主要实现的功能有：        1、支持IP白名单和黑名单功能，直接将黑名单的IP访问拒绝(白名单权重高于黑名单)。        2、支持URL白名单，将不需要过滤的URL进行定义。        3、支持User-Agent的过滤，匹配自定义规则中的条目，然后进行处理（返回403）。        4、支持CC攻击防护，单个URL指定时间的访问次数，超过设定值，直接返回403。        5、支持Cookie过滤，匹配自定义规则中的条目，然后进行处理（返回403）。        6、支持URL过滤，匹配自定义规则中的条目，如果用户请求的URL包含这些，返回403。        7、支持url参数过滤。        8、支持日志记录，将所有拒绝的操作，记录到日志中去。        9、日志记录为JSON格式，便于日志分析，例如使用ELKStack进行收集日志收集、存储、搜索和展示。安装脚本#!/bin/bashsource /etc/profile#下载代码get(){        cd /usr/local/src && \        wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz >/dev/null 2>&1 && echo "get v0.3.0.tar.gz : OK !!" || echo "get v0.3.0.tar.gz : ERROR !!"        wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz >/dev/null 2>&1 && echo "get v0.10.9rc7.tar.gz : OK !!" || echo "get v0.10.9rc7.tar.gz : ERROR !!"        wget http://nginx.org/download/nginx-1.12.1.tar.gz >/dev/null 2>&1 && echo "get nginx-1.12.1.tar.gz : OK !!" || echo "get nginx-1.12.1.tar.gz : ERROR !!"        wget http://luajit.org/download/LuaJIT-2.0.2.tar.gz >/dev/null 2>&1 && echo "get LuaJIT-2.0.2.tar.gz : OK !!" || echo "get LuaJIT-2.0.2.tar.gz : ERROR !!"         wget https://openresty.org/download/ngx_openresty-1.9.3.2.tar.gz >/dev/null 2>&1 && echo "get ngx_openresty-1.9.3.2.tar.gz : OK !!" || echo "get ngx_openresty-1.9.3.2.tar.gz : ERROR !!" }#安装LuaJITluajit_install(){        cd /usr/local/src && \        tar xf LuaJIT-2.0.2.tar.gz >/dev/null 2>&1 && cd LuaJIT-2.0.2 && \        make install prefix=/usr/local/LuaJIT >/dev/null 2>&1 && echo "luajit_install : OK !!" || echo "luajit_install : ERROR !!"}#设置环境变量set_path(){    echo "export LUAJIT_LIB=/usr/local/lib" >>/etc/profile && \    echo "export LUAJIT_INC=/usr/local/include/luajit-2.0" >>/etc/profile && \    source /etc/profile && echo "set path : OK !!" || echo "set path : ERROR !!"}#解压压缩包jy(){    cd /usr/local/src && \    tar xf v0.10.9rc7.tar.gz >/dev/null 2>&1 && \    tar xf v0.3.0.tar.gz >/dev/null 2>&1 && \    tar xf nginx-1.12.1.tar.gz >/dev/null 2>&1 && \    tar xf ngx_openresty-1.9.3.2.tar.gz >/dev/null 2>&1 }#判断：有nginx则什么也不做，没有则添加用户adduser(){    num=`egrep -c "^nginx" /etc/passwd`    [ ${num} -eq 1 ] || useradd -s /sbin/nologin -M nginx && echo "user Already exist"}#编译nginxistall_nginx(){    adduser && jy && \    cd /usr/local/src/nginx-1.12.1 && \    ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --add-module=/usr/local/src/ngx_devel_kit-0.3.0/ --add-module=/usr/local/src/lua-nginx-module-0.10.9rc7/ >/dev/null 2>&1 && make >/dev/null 2>&1 && make install >/dev/null 2>&1 && echo "install nginx : OK !!" || echo "install nginx : ERROR !!"}#配置nginx配置文件conf_nginx(){>/usr/local/nginx/conf/nginx.confcat >> /usr/local/nginx/conf/nginx.confworker_processes  1;events {    worker_connections  1024;}http {    include       mime.types;    default_type  application/octet-stream;    sendfile        on;    keepalive_timeout  65;    server {        listen       80;        server_name  localhost;        location / {            root   html;            index  index.html index.htm;        } location /hello {                default_type 'text/plain';                content_by_lua 'ngx.say("hello,lua")';        }        error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }    }}EOF}#访问nginxcurl_nginx(){    ln -s /usr/local/lib/libluajit-5.1.so.2 /lib64/libluajit-5.1.so.2 && \    /usr/local/nginx/sbin/nginx && \    curl http://127.0.0.1/hellow && \    /usr/local/nginx/sbin/nginx -s stop}#安装openrestyinstall_openresty(){    yum install -y readline-devel pcre-devel openssl-devel >/dev/null 2>&1 && echo "install rely: OK !!" || echo "install rely : ERROR"    cd /usr/local/src && tar xf ngx_openresty-1.9.3.2.tar.gz >/dev/null 2>&1 && cd ngx_openresty-1.9.3.2 && \    ./configure --prefix=/usr/local/openresty --with-luajit --with-http_stub_status_module --with-pcre --with-pcre-jit >/dev/null 2>&1 && \    gmake >/dev/null 2>&1 && gmake install >/dev/null 2>&1 && echo "install openresty : OK !!" || echo "install openresty : ERROR !!" }#下载wafget_waf(){    cd /usr/local/src && \    git clone https://github.com/unixhot/waf.git >/dev/null 2>&1 && \    cp -a ./waf/waf /usr/local/openresty/nginx/conf/ && echo "get WAF : OK !!" || echo "get WAF : ERROR !!"}#设置wafset_waf(){>/usr/local/openresty/nginx/conf/nginx.confcat >> /usr/local/openresty/nginx/conf/nginx.confworker_processes  1;events {    worker_connections  1024;}http {    include       mime.types;    default_type  application/octet-stream;    sendfile        on;    keepalive_timeout  65;#WAF    lua_shared_dict limit 50m;    lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";    init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";    access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";    server {        listen       80;        server_name  localhost;        location /hello {        default_type text/html;        content_by_lua_block {             ngx.say("HelloWorld")       }    }        location / {            root   html;            index  index.html index.htm;        }        error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }    }}EOTchown -R nginx.nginx /usr/local/openresty/}#访问wafcurl_waf(){/usr/local/openresty/nginx/sbin/nginx && \curl http://127.0.0.1/abc.sqlecho "Welcome to (Web Application Firewall)" >/usr/local/openresty/nginx/html/index.html}#总函数main(){    get && \    luajit_install && \    set_path && \    istall_nginx && \    conf_nginx >/dev/null 2>&1 && echo "conf_nginx : OK !!" || echo "conf_nginx : ERROR !!" && \    curl_nginx && \    install_openresty && \    get_waf && \    set_waf >/dev/null 2>&1 && echo "set_waf : OK !!" || echo "set_waf : ERROR !!" && \    curl_waf}main