Update lua plugin examples

example/plugins/lua-api/connect_geoip.lua

@@ -14,17 +14,23 @@
 --  See the License for the specific language governing permissions and
 --  limitations under the License.
 
-
 -- This example depends on "luajit-geoip".
--- It illustrates how to connect to GeoIP and use it to look up country of an IP address.
+-- It illustrates how to connect to GeoIP and uses it to look up country of an IP address.
 -- It can be used in plugin.config with the lua plugin.
 
 -- Setup Instructions
--- 1) install GeoIP - 1.6.12
--- 2) install GeoIP legacy country database - https://dev.maxmind.com/geoip/legacy/install/country/
--- 3) install luajit-geoip (https://github.com/leafo/luajit-geoip)
---    or just copy geoip/init.lua from the repo to /usr/local/share/lua/5.1/geoip/init.lua
--- 4) You may need to make change so luajit-geoip does ffi.load() on /usr/local/lib/libGeoIP.so
+-- 1. install legacy GeoIP library 1.6.12 (https://github.com/maxmind/geoip-api-c)
+--   a. wget https://github.com/maxmind/geoip-api-c/releases/download/v1.6.12/GeoIP-1.6.12.tar.gz
+--   b. tar zxvf GeoIP-1.6.12.tar.gz
+--   c. cd GeoIP-1.6.12
+--   d. ./configure; make; make install
+-- 2. Find and install GeoIP legacy country database to /usr/local/share/GeoIP/GeoIP.dat
+-- 3. install luajit-geoip v2.1.0 (https://github.com/leafo/luajit-geoip)
+--   a. wget https://github.com/leafo/luajit-geoip/archive/refs/tags/v2.1.0.tar.gz
+--   b. tar zxvf v2.1.0.tar.gz
+--   c. mkdir -p /usr/local/share/lua/5.1/geoip
+--   d. cp luajit-geoip-2.1.0/geoip.lua /usr/local/share/lua/5.1/geoip.lua
+--   e. cp luajit-geoip-2.1.0/geoip/*.lua /usr/local/share/lua/5.1/geoip/
 
 ts.add_package_path('/usr/local/share/lua/5.1/?.lua')
 

example/plugins/lua-api/connect_maxmind.lua

@@ -0,0 +1,45 @@
+--  Licensed to the Apache Software Foundation (ASF) under one
+--  or more contributor license agreements.  See the NOTICE file
+--  distributed with this work for additional information
+--  regarding copyright ownership.  The ASF licenses this file
+--  to you under the Apache License, Version 2.0 (the
+--  "License"); you may not use this file except in compliance
+--  with the License.  You may obtain a copy of the License at
+--
+--  http://www.apache.org/licenses/LICENSE-2.0
+--
+--  Unless required by applicable law or agreed to in writing, software
+--  distributed under the License is distributed on an "AS IS" BASIS,
+--  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+--  See the License for the specific language governing permissions and
+--  limitations under the License.
+
+-- This example depends on "libmaxminddb".
+-- It illustrates how to connect to MaxMind DB and uses it to look up country of an IP address.
+-- It can be used in plugin.config with the lua plugin.
+
+-- Setup Instructions
+-- 1. install libmaxminddb 1.6.0 (https://github.com/maxmind/libmaxminddb)
+--   a. wget https://github.com/maxmind/libmaxminddb/releases/download/1.6.0/libmaxminddb-1.6.0.tar.gz
+--   b. tar zxvf libmaxminddb-1.6.0.tar.gz
+--   c. cd libmaxminddb-1.6.0
+--   d. ./configure; make; make install
+-- 2) Get GeoLite2 country database from https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and put it in /usr/share/GeoIP/GeoLite2-Country.mmdb
+-- 3. install luajit-geoip v2.1.0 (https://github.com/leafo/luajit-geoip)
+--   a. wget https://github.com/leafo/luajit-geoip/archive/refs/tags/v2.1.0.tar.gz
+--   b. tar zxvf v2.1.0.tar.gz
+--   c. mkdir -p /usr/local/share/lua/5.1/geoip
+--   d. cp luajit-geoip-2.1.0/geoip.lua /usr/local/share/lua/5.1/geoip.lua
+--   e. cp luajit-geoip-2.1.0/geoip/*.lua /usr/local/share/lua/5.1/geoip/
+
+ts.add_package_path('/usr/local/share/lua/5.1/?.lua')
+
+local geoip = require 'geoip.mmdb'
+
+function do_global_send_response()
+  local mmdb = geoip.load_database("/usr/share/GeoIP/GeoLite2-Country.mmdb")
+
+  local result = mmdb:lookup("8.8.8.8")
+
+  ts.client_response.header['X-Maxmind-Info'] = result.country.iso_code
+end

example/plugins/lua-api/connect_redis.lua

@@ -19,18 +19,39 @@
 -- It illustrates how to connect to redis and retrieve a key value.
 -- It can be used in plugin.config with the lua plugin.
 
--- unix domain socket has better performance and so we should set up local redis to use that
--- Note the sock must be readable/writable by nobody since ATS runs as that user
--- Sample instructions for setting up redis 2.8.4 and putting a key in
--- 1. edit /etc/redis/redis.conf to set "port 0", "unixsocket /var/run/redis/redis.sock" and "unixsocketperm 755"
+-- Compile luasocket with luajit library and installation:
+-- 1. wget https://github.com/diegonehab/luasocket/archive/v3.0-rc1.tar.gz
+-- 2. tar zxf v3.0-rc1.tar.gz
+-- 3. cd luasocket-3.0-rc1
+-- 4. sed -i "s/LDFLAGS_linux=-O -shared -fpic -o/LDFLAGS_linux=-O -shared -fpic -L\/usr\/lib -lluajit-5.1 -o/" src/makefile
+-- 5. ln -sf /usr/lib/libluajit-5.1.so.2.1.0 /usr/lib/libluajit-5.1.so
+-- 6. mkdir -p /usr/include/lua
+-- 7. ln -sf /usr/include/luajit-2.1 /usr/include/lua/5.1
+-- 8. make
+-- 9. make install-unix
+
+-- redis-lua installation:
+-- 1. wget https://github.com/nrk/redis-lua/archive/v2.0.4.tar.gz
+-- 2. tar zxf v2.0.4.tar.gz
+-- 3. mkdir -p /usr/local/share/lua/5.1
+-- 4. cp redis-lua-2.0.4/src/redis.lua /usr/local/share/lua/5.1/redis.lua
+
+-- Redis setup instructions:
+-- Unix domain socket has better performance and so we should set up local redis to use that.
+-- Note the sock must be readable/writable by nobody since ATS runs as that user.
+-- Sample instructions for setting up redis and putting a key in
+-- 1. edit /etc/redis/redis.conf (or copy from redis configuration file). Make the following changes
+--   a. "port 0"
+--   b. "unixsocket /var/run/redis/redis.sock"
+--   c. "unixsocketperm 755"
 -- 2. sudo chown nobody /var/run/redis
 -- 3. sudo chgrp nogroup /var/run/redis
 -- 4. sudo chown nobody /var/log/redis
 -- 5. sudo chgrp nogroup /var/log/redis
 -- 6. sudo -u nobody redis-server /etc/redis/redis.conf
 -- 7. sudo -u nobody redis-cli -s /var/run/redis/redis.sock set mykey helloworld
 
-ts.add_package_cpath("/usr/local/lib/lua/5.1/socket/?.so;/usr/local/lib/lua/5.1/mime/?.so")
+ts.add_package_cpath("/usr/local/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/socket/?.so;/usr/local/lib/lua/5.1/mime/?.so")
 ts.add_package_path("/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/socket/?.lua")
 
 local redis = require "redis"

example/plugins/lua-api/modsecurity/README.md

@@ -3,10 +3,10 @@ Integrating ATS with ModSecurity V3 using LuaJIT and FFI
 
 Opensource WAF for [Apache Traffic Server](http://trafficserver.apache.org/).
 
-Requirement
+Tested with the following
 ====
- - ModSecurity v3.0.4
- - ATS 8.0.8
+ - ModSecurity v3.0.6
+ - ATS 9.1.1
 
 How to Use
 ====
@@ -63,7 +63,7 @@ SecDebugLogLevel 9
 TODOs/Limitations
 ====
  - No support for `REQUEST_BODY` examination (We need to buffer the request body for examination first before we send to origin.)
- - No support for `RESPONSE BODY` examination (We need to uncompress the contents first if they are gzipped. And that will be expensive operation for proxy)
+ - No support for `RESPONSE_BODY` examination (We need to uncompress the contents first if they are gzipped. And that will be expensive operation for proxy). See https://github.com/SpiderLabs/ModSecurity/issues/2494 for reference
  - How does this work with the lua engine inside ModSecurity V3?
  - Unit Test using busted framework
  - More functional testing needed

example/plugins/lua-api/modsecurity/example.conf

@@ -23,6 +23,6 @@ SecDebugLog /tmp/debug.log
 SecDebugLogLevel 9
 
 SecRule ARGS:testparam "@contains test2" "id:1234,deny,status:403"
-SecRule ARGS:testparam "@contains test1" "id:1235,redirect:https://www.yahoo.com/"
+SecRule ARGS:testparam "@contains test1" "id:1235,status:301,redirect:https://www.yahoo.com/"
 SecRule RESPONSE_HEADERS:test "@contains 1" "id:1236,phase:3,deny,status:403"
-SecRule RESPONSE_HEADERS:test "@contains 2" "id:1237,phase:3,redirect:https://www.yahoo.com/"
+SecRule RESPONSE_HEADERS:test "@contains 2" "id:1237,phase:3,status:301,redirect:https://www.yahoo.com/"