Added e-mail notification and custom hooks support

This commit is contained in:
Dorian Niemiec 2023-08-30 11:27:25 +02:00
parent 42b5f300e6
commit 336d7c0c8c
2 changed files with 72 additions and 11 deletions

View file

@ -1,13 +1,21 @@
var EasyWaf = require('easy-waf'); var EasyWaf = require('easy-waf');
if(EasyWaf.default) { if(EasyWaf.default) {
EasyWaf = EasyWaf.default; EasyWaf = EasyWaf.default;
}
var nodemailer = undefined;
try {
var nodemailer = require('nodemailer');
} catch(ex) {
} }
var fs = require("fs"); var fs = require("fs");
var os = require("os"); var os = require("os");
var url = require("url"); var url = require("url");
var easywafconfig = {}; var easywafconfig = {};
var easywafhooks = {};
var logm = {}; var logm = {};
if (fs.existsSync(__dirname + "/../../../easywaf-config.json")) easywafconfig = JSON.parse(fs.readFileSync(__dirname + "/../../../easywaf-config.json").toString()) if (fs.existsSync(__dirname + "/../../../easywaf-config.json")) easywafconfig = JSON.parse(fs.readFileSync(__dirname + "/../../../easywaf-config.json").toString());
if (fs.existsSync(__dirname + "/../../../easywaf-hooks.js")) easywafhooks = require(__dirname + "/../../../easywaf-hooks.js");
function createRegex(regex) { function createRegex(regex) {
var regexObj = regex.split("/"); var regexObj = regex.split("/");
if (regexObj.length == 0) throw new Error("Invalid regex!"); if (regexObj.length == 0) throw new Error("Invalid regex!");
@ -26,21 +34,74 @@ if(easywafconfig.modules) {
} }
} }
var mailtransport = undefined;
if(nodemailer && easywafconfig.mailConfig && easywafconfig.mailConfig.serverConfig) {
mailtransport = nodemailer.createTransport(easywafconfig.mailConfig.serverConfig);
}
easywafconfig.preBlockHook = function(req, moduleInfo, ip) { easywafconfig.preBlockHook = function(req, moduleInfo, ip) {
var returnvalue = true;
if(easywafhooks.preBlockHook) {
try { try {
logm[ip]("Request blocked by EasyWAF. Module: " + moduleInfo.name); var customPreBlockHookResult = easywafhooks.preBlockHook(req, moduleInfo, ip);
if(typeof customPreBlockHookResult !== "undefined") returnvalue = customPreBlockHookResult;
} catch(ex) {
logm[ip].locwarnmessage("There was a problem when executing custom pre-block hook!");
logm[ip].locwarnmessage("Stack:");
logm[ip].locwarnmessage(ex.stack);
}
}
if(returnvalue) {
try {
logm[ip].errmessage("Request blocked by EasyWAF. Module: " + moduleInfo.name);
} catch (ex) { } catch (ex) {
} }
return true; }
return returnvalue;
} }
easywafconfig.postBlockHook = function(req, moduleInfo, ip) {
if(easywafhooks.postBlockHook) {
try {
easywafhooks.postBlockHook(req, moduleInfo, ip);
} catch(ex) {
logm[ip].locwarnmessage("There was a problem when executing custom post-block hook!");
logm[ip].locwarnmessage("Stack:");
logm[ip].locwarnmessage(ex.stack);
}
}
if(mailtransport) {
var fromAddress = easywafconfig.mailConfig.from;
if(easywafconfig.mailConfig.from && !easywafconfig.mailConfig.from.match(/ <[^<>]+>$/)) {
fromAddress = "\"easy-waf integration with SVR.JS\" <" + fromAddress + ">";
}
mailtransport.sendMail({
from: fromAddress,
to: easywafconfig.mailConfig.to,
subject: "Request blocked by EasyWAF from " + ip + " - Urgent Attention Required",
text: "Dear Webmaster,\n\nI hope this email finds you well. I am writing to inform you that a request has been blocked by our Web Application Firewall (WAF) and it requires your immediate attention.\n\nThe WAF module that flagged this request is \"" + moduleInfo.name + "\". We have received an automated message from the WAF system indicating that a request to " + req.url + " from the following IP address " + ip + " has been blocked due to security concerns.\n\nTo ensure the smooth functioning of our website and prevent any potential threats, it is crucial that you investigate this issue promptly. Please review the logs to gather more information about the specific request that triggered the block.\n\nOnce you have identified the reason for the block, please take the necessary steps to either whitelist the IP address or address any potential security vulnerabilities that may have caused the block. This will ensure that legitimate users can access our website without any interruptions.\n\nIf you require any assistance or further information regarding this issue, please do not hesitate to contact either EasyWAF support at info[at]timokoessler[dot]de or SVR.JS support at support[at]svrjs[dot]org. We are here to help you resolve any concerns related to the WAF.\n\nThank you for your immediate attention to this matter. We appreciate your efforts in maintaining the security and integrity of our website.",
html: ("Dear Webmaster,\n\nI hope this email finds you well. I am writing to inform you that a request has been blocked by our Web Application Firewall (WAF) and it requires your immediate attention.\n\nThe WAF module that flagged this request is \"" + moduleInfo.name + "\". We have received an automated message from the WAF system indicating that a request to " + req.url + " from the following IP address " + ip + " has been blocked due to security concerns.\n\nTo ensure the smooth functioning of our website and prevent any potential threats, it is crucial that you investigate this issue promptly. Please review the logs to gather more information about the specific request that triggered the block.\n\nOnce you have identified the reason for the block, please take the necessary steps to either whitelist the IP address or address any potential security vulnerabilities that may have caused the block. This will ensure that legitimate users can access our website without any interruptions.\n\nIf you require any assistance or further information regarding this issue, please do not hesitate to contact either EasyWAF support at info[at]timokoessler[dot]de or SVR.JS support at support[at]svrjs[dot]org. We are here to help you resolve any concerns related to the WAF.\n\nThank you for your immediate attention to this matter. We appreciate your efforts in maintaining the security and integrity of our website.").replace(/&/g,"&amp;").replace(/\</g,"&lt;").replace(/\>/g,"&gt;").replace(/[\r\n]/g,"<br/>")
}).catch(function (ex) {
logm[ip].locwarnmessage("There was a problem when sending e-mail!");
logm[ip].locwarnmessage("Stack:");
logm[ip].locwarnmessage(ex.stack);
});
} else if(easywafconfig.mailConfig) {
logm[ip].locwarnmessage("You need to install \"nodemailer\" module in order for easy-waf integration to send e-mails!");
}
}
easywafconfig.disableLogging = true; easywafconfig.disableLogging = true;
const easyWaf = EasyWaf(easywafconfig); const easyWaf = EasyWaf(easywafconfig);
function Mod() {} function Mod() {}
Mod.prototype.callback = function callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, defaultpage, users, page404, head, foot, fd, elseCallback, configJSON, callServerError) { Mod.prototype.callback = function callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, defaultpage, users, page404, head, foot, fd, elseCallback, configJSON, callServerError) {
return function() { return function() {
logm[req.socket.remoteAddress] = serverconsole.errmessage; logm[req.socket.remoteAddress] = serverconsole;
if(!logm[req.socket.remoteAddress].locwarnmessage) logm[req.socket.remoteAddress].locwarnmessage = logm[req.socket.remoteAddress].errmessage;
//REQ.BODY //REQ.BODY
function readableHandler() { function readableHandler() {
try { try {
@ -54,9 +115,9 @@ Mod.prototype.callback = function callback(req, res, serverconsole, responseEnd,
//EASYWAF //EASYWAF
easyWaf(req, res, function() { easyWaf(req, res, function() {
if ((href == "/easywaf-config.json" || (os.platform() == "win32" && href.toLowerCase() == "/easywaf-config.json")) && __dirname == process.cwd()) { if (((href == "/easywaf-config.json" || (os.platform() == "win32" && href.toLowerCase() == "/easywaf-config.json")) || (href == "/easywaf-hooks.js" || (os.platform() == "win32" && href.toLowerCase() == "/easywaf-hooks.js"))) && __dirname == process.cwd()) {
if (callServerError) { if (callServerError) {
callServerError(403, "easy-waf-integration/1.0.0"); callServerError(403, "easy-waf-integration/1.2.0");
} else { } else {
res.writeHead(403, "Forbidden", { res.writeHead(403, "Forbidden", {
"Server": "SVR.JS" "Server": "SVR.JS"

View file

@ -1,4 +1,4 @@
{ {
"name": "Integration with EasyWAF", "name": "Integration with EasyWAF",
"version": "Nightly-GitMaster" "version": "Nightly-GitMain"
} }