WAF策略增加显示页面动作默认设置

2025-11-04 07:50:25 +08:00 · 2024-01-20 16:19:11 +08:00
parent b8a56d913b
commit 8253321cbc
4 changed files with 40 additions and 10 deletions
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -149,6 +149,14 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 		}
 		op.BlockOptions = blockOptionsJSON

+		// page options
+		var pageOptions = firewallconfigs.DefaultHTTPFirewallPageAction()
+		pageOptionsJSON, err := json.Marshal(pageOptions)
+		if err != nil {
+			return 0, err
+		}
+		op.PageOptions = pageOptionsJSON
+
 		// captcha options
 		var captchaOptions = firewallconfigs.DefaultHTTPFirewallCaptchaAction()
 		captchaOptionsJSON, err := json.Marshal(captchaOptions)
@@ -313,6 +321,7 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	inboundJSON []byte,
 	outboundJSON []byte,
 	blockOptionsJSON []byte,
+	pageOptionsJSON []byte,
 	captchaOptionsJSON []byte,
 	mode firewallconfigs.FirewallMode,
 	useLocalFirewall bool,
@@ -343,6 +352,9 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx,
 	if IsNotNull(blockOptionsJSON) {
 		op.BlockOptions = blockOptionsJSON
 	}
+	if IsNotNull(pageOptionsJSON) {
+		op.PageOptions = pageOptionsJSON
+	}
 	if IsNotNull(captchaOptionsJSON) {
 		op.CaptchaOptions = captchaOptionsJSON
 	}
@@ -524,6 +536,16 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 		config.BlockOptions = blockAction
 	}

+	// Page动作配置
+	if IsNotNull(policy.PageOptions) {
+		var pageAction = firewallconfigs.DefaultHTTPFirewallPageAction()
+		err = json.Unmarshal(policy.PageOptions, pageAction)
+		if err != nil {
+			return config, err
+		}
+		config.PageOptions = pageAction
+	}
+
 	// Captcha动作配置
 	if IsNotNull(policy.CaptchaOptions) {
 		var captchaAction = &firewallconfigs.HTTPFirewallCaptchaAction{}
--- a/internal/db/models/http_firewall_policy_model.go
+++ b/internal/db/models/http_firewall_policy_model.go
@@ -16,8 +16,9 @@ const (
 	HTTPFirewallPolicyField_Description        dbs.FieldName = "description"        // 描述
 	HTTPFirewallPolicyField_Inbound            dbs.FieldName = "inbound"            // 入站规则
 	HTTPFirewallPolicyField_Outbound           dbs.FieldName = "outbound"           // 出站规则
-	HTTPFirewallPolicyField_BlockOptions       dbs.FieldName = "blockOptions"       // BLOCK选项
-	HTTPFirewallPolicyField_CaptchaOptions     dbs.FieldName = "captchaOptions"     // 验证码选项
+	HTTPFirewallPolicyField_BlockOptions       dbs.FieldName = "blockOptions"       // BLOCK动作选项
+	HTTPFirewallPolicyField_PageOptions        dbs.FieldName = "pageOptions"        // PAGE动作选项
+	HTTPFirewallPolicyField_CaptchaOptions     dbs.FieldName = "captchaOptions"     // 验证码动作选项
 	HTTPFirewallPolicyField_Mode               dbs.FieldName = "mode"               // 模式
 	HTTPFirewallPolicyField_UseLocalFirewall   dbs.FieldName = "useLocalFirewall"   // 是否自动使用本地防火墙
 	HTTPFirewallPolicyField_SynFlood           dbs.FieldName = "synFlood"           // SynFlood防御设置
@@ -42,8 +43,9 @@ type HTTPFirewallPolicy struct {
 	Description        string   `field:"description"`        // 描述
 	Inbound            dbs.JSON `field:"inbound"`            // 入站规则
 	Outbound           dbs.JSON `field:"outbound"`           // 出站规则
-	BlockOptions       dbs.JSON `field:"blockOptions"`       // BLOCK选项
-	CaptchaOptions     dbs.JSON `field:"captchaOptions"`     // 验证码选项
+	BlockOptions       dbs.JSON `field:"blockOptions"`       // BLOCK动作选项
+	PageOptions        dbs.JSON `field:"pageOptions"`        // PAGE动作选项
+	CaptchaOptions     dbs.JSON `field:"captchaOptions"`     // 验证码动作选项
 	Mode               string   `field:"mode"`               // 模式
 	UseLocalFirewall   uint8    `field:"useLocalFirewall"`   // 是否自动使用本地防火墙
 	SynFlood           dbs.JSON `field:"synFlood"`           // SynFlood防御设置
@@ -67,8 +69,9 @@ type HTTPFirewallPolicyOperator struct {
 	Description        any // 描述
 	Inbound            any // 入站规则
 	Outbound           any // 出站规则
-	BlockOptions       any // BLOCK选项
-	CaptchaOptions     any // 验证码选项
+	BlockOptions       any // BLOCK动作选项
+	PageOptions        any // PAGE动作选项
+	CaptchaOptions     any // 验证码动作选项
 	Mode               any // 模式
 	UseLocalFirewall   any // 是否自动使用本地防火墙
 	SynFlood           any // SynFlood防御设置
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -305,7 +305,7 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 		req.MaxRequestBodySize = 0
 	}

-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.CaptchaOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig, req.MaxRequestBodySize, req.DenyCountryHTML, req.DenyProvinceHTML)
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.PageOptionsJSON, req.CaptchaOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig, req.MaxRequestBodySize, req.DenyCountryHTML, req.DenyProvinceHTML)
 	if err != nil {
 		return nil, err
 	}
@@ -500,6 +500,7 @@ func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicy(ctx context
 			Mode:               policy.Mode,
 			SynFloodJSON:       policy.SynFlood,
 			BlockOptionsJSON:   policy.BlockOptions,
+			PageOptionsJSON:    policy.PageOptions,
 			CaptchaOptionsJSON: policy.CaptchaOptions,
 		},
 	}, nil
--- a/internal/setup/sql.json
+++ b/internal/setup/sql.json
@@ -102722,7 +102722,7 @@
      "name": "edgeHTTPFirewallPolicies",
      "engine": "InnoDB",
      "charset": "utf8mb4_general_ci",
-      "definition": "CREATE TABLE `edgeHTTPFirewallPolicies` (\n  `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `templateId` int(11) unsigned DEFAULT '0' COMMENT '模版ID',\n  `adminId` int(11) unsigned DEFAULT '0' COMMENT '管理员ID',\n  `userId` int(11) unsigned DEFAULT '0' COMMENT '用户ID',\n  `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n  `groupId` int(11) unsigned DEFAULT '0' COMMENT '服务分组ID',\n  `state` tinyint(1) unsigned DEFAULT '1' COMMENT '状态',\n  `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n  `isOn` tinyint(1) unsigned DEFAULT '1' COMMENT '是否启用',\n  `name` varchar(255) DEFAULT NULL COMMENT '名称',\n  `description` varchar(1024) DEFAULT NULL COMMENT '描述',\n  `inbound` json DEFAULT NULL COMMENT '入站规则',\n  `outbound` json DEFAULT NULL COMMENT '出站规则',\n  `blockOptions` json DEFAULT NULL COMMENT 'BLOCK选项',\n  `captchaOptions` json DEFAULT NULL COMMENT '验证码选项',\n  `mode` varchar(32) DEFAULT 'defend' COMMENT '模式',\n  `useLocalFirewall` tinyint(1) unsigned DEFAULT '1' COMMENT '是否自动使用本地防火墙',\n  `synFlood` json DEFAULT NULL COMMENT 'SynFlood防御设置',\n  `log` json DEFAULT NULL COMMENT '日志配置',\n  `maxRequestBodySize` int(11) unsigned DEFAULT '0' COMMENT '可以检查的最大请求内容尺寸',\n  `denyCountryHTML` text COMMENT '区域封禁提示',\n  `denyProvinceHTML` text COMMENT '省份封禁提示',\n  PRIMARY KEY (`id`),\n  KEY `userId` (`userId`),\n  KEY `serverId` (`serverId`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='HTTP防火墙'",
+      "definition": "CREATE TABLE `edgeHTTPFirewallPolicies` (\n  `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n  `templateId` int(11) unsigned DEFAULT '0' COMMENT '模版ID',\n  `adminId` int(11) unsigned DEFAULT '0' COMMENT '管理员ID',\n  `userId` int(11) unsigned DEFAULT '0' COMMENT '用户ID',\n  `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n  `groupId` int(11) unsigned DEFAULT '0' COMMENT '服务分组ID',\n  `state` tinyint(1) unsigned DEFAULT '1' COMMENT '状态',\n  `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n  `isOn` tinyint(1) unsigned DEFAULT '1' COMMENT '是否启用',\n  `name` varchar(255) DEFAULT NULL COMMENT '名称',\n  `description` varchar(1024) DEFAULT NULL COMMENT '描述',\n  `inbound` json DEFAULT NULL COMMENT '入站规则',\n  `outbound` json DEFAULT NULL COMMENT '出站规则',\n  `blockOptions` json DEFAULT NULL COMMENT 'BLOCK动作选项',\n  `pageOptions` json DEFAULT NULL COMMENT 'PAGE动作选项',\n  `captchaOptions` json DEFAULT NULL COMMENT '验证码动作选项',\n  `mode` varchar(32) DEFAULT 'defend' COMMENT '模式',\n  `useLocalFirewall` tinyint(1) unsigned DEFAULT '1' COMMENT '是否自动使用本地防火墙',\n  `synFlood` json DEFAULT NULL COMMENT 'SynFlood防御设置',\n  `log` json DEFAULT NULL COMMENT '日志配置',\n  `maxRequestBodySize` int(11) unsigned DEFAULT '0' COMMENT '可以检查的最大请求内容尺寸',\n  `denyCountryHTML` text COMMENT '区域封禁提示',\n  `denyProvinceHTML` text COMMENT '省份封禁提示',\n  PRIMARY KEY (`id`),\n  KEY `userId` (`userId`),\n  KEY `serverId` (`serverId`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='HTTP防火墙'",
      "fields": [
        {
          "name": "id",
@@ -102778,11 +102778,15 @@
        },
        {
          "name": "blockOptions",
-          "definition": "json COMMENT 'BLOCK选项'"
+          "definition": "json COMMENT 'BLOCK动作选项'"
+        },
+        {
+          "name": "pageOptions",
+          "definition": "json COMMENT 'PAGE动作选项'"
        },
        {
          "name": "captchaOptions",
-          "definition": "json COMMENT '验证码选项'"
+          "definition": "json COMMENT '验证码动作选项'"
        },
        {
          "name": "mode",