@abtnode/router-provider 1.16.38-beta-20250204-120121-1a6a1e63 → 1.16.38-beta-20250206-084543-4d7b4331
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -208,6 +208,7 @@ SecRule REQUEST_FILENAME "@endsWith /api/gql" \
|
|
|
208
208
|
chain"
|
|
209
209
|
SecRule REQUEST_METHOD "@pm POST" \
|
|
210
210
|
"ctl:ruleRemoveByTag=attack-rce,\
|
|
211
|
+
ctl:ruleRemoveById=930120,\
|
|
211
212
|
ctl:ruleRemoveById=921110"
|
|
212
213
|
|
|
213
214
|
# Disable some rules for websocket endpoint for blocklet server and service
|
|
@@ -237,6 +238,7 @@ SecRule REQUEST_HEADERS:tus-resumable "@rx ^1\.0\.0$" \
|
|
|
237
238
|
"t:none,\
|
|
238
239
|
ctl:ruleRemoveById=920420"
|
|
239
240
|
|
|
241
|
+
# Fix: did space connect and restore false positive
|
|
240
242
|
SecRule REQUEST_FILENAME "@rx (?:/connect-to-did-space|/restore)$" \
|
|
241
243
|
"id:1009,\
|
|
242
244
|
phase:1,\
|
|
@@ -246,6 +248,7 @@ SecRule REQUEST_FILENAME "@rx (?:/connect-to-did-space|/restore)$" \
|
|
|
246
248
|
SecRule REQUEST_METHOD "@pm GET" \
|
|
247
249
|
"ctl:ruleRemoveById=934110"
|
|
248
250
|
|
|
251
|
+
# Fix: did wallet backup false positive
|
|
249
252
|
SecRule REQUEST_FILENAME "@endsWith /app-records.txt" \
|
|
250
253
|
"id:1010,\
|
|
251
254
|
phase:1,\
|
|
@@ -254,8 +257,10 @@ SecRule REQUEST_FILENAME "@endsWith /app-records.txt" \
|
|
|
254
257
|
chain"
|
|
255
258
|
SecRule REQUEST_METHOD "@pm PUT" \
|
|
256
259
|
"ctl:ruleRemoveById=942550,\
|
|
260
|
+
ctl:ruleRemoveById=942151,\
|
|
257
261
|
ctl:ruleRemoveById=934110"
|
|
258
262
|
|
|
263
|
+
# Fix: did resolver false positive
|
|
259
264
|
SecRule REQUEST_FILENAME "@contains /.well-known/did-resolver/resolve" \
|
|
260
265
|
"id:1011,\
|
|
261
266
|
phase:1,\
|
|
@@ -265,7 +270,8 @@ SecRule REQUEST_FILENAME "@contains /.well-known/did-resolver/resolve" \
|
|
|
265
270
|
SecRule REQUEST_METHOD "@pm GET" \
|
|
266
271
|
"ctl:ruleRemoveById=920440"
|
|
267
272
|
|
|
268
|
-
|
|
273
|
+
# Fix: did connect false positive
|
|
274
|
+
SecRule REQUEST_FILENAME "@contains /.well-known/service/connect" \
|
|
269
275
|
"id:1012,\
|
|
270
276
|
phase:1,\
|
|
271
277
|
pass,\
|
|
@@ -274,7 +280,7 @@ SecRule REQUEST_FILENAME "@endsWith /.well-known/service/connect" \
|
|
|
274
280
|
SecRule REQUEST_METHOD "@pm GET" \
|
|
275
281
|
"ctl:ruleRemoveById=930120"
|
|
276
282
|
|
|
277
|
-
#
|
|
283
|
+
# Fix: dockerfile assets from discuss-kit false positive
|
|
278
284
|
SecRule REQUEST_FILENAME "@rx /.blocklet/proxy/[^/]+/assets/dockerfile-[A-Za-z0-9]{8}\.js$" \
|
|
279
285
|
"id:1013,\
|
|
280
286
|
phase:1,\
|
|
@@ -283,3 +289,23 @@ SecRule REQUEST_FILENAME "@rx /.blocklet/proxy/[^/]+/assets/dockerfile-[A-Za-z0-
|
|
|
283
289
|
chain"
|
|
284
290
|
SecRule REQUEST_METHOD "@pm GET" \
|
|
285
291
|
"ctl:ruleRemoveById=930130"
|
|
292
|
+
|
|
293
|
+
# Fix oauth callback scope false positive
|
|
294
|
+
SecRule REQUEST_FILENAME "@contains /.well-known/service/oauth/callback" \
|
|
295
|
+
"id:1014,\
|
|
296
|
+
phase:1,\
|
|
297
|
+
pass,\
|
|
298
|
+
nolog,\
|
|
299
|
+
chain"
|
|
300
|
+
SecRule REQUEST_METHOD "@pm GET" \
|
|
301
|
+
"ctl:ruleRemoveById=930120"
|
|
302
|
+
|
|
303
|
+
# Fix did-space upload false positive
|
|
304
|
+
SecRule REQUEST_FILENAME "@contains /api/space/" \
|
|
305
|
+
"id:1015,\
|
|
306
|
+
phase:1,\
|
|
307
|
+
pass,\
|
|
308
|
+
nolog,\
|
|
309
|
+
chain"
|
|
310
|
+
SecRule REQUEST_METHOD "@pm PUT PATCH" \
|
|
311
|
+
"ctl:ruleRemoveByTag=attack-rce"
|
package/lib/nginx/index.js
CHANGED
|
@@ -105,6 +105,7 @@ class NginxProvider extends BaseProvider {
|
|
|
105
105
|
this.logDir = path.join(this.configDir, 'log');
|
|
106
106
|
this.accessLog = path.join(this.logDir, 'access.log');
|
|
107
107
|
this.errorLog = path.join(this.logDir, 'error.log');
|
|
108
|
+
this.securityLog = path.join(this.logDir, 'modsecurity.log');
|
|
108
109
|
this.tmpDir = path.join(this.configDir, 'tmp');
|
|
109
110
|
this.certDir = path.join(this.configDir, 'certs');
|
|
110
111
|
this.cacheDir = path.join(this.configDir, 'cache');
|
|
@@ -330,7 +331,7 @@ class NginxProvider extends BaseProvider {
|
|
|
330
331
|
}
|
|
331
332
|
|
|
332
333
|
logger.info('start rotate nginx log files');
|
|
333
|
-
const files = [this.accessLog, this.errorLog];
|
|
334
|
+
const files = [this.accessLog, this.errorLog, this.securityLog];
|
|
334
335
|
const rotateTasks = files.map(
|
|
335
336
|
(file) => rotateNginxLogFile({ file, nginxPid: nginxStatus.pid, cwd: this.logDir, retain })
|
|
336
337
|
// eslint-disable-next-line function-paren-newline
|
|
@@ -981,7 +982,7 @@ class NginxProvider extends BaseProvider {
|
|
|
981
982
|
return {
|
|
982
983
|
access: this.accessLog,
|
|
983
984
|
error: this.errorLog,
|
|
984
|
-
security:
|
|
985
|
+
security: this.securityLog,
|
|
985
986
|
};
|
|
986
987
|
}
|
|
987
988
|
|
|
@@ -226,18 +226,13 @@ SecDataDir ${tmpDir}
|
|
|
226
226
|
#
|
|
227
227
|
#SecUploadFileMode 0600
|
|
228
228
|
|
|
229
|
-
|
|
230
|
-
# -- Debug log configuration -------------------------------------------------
|
|
231
|
-
SecDebugLog ${logDir}/modsecurity-debug.log
|
|
232
|
-
SecDebugLogLevel ${logLevel}
|
|
233
|
-
|
|
234
229
|
# -- Audit log configuration -------------------------------------------------
|
|
235
|
-
SecAuditEngine RelevantOnly
|
|
230
|
+
${logLevel > 0 ? `SecAuditEngine RelevantOnly
|
|
236
231
|
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
|
|
237
232
|
SecAuditLogParts ABIJDEFHZ
|
|
238
233
|
SecAuditLogType Serial
|
|
239
234
|
SecAuditLogFormat Native
|
|
240
|
-
SecAuditLog ${logDir}/modsecurity.log
|
|
235
|
+
SecAuditLog ${logDir}/modsecurity.log` : ''}
|
|
241
236
|
|
|
242
237
|
SecArgumentSeparator &
|
|
243
238
|
SecCookieFormat 0
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@abtnode/router-provider",
|
|
3
|
-
"version": "1.16.38-beta-
|
|
3
|
+
"version": "1.16.38-beta-20250206-084543-4d7b4331",
|
|
4
4
|
"description": "Routing engine implementations for abt node",
|
|
5
5
|
"author": "polunzh <polunzh@gmail.com>",
|
|
6
6
|
"homepage": "https://github.com/ArcBlock/blocklet-server#readme",
|
|
@@ -32,10 +32,10 @@
|
|
|
32
32
|
"url": "https://github.com/ArcBlock/blocklet-server/issues"
|
|
33
33
|
},
|
|
34
34
|
"dependencies": {
|
|
35
|
-
"@abtnode/constant": "1.16.38-beta-
|
|
36
|
-
"@abtnode/logger": "1.16.38-beta-
|
|
37
|
-
"@abtnode/router-templates": "1.16.38-beta-
|
|
38
|
-
"@abtnode/util": "1.16.38-beta-
|
|
35
|
+
"@abtnode/constant": "1.16.38-beta-20250206-084543-4d7b4331",
|
|
36
|
+
"@abtnode/logger": "1.16.38-beta-20250206-084543-4d7b4331",
|
|
37
|
+
"@abtnode/router-templates": "1.16.38-beta-20250206-084543-4d7b4331",
|
|
38
|
+
"@abtnode/util": "1.16.38-beta-20250206-084543-4d7b4331",
|
|
39
39
|
"@arcblock/http-proxy": "^1.19.1",
|
|
40
40
|
"@arcblock/is-valid-domain": "^1.0.5",
|
|
41
41
|
"axios": "^1.7.9",
|
|
@@ -60,5 +60,5 @@
|
|
|
60
60
|
"bluebird": "^3.7.2",
|
|
61
61
|
"fs-extra": "^11.2.0"
|
|
62
62
|
},
|
|
63
|
-
"gitHead": "
|
|
63
|
+
"gitHead": "933b2c2856240f2d78b3a392f8a3b4e8584860f0"
|
|
64
64
|
}
|