[waf]可以配置阻止动作的状态码和提示内容

internal/web/actions/default/servers/components/waf/policy.go

@@ -52,6 +52,7 @@ func (this *PolicyAction) RunGet(params struct {
 		"isOn":         firewallPolicy.IsOn,
 		"description":  firewallPolicy.Description,
 		"groups":       internalGroups,
+		"blockOptions": firewallPolicy.BlockOptions,
 	}
 
 	// 正在使用此策略的服务

internal/web/actions/default/servers/components/waf/update.go

@@ -8,6 +8,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"net/http"
 )
 
 type UpdateAction struct {
@@ -30,11 +31,21 @@ func (this *UpdateAction) RunGet(params struct {
 		this.NotFound("firewallPolicy", params.FirewallPolicyId)
 		return
 	}
+
+	if firewallPolicy.BlockOptions == nil {
+		firewallPolicy.BlockOptions = &firewallconfigs.HTTPFirewallBlockAction{
+			StatusCode: http.StatusForbidden,
+			Body:       "Blocked By WAF",
+			URL:        "",
+		}
+	}
+
 	this.Data["firewallPolicy"] = maps.Map{
 		"id":           firewallPolicy.Id,
 		"name":         firewallPolicy.Name,
 		"description":  firewallPolicy.Description,
 		"isOn":         firewallPolicy.IsOn,
+		"blockOptions": firewallPolicy.BlockOptions,
 	}
 
 	// 预置分组
@@ -63,6 +74,7 @@ func (this *UpdateAction) RunPost(params struct {
 	FirewallPolicyId int64
 	Name             string
 	GroupCodes       []string
+	BlockOptionsJSON []byte
 	Description      string
 	IsOn             bool
 
@@ -81,6 +93,7 @@ func (this *UpdateAction) RunPost(params struct {
 		Name:               params.Name,
 		Description:        params.Description,
 		FirewallGroupCodes: params.GroupCodes,
+		BlockOptionsJSON:   params.BlockOptionsJSON,
 	})
 	if err != nil {
 		this.ErrorPage(err)

web/public/js/components/server/http-firewall-block-options.js

@@ -0,0 +1,37 @@
+Vue.component("http-firewall-block-options", {
+	props: ["v-block-options"],
+	data: function () {
+		return {
+			blockOptions: this.vBlockOptions,
+			statusCode: this.vBlockOptions.statusCode
+		}
+	},
+	watch: {
+		statusCode: function (v) {
+			let statusCode = parseInt(v)
+			if (isNaN(statusCode)) {
+				this.blockOptions.statusCode = 403
+			} else {
+				this.blockOptions.statusCode = statusCode
+			}
+		}
+	},
+	template: `<div>
+<input type="hidden" name="blockOptionsJSON" :value="JSON.stringify(blockOptions)"/>
+	<table class="ui table">
+		<tr>
+			<td class="title">状态码</td>
+			<td>
+				<input type="text" v-model="statusCode" style="width:4.5em" maxlength="3"/>
+			</td>
+		</tr>
+		<tr>
+			<td>提示内容</td>
+			<td>
+				<textarea rows="3" v-model="blockOptions.body"></textarea>
+			</td>
+		</tr>
+	</table>
+</div>	
+`
+})

web/views/@default/servers/components/waf/group.html

@@ -41,7 +41,7 @@
 		<tbody v-for="set in sets" :data-set-id="set.id">
 		<tr>
 			<td style="text-align: center;"><i class="icon bars handle grey"></i> </td>
-			<td><span :class="{disabled:!set.isOn}">{{set.name}}</span>
+			<td nowrap=""><span :class="{disabled:!set.isOn}">{{set.name}}</span>
 				<p style="margin-top:0.5em">
 					<label-on :v-is-on="set.isOn"></label-on>
 				</p>
@@ -53,7 +53,7 @@
 				<span class="ui disabled" v-if="set.rules.length == 0">暂时还没有规则</span>
 			</td>
 			<td class="center">{{set.connector.toUpperCase()}}</td>
-			<td><span :class="{red:set.action == 'BLOCK' || set.action == 'CAPTCHA', green:set.action != 'BLOCK' && set.action != 'CAPTCHA'}">{{set.actionName}}[{{set.action.toUpperCase()}}]</span>
+			<td nowrap=""><span :class="{red:set.action == 'BLOCK' || set.action == 'CAPTCHA', green:set.action != 'BLOCK' && set.action != 'CAPTCHA'}">{{set.actionName}}[{{set.action.toUpperCase()}}]</span>
 				<div v-if="set.actionLinks != null && set.actionLinks.length > 0" style="margin-top:0.3em">
 					<span class="disabled">-&gt;</span> <span v-for="link in set.actionLinks"><a :href="link.url"><span class="disabled">[{{link.name}}]</span></a> &nbsp;</span>
 				</div>

web/views/@default/servers/components/waf/policy.html

@@ -21,6 +21,24 @@
 				<span class="ui label tiny basic" v-for="group in firewallPolicy.groups" style="margin-bottom:0.5em" :class="{disabled:!group.isOn}">{{group.name}}</span>
 			</td>
 		</tr>
+		<tr>
+			<td>阻止动作设置</td>
+			<td>
+				<span v-if="firewallPolicy.blockOptions == null" class="disabled">还没有设置。</span>
+				<div v-else>
+					<table class="ui table">
+						<tr>
+							<td class="title">状态码</td>
+							<td>{{firewallPolicy.blockOptions.statusCode}}</td>
+						</tr>
+						<tr>
+							<td>提示内容</td>
+							<td>{{firewallPolicy.blockOptions.body}}</td>
+						</tr>
+					</table>
+				</div>
+			</td>
+		</tr>
 		<tr>
 			<td>描述</td>
 			<td>

web/views/@default/servers/components/waf/update.html

@@ -24,6 +24,12 @@
 					<p class="comment">可以启用一些我们预置的规则组。</p>
 				</td>
 			</tr>
+			<tr>
+				<td>阻止动作配置</td>
+				<td>
+					<http-firewall-block-options :v-block-options="firewallPolicy.blockOptions"></http-firewall-block-options>
+				</td>
+			</tr>
 			<tr>
 				<td colspan="2"><more-options-indicator></more-options-indicator></td>
 			</tr>