WAF记录IP动作中IP名单如果为空时，默认为全局黑名单

2025-11-04 16:00:24 +08:00 · 2023-10-15 09:34:20 +08:00
parent 561aa6ff1c
commit 04eda6078b
3 changed files with 16 additions and 9 deletions
--- a/internal/db/models/http_firewall_rule_group_dao.go
+++ b/internal/db/models/http_firewall_rule_group_dao.go
@@ -104,7 +104,7 @@ func (this *HTTPFirewallRuleGroupDAO) ComposeFirewallRuleGroup(tx *dbs.Tx, group
 			return nil, err
 		}
 		for _, setRef := range setRefs {
-			setConfig, err := SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, setRef.SetId)
+			setConfig, err := SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, setRef.SetId, forNode)
 			if err != nil {
 				return nil, err
 			}
--- a/internal/db/models/http_firewall_rule_set_dao.go
+++ b/internal/db/models/http_firewall_rule_set_dao.go
@@ -84,7 +84,7 @@ func (this *HTTPFirewallRuleSetDAO) FindHTTPFirewallRuleSetName(tx *dbs.Tx, id i
 }

 // ComposeFirewallRuleSet 组合配置
-func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64) (*firewallconfigs.HTTPFirewallRuleSet, error) {
+func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int64, forNode bool) (*firewallconfigs.HTTPFirewallRuleSet, error) {
 	set, err := this.FindEnabledHTTPFirewallRuleSet(tx, setId)
 	if err != nil {
 		return nil, err
@@ -133,12 +133,19 @@ func (this *HTTPFirewallRuleSetDAO) ComposeFirewallRuleSet(tx *dbs.Tx, setId int
 		if actionConfig.Code == firewallconfigs.HTTPFirewallActionRecordIP { // 记录IP动作
 			if actionConfig.Options != nil {
 				var ipListId = actionConfig.Options.GetInt64("ipListId")
-				exists, err := SharedIPListDAO.ExistsEnabledIPList(tx, ipListId)
-				if err != nil {
-					return nil, err
-				}
-				if !exists {
-					actionConfig.Options["ipListIsDeleted"] = true
+				if ipListId <= 0 { // default list id
+					if forNode {
+						actionConfig.Options["ipListId"] = firewallconfigs.GlobalListId
+					}
+					actionConfig.Options["ipListIsDeleted"] = false
+				} else {
+					exists, err := SharedIPListDAO.ExistsEnabledIPList(tx, ipListId)
+					if err != nil {
+						return nil, err
+					}
+					if !exists {
+						actionConfig.Options["ipListIsDeleted"] = true
+					}
 				}
 			}
 		}
--- a/internal/rpc/services/service_http_firewall_rule_set.go
+++ b/internal/rpc/services/service_http_firewall_rule_set.go
@@ -86,7 +86,7 @@ func (this *HTTPFirewallRuleSetService) FindEnabledHTTPFirewallRuleSetConfig(ctx

 	var tx = this.NullTx()

-	config, err := models.SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, req.FirewallRuleSetId)
+	config, err := models.SharedHTTPFirewallRuleSetDAO.ComposeFirewallRuleSet(tx, req.FirewallRuleSetId, false)
 	if err != nil {
 		return nil, err
 	}