From f5450e37bedec18de73552a9d2db5dc5cac76005 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Thu, 10 Aug 2023 10:30:50 +0800 Subject: [PATCH] =?UTF-8?q?WAF=E7=AD=96=E7=95=A5=E5=8F=AF=E4=BB=A5?= =?UTF-8?q?=E8=87=AA=E5=AE=9A=E4=B9=89=E9=BB=98=E8=AE=A4=E7=9A=84=E5=8C=BA?= =?UTF-8?q?=E5=9F=9F/=E7=9C=81=E4=BB=BD=E5=B0=81=E7=A6=81=E6=8F=90?= =?UTF-8?q?=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/db/models/http_firewall_policy_dao.go | 8 +++++++- internal/db/models/http_firewall_policy_model.go | 6 ++++++ internal/rpc/services/service_http_firewall_policy.go | 2 +- internal/setup/sql.json | 10 +++++++++- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/internal/db/models/http_firewall_policy_dao.go b/internal/db/models/http_firewall_policy_dao.go index 54c0f025..c8314683 100644 --- a/internal/db/models/http_firewall_policy_dao.go +++ b/internal/db/models/http_firewall_policy_dao.go @@ -293,7 +293,9 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, useLocalFirewall bool, synFloodConfig *firewallconfigs.SYNFloodConfig, logConfig *firewallconfigs.HTTPFirewallPolicyLogConfig, - maxRequestBodySize int64) error { + maxRequestBodySize int64, + denyCountryHTML string, + denyProvinceHTML string) error { if policyId <= 0 { return errors.New("invalid policyId") } @@ -342,6 +344,8 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, op.UseLocalFirewall = useLocalFirewall op.MaxRequestBodySize = maxRequestBodySize + op.DenyCountryHTML = denyCountryHTML + op.DenyProvinceHTML = denyProvinceHTML err := this.Save(tx, op) if err != nil { @@ -420,6 +424,8 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in config.Description = policy.Description config.UseLocalFirewall = policy.UseLocalFirewall == 1 config.MaxRequestBodySize = int64(policy.MaxRequestBodySize) + config.DenyCountryHTML = policy.DenyCountryHTML + config.DenyProvinceHTML = policy.DenyProvinceHTML if len(policy.Mode) == 0 { policy.Mode = firewallconfigs.FirewallModeDefend diff --git a/internal/db/models/http_firewall_policy_model.go b/internal/db/models/http_firewall_policy_model.go index 1dcb2ff3..f380c0cd 100644 --- a/internal/db/models/http_firewall_policy_model.go +++ b/internal/db/models/http_firewall_policy_model.go @@ -23,6 +23,8 @@ const ( HTTPFirewallPolicyField_SynFlood dbs.FieldName = "synFlood" // SynFlood防御设置 HTTPFirewallPolicyField_Log dbs.FieldName = "log" // 日志配置 HTTPFirewallPolicyField_MaxRequestBodySize dbs.FieldName = "maxRequestBodySize" // 可以检查的最大请求内容尺寸 + HTTPFirewallPolicyField_DenyCountryHTML dbs.FieldName = "denyCountryHTML" // 区域封禁提示 + HTTPFirewallPolicyField_DenyProvinceHTML dbs.FieldName = "denyProvinceHTML" // 省份封禁提示 ) // HTTPFirewallPolicy HTTP防火墙 @@ -47,6 +49,8 @@ type HTTPFirewallPolicy struct { SynFlood dbs.JSON `field:"synFlood"` // SynFlood防御设置 Log dbs.JSON `field:"log"` // 日志配置 MaxRequestBodySize uint32 `field:"maxRequestBodySize"` // 可以检查的最大请求内容尺寸 + DenyCountryHTML string `field:"denyCountryHTML"` // 区域封禁提示 + DenyProvinceHTML string `field:"denyProvinceHTML"` // 省份封禁提示 } type HTTPFirewallPolicyOperator struct { @@ -70,6 +74,8 @@ type HTTPFirewallPolicyOperator struct { SynFlood any // SynFlood防御设置 Log any // 日志配置 MaxRequestBodySize any // 可以检查的最大请求内容尺寸 + DenyCountryHTML any // 区域封禁提示 + DenyProvinceHTML any // 省份封禁提示 } func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator { diff --git a/internal/rpc/services/service_http_firewall_policy.go b/internal/rpc/services/service_http_firewall_policy.go index 21b82dee..d3362fd0 100644 --- a/internal/rpc/services/service_http_firewall_policy.go +++ b/internal/rpc/services/service_http_firewall_policy.go @@ -305,7 +305,7 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont req.MaxRequestBodySize = 0 } - err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.CaptchaOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig, req.MaxRequestBodySize) + err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.CaptchaOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig, logConfig, req.MaxRequestBodySize, req.DenyCountryHTML, req.DenyProvinceHTML) if err != nil { return nil, err } diff --git a/internal/setup/sql.json b/internal/setup/sql.json index 5c15de27..cbb1cd26 100644 --- a/internal/setup/sql.json +++ b/internal/setup/sql.json @@ -91706,7 +91706,7 @@ "name": "edgeHTTPFirewallPolicies", "engine": "InnoDB", "charset": "utf8mb4_general_ci", - "definition": "CREATE TABLE `edgeHTTPFirewallPolicies` (\n `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n `templateId` int(11) unsigned DEFAULT '0' COMMENT '模版ID',\n `adminId` int(11) unsigned DEFAULT '0' COMMENT '管理员ID',\n `userId` int(11) unsigned DEFAULT '0' COMMENT '用户ID',\n `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n `groupId` int(11) unsigned DEFAULT '0' COMMENT '服务分组ID',\n `state` tinyint(1) unsigned DEFAULT '1' COMMENT '状态',\n `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n `isOn` tinyint(1) unsigned DEFAULT '1' COMMENT '是否启用',\n `name` varchar(255) DEFAULT NULL COMMENT '名称',\n `description` varchar(1024) DEFAULT NULL COMMENT '描述',\n `inbound` json DEFAULT NULL COMMENT '入站规则',\n `outbound` json DEFAULT NULL COMMENT '出站规则',\n `blockOptions` json DEFAULT NULL COMMENT 'BLOCK选项',\n `captchaOptions` json DEFAULT NULL COMMENT '验证码选项',\n `mode` varchar(32) DEFAULT 'defend' COMMENT '模式',\n `useLocalFirewall` tinyint(1) unsigned DEFAULT '1' COMMENT '是否自动使用本地防火墙',\n `synFlood` json DEFAULT NULL COMMENT 'SynFlood防御设置',\n `log` json DEFAULT NULL COMMENT '日志配置',\n `maxRequestBodySize` int(11) unsigned DEFAULT '0' COMMENT '可以检查的最大请求内容尺寸',\n PRIMARY KEY (`id`),\n KEY `userId` (`userId`),\n KEY `serverId` (`serverId`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='HTTP防火墙'", + "definition": "CREATE TABLE `edgeHTTPFirewallPolicies` (\n `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',\n `templateId` int(11) unsigned DEFAULT '0' COMMENT '模版ID',\n `adminId` int(11) unsigned DEFAULT '0' COMMENT '管理员ID',\n `userId` int(11) unsigned DEFAULT '0' COMMENT '用户ID',\n `serverId` int(11) unsigned DEFAULT '0' COMMENT '服务ID',\n `groupId` int(11) unsigned DEFAULT '0' COMMENT '服务分组ID',\n `state` tinyint(1) unsigned DEFAULT '1' COMMENT '状态',\n `createdAt` bigint(11) unsigned DEFAULT '0' COMMENT '创建时间',\n `isOn` tinyint(1) unsigned DEFAULT '1' COMMENT '是否启用',\n `name` varchar(255) DEFAULT NULL COMMENT '名称',\n `description` varchar(1024) DEFAULT NULL COMMENT '描述',\n `inbound` json DEFAULT NULL COMMENT '入站规则',\n `outbound` json DEFAULT NULL COMMENT '出站规则',\n `blockOptions` json DEFAULT NULL COMMENT 'BLOCK选项',\n `captchaOptions` json DEFAULT NULL COMMENT '验证码选项',\n `mode` varchar(32) DEFAULT 'defend' COMMENT '模式',\n `useLocalFirewall` tinyint(1) unsigned DEFAULT '1' COMMENT '是否自动使用本地防火墙',\n `synFlood` json DEFAULT NULL COMMENT 'SynFlood防御设置',\n `log` json DEFAULT NULL COMMENT '日志配置',\n `maxRequestBodySize` int(11) unsigned DEFAULT '0' COMMENT '可以检查的最大请求内容尺寸',\n `denyCountryHTML` text COMMENT '区域封禁提示',\n `denyProvinceHTML` varchar(255) DEFAULT NULL COMMENT '省份封禁提示',\n PRIMARY KEY (`id`),\n KEY `userId` (`userId`),\n KEY `serverId` (`serverId`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='HTTP防火墙'", "fields": [ { "name": "id", @@ -91787,6 +91787,14 @@ { "name": "maxRequestBodySize", "definition": "int(11) unsigned DEFAULT '0' COMMENT '可以检查的最大请求内容尺寸'" + }, + { + "name": "denyCountryHTML", + "definition": "text COMMENT '区域封禁提示'" + }, + { + "name": "denyProvinceHTML", + "definition": "varchar(255) COMMENT '省份封禁提示'" } ], "indexes": [