Yasushi/nginx-struts2-paramreject.conf

## nginx-struts2-paramreject.conf
worker_processes  1;
error_log /home/yasushi/src/nginx/error_log;
daemon off;


events {
    worker_connections  1024;
}

http {
    default_type  application/octet-stream;
    sendfile        on;
    access_log /home/yasushi/src/nginx/access_log;


    server {
        listen          8888;

        index           index.html;
        root            /home/yasushi/root/nginx/html;

        charset utf-8;

        location / {
                access_by_lua '
                        ngx.req.read_body()
                        local args, err = ngx.req.get_post_args()
                        if not args then
                               return
                        end
                        local pats = {"^class%..*$", "^dojo%..*$", "^struts%..*$", "^session%..*$", "^request%..*$", "^application%..*$", "^servletRequest%..*$", "^servletResponse%..*$", "^parameters%..*$", "^action:.*$", "^method:.*$"}
                        for key, val in pairs(args) do
                            for i,pat in pairs(pats) do
                                if string.match(key,pat) then
                                    ngx.log(ngx.ERR,"rejected ",pat," ",ngx.req.get_body_data())
                                    ngx.exit(ngx.HTTP_NOT_ALLOWED)
                                end
                            end
                        end
                ';
        }
    }
}
	worker_processes 1;
	error_log /home/yasushi/src/nginx/error_log;
	daemon off;


	events {
	worker_connections 1024;
	}

	http {
	default_type application/octet-stream;
	sendfile on;
	access_log /home/yasushi/src/nginx/access_log;


	server {
	listen 8888;

	index index.html;
	root /home/yasushi/root/nginx/html;

	charset utf-8;

	location / {
	access_by_lua '
	ngx.req.read_body()
	local args, err = ngx.req.get_post_args()
	if not args then
	return
	end
	local pats = {"^class%..$", "^dojo%..$", "^struts%..$", "^session%..$", "^request%..$", "^application%..$", "^servletRequest%..$", "^servletResponse%..$", "^parameters%..$", "^action:.$", "^method:.*$"}
	for key, val in pairs(args) do
	for i,pat in pairs(pats) do
	if string.match(key,pat) then
	ngx.log(ngx.ERR,"rejected ",pat," ",ngx.req.get_body_data())
	ngx.exit(ngx.HTTP_NOT_ALLOWED)
	end
	end
	end
	';
	}
	}
	}