Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not create empty access_by_lua_block #4007

Merged
merged 1 commit into from
Apr 13, 2019
Merged

do not create empty access_by_lua_block #4007

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions rootfs/etc/nginx/template/nginx.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -990,8 +990,12 @@ stream {
plugins.run()
}

{{ if shouldConfigureLuaRestyWAF $all.Cfg.DisableLuaRestyWAF $location.LuaRestyWAF.Mode }}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# that means currently `satisfy any` and lua-resty-waf together will potentiall render any
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
access_by_lua_block {
{{ if shouldConfigureLuaRestyWAF $all.Cfg.DisableLuaRestyWAF $location.LuaRestyWAF.Mode }}
local lua_resty_waf = require("resty.waf")
local waf = lua_resty_waf:new()

Expand Down Expand Up @@ -1032,10 +1036,8 @@ stream {
{{ end }}

waf:exec()
{{ end }}

plugins.run()
}
{{ end }}

header_filter_by_lua_block {
{{ if shouldConfigureLuaRestyWAF $all.Cfg.DisableLuaRestyWAF $location.LuaRestyWAF.Mode }}
Expand Down