diff --git a/resource/misc/pangu_ctrl.json b/resource/misc/pangu_http.json similarity index 55% rename from resource/misc/pangu_ctrl.json rename to resource/misc/pangu_http.json index f7ee135..bb92dbe 100644 --- a/resource/misc/pangu_ctrl.json +++ b/resource/misc/pangu_http.json @@ -3,91 +3,13 @@ "group_table": "PXY_CTRL_GROUP", "rules": [ { - "compile_id": 125, + "compile_id": 1021, "service": 1, "action": 48, "do_blacklist": 1, - "do_log": 1, + "do_log": 1, "effective_range": 0, - "user_region": "code=302;url=http://news.baidu.com", - "is_valid": "yes", - "groups": [ - { - "regions": [ - { - "table_name": "PXY_CTRL_HTTP_URL", - "table_type": "string", - "table_content": { - "keywords": "kernel-3.10.0-327.el7.src.rpm", - "expr_type": "regex", - "match_method": "sub", - "format": "uncase plain" - } - } - ] - } - ] - }, - { - "compile_id": 128, - "service": 1, - "action": 16, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "user_region": "code=302;url=http://news.baidu.com", - "is_valid": "yes", - "groups": [ - { - "regions": [ - { - "table_name": "PXY_CTRL_HTTP_RES_BODY", - "table_type": "string", - "table_content": { - "keywords": "hello=world", - "expr_type": "regex", - "match_method": "sub", - "format": "uncase plain" - } - } - ] - } - ] - }, - { - "compile_id": 127, - "service": 1, - "action": 80, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "user_region": "zone=http_resp_body;regex=/house.qq.com/www.renren.com", - "is_valid": "yes", - "groups": [ - { - "regions": [ - { - "table_name": "PXY_CTRL_HTTP_URL", - "table_type": "string", - "table_content": { - "keywords": "www.qq.com", - "expr_type": "none", - "match_method": "left", - "format": "uncase plain" - } - } - ] - } - ] - }, - { - "compile_id": 130, - "service": 1, - "action": 48, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "user_region": "code=404;content=", + "user_region": "{\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.baidu.com/index.html\"}", "is_valid": "yes", "groups": [ { @@ -97,60 +19,7 @@ "table_type": "string", "table_content": { "keywords": "www.google.com", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } - } - ] - } - ] - }, - { - "compile_id": 131, - "service": 1, - "action": 48, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "user_region": "code=404;content=", - "is_valid": "yes", - "groups": [ - { - "regions": [ - { - "table_name": "PXY_CTRL_HTTP_RES_BODY", - "table_type": "string", - "table_content": { - "keywords": "动物世界", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } - } - ] - } - ] - }, - { - "compile_id": 133, - "service": 1, - "action": 48, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "user_region": "{\"cache_key\":{\"ignore_qs\":[\"sqp\",\"rs\"],\"cookie\":\"jsession_id\"},\"no_revalidate\":0,\"cache_dyn_url\":1,\"cache_cookied_cont\":1,\"ignore_srv_nocache\":1,\"ignore_cli_nocache\":1,\"force_caching\":1,\"min_use\":1,\"pinning_time\":\"60m\",\"max_cache_size\":\"1t\",\"inactive_time\":\"1h\"}", - "is_valid": "yes", - "table_name":"PXY_CACHE_COMPILE", - "groups": [ - { - "regions": [ - { - "table_name": "PXY_CACHE_HTTP_URL", - "table_type": "string", - "table_content": { - "keywords": "i.ytimg.com", - "expr_type": "none", + "expr_type": "regex", "match_method": "sub", "format": "uncase plain" } @@ -159,52 +28,24 @@ } ] }, - { - "compile_id": 134, + { + "compile_id": 1022, "service": 1, - "action": 128, + "action": 48, "do_blacklist": 1, - "do_log": 1, + "do_log": 1, "effective_range": 0, - "user_region": "{}", + "user_region": "{\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":101}", "is_valid": "yes", - "table_name":"PXY_CACHE_COMPILE", "groups": [ { "regions": [ { - "table_name": "PXY_CACHE_HTTP_URL", - "table_type": "string", - "table_content": { - "keywords": "mesalab.cn", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } - } - ] - } - ] - }, - { - "compile_id": 135, - "service": 1, - "action": 48, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "user_region": "{\"cache_key\":{\"cookie\":\"MUID\"},\"cache_dyn_url\":1,\"cache_cookied_cont\":1}", - "is_valid": "yes", - "table_name":"PXY_CACHE_COMPILE", - "groups": [ - { - "regions": [ - { - "table_name": "PXY_CACHE_HTTP_URL", + "table_name": "PXY_CTRL_HTTP_URL", "table_type": "string", "table_content": { "keywords": "cn.bing.com", - "expr_type": "none", + "expr_type": "regex", "match_method": "sub", "format": "uncase plain" } @@ -212,19 +53,165 @@ ] } ] - } + }, + { + "compile_id": 1023, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"比特币\",\"replace_with\":\"硬币\"}]}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "edu.csdn.net/course/detail/6998", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1024, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"method\":\"hijack\",\"hijack_profile\":201}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "www.wireshark.org/download/win32/WiresharkPortable_2.6.8.paf.exe", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1025, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"method\":\"hijack\",\"hijack_profile\":201}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "www.downcc.com/ajax.asp", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1026, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"method\":\"insert\",\"insert_profile\":302}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "mirror.hoster.kz/centos", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 1027, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "{\"method\":\"insert\",\"insert_profile\":303,\"position\":\"before-page-load\"}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "100wa.com/music", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + } ], "plugin_table": [ { - "table_name": "PXY_OBJ_TRUSTED_CA_CERT", + "table_name": "PXY_PROFILE_RESPONSE_PAGES", "table_content": [ - "1\tDigiCertSHA2SecureServerCA\t./pangu_files/DigiCertSHA2SecureServerCA.pem\t1" + "101\t404\thtml\t./resource/pangu/404.html\t1", + "102\tHTTP403\ttemplate\t./resource/pangu/HTTP403.html\t1" ] }, { - "table_name": "PXY_OBJ_TRUSTED_CA_CRL", + "table_name": "PXY_PROFILE_HIJACK_FILES", "table_content": [ - "1\t1\t./pangu_files/ssca-sha2-g5.crl\t1" + "201\tchakanqi.exe\tapplication/x-msdos-program\t./resource/pangu/chakanqi.exe\t1" + ] + }, + { + "table_name": "PXY_PROFILE_INSERT_SCRIPTS", + "table_content": [ + "301\ttime\tjs\t./resource/pangu/time.js\t1", + "302\tu1\tcss\t./resource/pangu/u1.css\t1", + "303\tu1\tjs\t./resource/pangu/alert.js\t1" + ] + }, + { + "table_name": "PXY_INTERCEPT_COMPILE", + "table_content": [ + "0\t0\t2\t1\t1\t{}\t{\"keyring\":1,\"exclusions\":{\"ev_cert\":1,\"cert_transparency\":1,\"client_cert_req\":1,\"pinning\":1},\"cert_verify\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_method\":\"fail-close\"},\"ssl_ver\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", + "1\t0\t2\t1\t1\t{}\t{\"keyring\":2,\"exclusions\":{\"ev_cert\":0,\"cert_transparency\":0,\"client_cert_req\":1,\"pinning\":1},\"cert_verify\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_method\":\"pass-through\"},\"ssl_ver\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2" ] } ] diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index 993add6..6598c77 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -29,4 +29,8 @@ 11 PXY_CACHE_HTTP_URL expr UTF8 UTF8 yes 0 quickoff 12 PXY_CACHE_HTTP_COOKIE expr UTF8 UTF8 yes 0 quickoff 13 PXY_OBJ_TRUSTED_CA_CERT plugin {"valid":4,"foreign":"3"} -14 PXY_OBJ_TRUSTED_CA_CRL plugin {"valid":4,"foreign":"3"} \ No newline at end of file +14 PXY_OBJ_TRUSTED_CA_CRL plugin {"valid":4,"foreign":"3"} +15 PXY_PROFILE_RESPONSE_PAGES plugin {"key":1,"valid":5} +16 PXY_PROFILE_HIJACK_FILES plugin {"key":1,"valid":5} +17 PXY_PROFILE_INSERT_SCRIPTS plugin {"key":1,"valid":5} +18 PXY_INTERCEPT_COMPILE plugin {"key":1,"valid":8}