[WAF]规则中增加请求Header长度限制和响应Header长度限制

2025-11-25 03:00:25 +08:00 · 2020-11-18 19:35:32 +08:00
parent 545ec75842
commit 60ba3e0a05
9 changed files with 192 additions and 66 deletions
--- a/web/public/js/components/server/http-firewall-rules-box.js
+++ b/web/public/js/components/server/http-firewall-rules-box.js
@@ -39,7 +39,7 @@ Vue.component("http-firewall-rules-box", {
 		<input type="hidden" name="rulesJSON" :value="JSON.stringify(rules)"/>
 		<div v-if="rules.length > 0">
 			<div v-for="(rule, index) in rules" class="ui label tiny" style="margin-bottom: 0.5em">
-				<span>{{rule.param}} <var>{{rule.operator}}</var> {{rule.value}}</span>
+				<span>{{rule.param}} <var v-if="rule.value.length > 0">{{rule.operator}}</var> {{rule.value}}</span>
 				<a href="" title="修改" @click.prevent="updateRule(index, rule)"><i class="icon pencil small"></i></a>
 				<a href="" title="删除" @click.prevent="removeRule(index)"><i class="icon remove"></i></a>
 			</div>
--- a/web/public/js/components/server/http-firewall-rules.js
+++ b/web/public/js/components/server/http-firewall-rules.js
@@ -0,0 +1,86 @@
+// 通用Header长度
+let defaultGeneralHeaders = ["Cache-Control", "Connection", "Date", "Pragma", "Trailer", "Transfer-Encoding", "Upgrade", "Via", "Warning"]
+Vue.component("http-cond-general-header-length", {
+	props: ["v-checkpoint"],
+	data: function () {
+		let headers = null
+		let length = null
+
+		if (window.parent.UPDATING_RULE != null) {
+			let options = window.parent.UPDATING_RULE.checkpointOptions
+			if (options.headers != null && Array.$isArray(options.headers)) {
+				headers = options.headers
+			}
+			if (options.length != null) {
+				length = options.length
+			}
+		}
+
+
+		if (headers == null) {
+			headers = defaultGeneralHeaders
+		}
+
+		if (length == null) {
+			length = 128
+		}
+
+		let that = this
+		setTimeout(function () {
+			that.change()
+		}, 100)
+
+		return {
+			headers: headers,
+			length: length
+		}
+	},
+	watch: {
+		length: function (v) {
+			let len = parseInt(v)
+			if (isNaN(len)) {
+				len = 0
+			}
+			if (len < 0) {
+				len = 0
+			}
+			this.length = len
+			this.change()
+		}
+	},
+	methods: {
+		change: function () {
+			this.vCheckpoint.options = [
+				{
+					code: "headers",
+					value: this.headers
+				},
+				{
+					code: "length",
+					value: this.length
+				}
+			]
+		}
+	},
+	template: `<div>
+	<table class="ui table">
+		<tr>
+			<td class="title">通用Header列表</td>
+			<td>
+				<values-box :values="headers" :placeholder="'Header'" @change="change"></values-box>
+				<p class="comment">需要检查的Header列表。</p>
+			</td>
+		</tr>
+		<tr>
+			<td>Header值超出长度</td>
+			<td>
+				<div class="ui input right labeled">
+					<input type="text" name="" style="width: 5em" v-model="length" maxlength="6"/>
+					<span class="ui label">字节</span>
+				</div>
+				<p class="comment">超出此长度认为匹配成功，0表示不限制。</p>
+			</td>
+		</tr>
+	</table>
+</div>`
+})
--- a/web/views/@default/servers/components/waf/createRulePopup.html
+++ b/web/views/@default/servers/components/waf/createRulePopup.html
@@ -12,7 +12,10 @@
 			<td>
 				<select name="prefix" class="ui dropdown auto-width" @change="changeCheckpoint()" v-model="rule.checkpointPrefix">
 					<option value="">[选择参数]</option>
-					<option v-for="cp in checkpoints" :value="cp.prefix">{{cp.name}} - [ {{cp.prefix}}]</option>
+					<optgroup label="特殊参数"></optgroup>
+					<option v-for="cp in checkpoints" v-if="cp.isComposed" :value="cp.prefix">{{cp.name}} - [ {{cp.prefix}}]</option>
+					<optgroup label="通用参数"></optgroup>
+					<option v-for="cp in checkpoints" v-if="!cp.isComposed" :value="cp.prefix">{{cp.name}} - [ {{cp.prefix}}]</option>
 				</select>
 				<p class="comment" v-if="checkpoint != null"><span class="ui label tiny">${<em style="font-style: normal;">{{checkpoint.prefix}}</em>}</span>{{checkpoint.description}}</p>
 			</td>
@@ -27,59 +30,71 @@
 			</td>
 		</tr>

-		<!-- 选项 -->
-		<tbody v-if="checkpoint != null && checkpoint.options != null && checkpoint.options.length > 0">
-		<tr v-for="option in checkpoint.options">
-			<td>{{option.name}}</td>
-			<td>
-				<div class="ui fields inline" v-if="option.type == 'field'">
-					<div class="ui field">
-						<input type="text" name="" :placeholder="option.placeholder" :maxlength="(option.maxLength > 0)?option.maxLength:1024" :size="option.size" v-model="option.value"/>
-					</div>
-					<div class="ui field">
-                        {{option.rightLabel}}
-					</div>
-				</div>
-				<div class="ui fields inline" v-if="option.type == 'options'">
-					<div class="ui field">
-						<select class="ui dropdown" :style="'width:' + option.size + 'em'" name="" v-model="option.value">
-							<option v-for="opt in option.options" :value="opt.value">{{opt.name}}</option>
-						</select>
-					</div>
-					<div class="ui field">
-                        {{option.rightLabel}}
-					</div>
-				</div>
-				<p class="comment" v-if="option.comment != null && option.comment.length > 0">{{option.comment}}</p>
-			</td>
-		</tr>
+		<!-- 组合规则的选项 -->
+		<tbody v-if="checkpoint != null && checkpoint.isComposed">
+			<tr>
+				<td>配置选项</td>
+				<td>
+					<http-cond-general-header-length v-if="checkpoint.prefix == 'requestGeneralHeaderLength' || checkpoint.prefix == 'responseGeneralHeaderLength'" :v-checkpoint="checkpoint"></http-cond-general-header-length>
+				</td>
+			</tr>
 		</tbody>

-		<tr>
-			<td>操作符</td>
-			<td>
-				<select class="ui dropdown" name="operator" style="width:10em" v-model="rule.operator" @change="changeOperator()">
-					<option v-for="op in operators" :value="op.code">{{op.name}}</option>
-				</select>
-				<p class="comment" v-if="operator != null" v-html="operator.description"></p>
-			</td>
-		</tr>
-		<tr v-if="operator.case != 'none'">
-			<td>开启大小写不敏感</td>
-			<td>
-				<div class="ui checkbox">
-					<input name="case" type="checkbox" value="1"  v-model="rule.isCaseInsensitive"/>
-					<label></label>
-				</div>
-				<p class="comment">开启后忽略英文字母大小写</p>
-			</td>
-		</tr>
-		<tr>
-			<td>对比值</td>
-			<td>
-				<textarea rows="3" maxlength="4096" name="value" v-model="rule.value"></textarea>
-			</td>
-		</tr>
+		<!-- 选项 -->
+		<tbody v-if="checkpoint != null && !checkpoint.isComposed && checkpoint.options != null && checkpoint.options.length > 0">
+			<tr v-for="option in checkpoint.options">
+				<td>{{option.name}}</td>
+				<td>
+					<div class="ui fields inline" v-if="option.type == 'field'">
+						<div class="ui field">
+							<input type="text" name="" :placeholder="option.placeholder" :maxlength="(option.maxLength > 0)?option.maxLength:1024" :size="option.size" v-model="option.value"/>
+						</div>
+						<div class="ui field">
+							{{option.rightLabel}}
+						</div>
+					</div>
+					<div class="ui fields inline" v-if="option.type == 'options'">
+						<div class="ui field">
+							<select class="ui dropdown" :style="'width:' + option.size + 'em'" name="" v-model="option.value">
+								<option v-for="opt in option.options" :value="opt.value">{{opt.name}}</option>
+							</select>
+						</div>
+						<div class="ui field">
+							{{option.rightLabel}}
+						</div>
+					</div>
+					<p class="comment" v-if="option.comment != null && option.comment.length > 0">{{option.comment}}</p>
+				</td>
+			</tr>
+		</tbody>
+
+		<tbody v-show="checkpoint != null && !checkpoint.isComposed">
+			<tr>
+				<td>操作符</td>
+				<td>
+					<select class="ui dropdown" name="operator" style="width:10em" v-model="rule.operator" @change="changeOperator()">
+						<option v-for="op in operators" :value="op.code">{{op.name}}</option>
+					</select>
+					<p class="comment" v-if="operator != null" v-html="operator.description"></p>
+				</td>
+			</tr>
+			<tr v-if="operator.case != 'none'">
+				<td>开启大小写不敏感</td>
+				<td>
+					<div class="ui checkbox">
+						<input name="case" type="checkbox" value="1"  v-model="rule.isCaseInsensitive"/>
+						<label></label>
+					</div>
+					<p class="comment">开启后忽略英文字母大小写</p>
+				</td>
+			</tr>
+			<tr>
+				<td>对比值</td>
+				<td>
+					<textarea rows="3" maxlength="4096" name="value" v-model="rule.value"></textarea>
+				</td>
+			</tr>
+		</tbody>
 	</table>

 	<submit-btn></submit-btn>
--- a/web/views/@default/servers/components/waf/group.html
+++ b/web/views/@default/servers/components/waf/group.html
@@ -48,7 +48,7 @@
 			</td>
 			<td class="rules-box">
 				<div v-for="rule in set.rules" style="margin-top: 0.4em;margin-bottom:0.4em">
-					<span class="ui label tiny">{{rule.name}}[{{rule.param}}] <var :class="{dash:rule.isCaseInsensitive}" :title="rule.isCaseInsensitive ? '大小写不敏感':''">{{rule.operator}}</var> {{rule.value}}</span>
+					<span class="ui label tiny">{{rule.name}}[{{rule.param}}] <var :class="{dash:rule.isCaseInsensitive}" :title="rule.isCaseInsensitive ? '大小写不敏感':''" v-if="!rule.isComposed">{{rule.operator}}</var> {{rule.value}}</span>
 				</div>
 				<span class="ui disabled" v-if="set.rules.length == 0">暂时还没有规则</span>
 			</td>
--- a/web/views/@default/servers/components/waf/policy.html
+++ b/web/views/@default/servers/components/waf/policy.html
@@ -29,4 +29,12 @@
 			</td>
 		</tr>
 	</table>
+
+	<h4>使用此策略的服务</h4>
+	<p class="comment" v-if="servers.length == 0">暂时还没有代理服务使用此策略。</p>
+	<table class="ui table selectable" v-if="servers.length > 0">
+		<tr v-for="server in servers">
+			<td>{{server.name}}<link-icon :href="'/servers/server?serverId=' + server.id"></link-icon></td>
+		</tr>
+	</table>
 </div>