gxthrj opened a new issue #5780: URL: https://github.com/apache/apisix/issues/5780
### Issue description Thinking of the recent [security vulnerabilities in Apache log4j2](http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228), We can provide such a universal plug-in for APISIX to filter out some illegal requests through some regularities, although this is not the ultimate solution to the vulnerability. The fastest solution is to use the serverless plug-in to quickly define a filtering logic. But we know that the serverless plug-in is not recommended for production use, and can only be turned on temporarily. Therefore, I propose to create a plug-in for regular matching to filter illegal requests. Everyone is welcome to participate in the design and development. Note: This plug-in is not intended as a solution to security problems, but as a general-purpose plug-in that filters out specified requests by configuring regular matching conditions. The following is a reference design, welcome to discuss. Plug-in name: reg_blocker Plug-in configuration examples, which can be continuously expanded: ```json { "block_rules": [ { "key": "$http_uri", "rules": ["(?:\$|\%24)(?:\{|\%7b)[^\w]*?j[^\w]*?n[^\w]*?d[^\w]*?i[^\w]*?(?:\:|\%3a)"] }, { "key": "$args_name", "rules": ["root.exe", "root.m+"] } ], "reject_code": 403, "message": "Illegal request" } ``` ### Environment - apisix version (cmd: `apisix version`): master - OS (cmd: `uname -a`): linux - OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): 1.19.* - etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): - apisix-dashboard version, if have: - the plugin runner version, if the issue is about a plugin runner (cmd: depended on the kind of runner): - luarocks version, if the issue is about installation (cmd: `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org