waf:set_option("ignore_ruleset", "35000_user_agent")
    waf:set_option("ignore_ruleset", "40000_generic_attack")
    waf:set_option("ignore_ruleset", "41000_sqli")
    waf:set_option("ignore_ruleset", "42000_xss")
    waf:set_option("ignore_ruleset", "99000_scoring")
    waf:set_option("event_log_periodic_flush", 5)
    waf:set_option("event_log_target", "file")
    waf:set_option("event_log_target_path", "/var/log/nginx/waf.log")
    waf:set_option("event_log_request_headers", true)
    waf:set_option("event_log_request_arguments", true)
    waf:set_option("event_log_request_body", true)
    waf:set_option("event_log_verbosity", 4)
    waf:exec()        
  }
  log_by_lua_block {
    local lua_resty_waf = require "resty.waf"
    local waf = lua_resty_waf:new()
    waf:exec()
  }
}

} } `

ab test result: `ab -kn 100000 -c 100 http://localhost/ This is ApacheBench, Version 2.3 <$Revision: 1430300 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking localhost (be patient) Completed 10000 requests Completed 20000 requests Completed 30000 requests Completed 40000 requests Completed 50000 requests Completed 60000 requests Completed 70000 requests Completed 80000 requests Completed 90000 requests Completed 100000 requests Finished 100000 requests

Server Software: openresty/1.11.2.4 Server Hostname: localhost Server Port: 80

Document Path: / Document Length: 5 bytes

Concurrency Level: 100 Time taken for tests: 11.600 seconds Complete requests: 100000 Failed requests: 0 Write errors: 0 Keep-Alive requests: 99049 Total transferred: 24495245 bytes HTML transferred: 500000 bytes Requests per second: 8620.48 [#/sec] (mean) Time per request: 11.600 [ms] (mean) Time per request: 0.116 [ms] (mean, across all concurrent requests) Transfer rate: 2062.12 [Kbytes/sec] received`

[p0pr0ck5]

Sorry for the delayed reply. I suspect that gist is far out of date. Consider instead using the https://github.com/p0pr0ck5/lua-resty-waf#lua-resty-wafload_secrules interface to load the SecRules definitions directly.

[p0pr0ck5]

Closing as out of date and stale.