TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-04 13:10:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

[WAF]规则中增加请求Header长度限制和响应Header长度限制

Browse Source
This commit is contained in:
GoEdgeLab
2020-11-18 19:35:32 +08:00
parent 545ec75842
commit 60ba3e0a05
9 changed files with 192 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/const/const.go
View File

@@ -1,7 +1,7 @@
package teaconst
const (
Version = "0.0.1"
Version = "0.0.2"
ProductName = "Edge Admin"
ProcessName = "edge-admin"

19
internal/web/actions/default/servers/components/waf/createRulePopup.go
View File

@@ -22,15 +22,16 @@ func (this *CreateRulePopupAction) RunGet(params struct {
}) {
// check points
checkpointList := []maps.Map{}
for _, def := range firewallconfigs.AllCheckpoints {
if (params.Type == "inbound" && def.IsRequest) || (params.Type == "outbound" && !def.IsRequest) {
for _, checkpoint := range firewallconfigs.AllCheckpoints {
if (params.Type == "inbound" && checkpoint.IsRequest) || (params.Type == "outbound" && !checkpoint.IsRequest) {
checkpointList = append(checkpointList, maps.Map{
"name": def.Name,
"prefix": def.Prefix,
"description": def.Description,
"hasParams": len(def.Params) > 0,
"params": def.Params,
"options": def.Options,
"name": checkpoint.Name,
"prefix": checkpoint.Prefix,
"description": checkpoint.Description,
"hasParams": len(checkpoint.Params) > 0,
"params": checkpoint.Params,
"options": checkpoint.Options,
"isComposed": checkpoint.IsComposed,
})
}
}
@@ -89,7 +90,7 @@ func (this *CreateRulePopupAction) RunPost(params struct {
rule.CheckpointOptions = map[string]interface{}{}
for _, option := range options {
rule.CheckpointOptions[option.GetString("code")] = option.GetString("value")
rule.CheckpointOptions[option.GetString("code")] = option.Get("value")
}
}

4
internal/web/actions/default/servers/components/waf/group.go
View File

@@ -86,15 +86,15 @@ func (this *GroupAction) RunGet(params struct {
"name": set.Name,
"rules": lists.Map(set.Rules, func(k int, v interface{}) interface{} {
rule := v.(*firewallconfigs.HTTPFirewallRule)
return maps.Map{
"param": rule.Param,
"operator": rule.Operator,
"value": rule.Value,
"isCaseInsensitive": rule.IsCaseInsensitive,
"isComposed": firewallconfigs.CheckCheckpointIsComposed(rule.Prefix()),
}
}),
"isOn": set.IsOn,
"isOn": set.IsOn,
"action": strings.ToUpper(set.Action),
"actionOptions": set.ActionOptions,
"actionName": firewallconfigs.FindActionName(set.Action),

16
internal/web/actions/default/servers/components/waf/policy.go
View File

@@ -3,6 +3,7 @@ package waf
import (
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/iwind/TeaGo/maps"
)
@@ -53,5 +54,20 @@ func (this *PolicyAction) RunGet(params struct {
"groups": internalGroups,
}
// 正在使用此策略的服务
listServersResp, err := this.RPC().ServerRPC().FindAllEnabledServersWithHTTPFirewallPolicyId(this.AdminContext(), &pb.FindAllEnabledServersWithHTTPFirewallPolicyIdRequest{FirewallPolicyId: params.FirewallPolicyId})
if err != nil {
this.ErrorPage(err)
return
}
serverMaps := []maps.Map{}
for _, server := range listServersResp.Servers {
serverMaps = append(serverMaps, maps.Map{
"id": server.Id,
"name": server.Name,
})
}
this.Data["servers"] = serverMaps
this.Show()
}

2
web/public/js/components/server/http-firewall-rules-box.js
View File

@@ -39,7 +39,7 @@ Vue.component("http-firewall-rules-box", {
<input type="hidden" name="rulesJSON" :value="JSON.stringify(rules)"/>
<div v-if="rules.length > 0">
<div v-for="(rule, index) in rules" class="ui label tiny" style="margin-bottom: 0.5em">
<span>{{rule.param}} <var>{{rule.operator}}</var> {{rule.value}}</span>
<span>{{rule.param}} <var v-if="rule.value.length > 0">{{rule.operator}}</var> {{rule.value}}</span>
<a href="" title="修改" @click.prevent="updateRule(index, rule)"><i class="icon pencil small"></i></a>
<a href="" title="删除" @click.prevent="removeRule(index)"><i class="icon remove"></i></a>
</div>

86
web/public/js/components/server/http-firewall-rules.js Normal file
View File

@@ -0,0 +1,86 @@
// 通用Header长度
let defaultGeneralHeaders = ["Cache-Control", "Connection", "Date", "Pragma", "Trailer", "Transfer-Encoding", "Upgrade", "Via", "Warning"]
Vue.component("http-cond-general-header-length", {
props: ["v-checkpoint"],
data: function () {
let headers = null
let length = null
if (window.parent.UPDATING_RULE != null) {
let options = window.parent.UPDATING_RULE.checkpointOptions
if (options.headers != null && Array.$isArray(options.headers)) {
headers = options.headers
}
if (options.length != null) {
length = options.length
}
}
if (headers == null) {
headers = defaultGeneralHeaders
}
if (length == null) {
length = 128
}
let that = this
setTimeout(function () {
that.change()
}, 100)
return {
headers: headers,
length: length
}
},
watch: {
length: function (v) {
let len = parseInt(v)
if (isNaN(len)) {
len = 0
}
if (len < 0) {
len = 0
}
this.length = len
this.change()
}
},
methods: {
change: function () {
this.vCheckpoint.options = [
{
code: "headers",
value: this.headers
},
{
code: "length",
value: this.length
}
]
}
},
template: `<div>
<table class="ui table">
<tr>
<td class="title">通用Header列表</td>
<td>
<values-box :values="headers" :placeholder="'Header'" @change="change"></values-box>
<p class="comment">需要检查的Header列表。</p>
</td>
</tr>
<tr>
<td>Header值超出长度</td>
<td>
<div class="ui input right labeled">
<input type="text" name="" style="width: 5em" v-model="length" maxlength="6"/>
<span class="ui label">字节</span>
</div>
<p class="comment">超出此长度认为匹配成功0表示不限制。</p>
</td>
</tr>
</table>
</div>`
})

119
web/views/@default/servers/components/waf/createRulePopup.html
View File

@@ -12,7 +12,10 @@
<td>
<select name="prefix" class="ui dropdown auto-width" @change="changeCheckpoint()" v-model="rule.checkpointPrefix">
<option value="">[选择参数]</option>
<option v-for="cp in checkpoints" :value="cp.prefix">{{cp.name}} - [ {{cp.prefix}}]</option>
<optgroup label="特殊参数"></optgroup>
<option v-for="cp in checkpoints" v-if="cp.isComposed" :value="cp.prefix">{{cp.name}} - [ {{cp.prefix}}]</option>
<optgroup label="通用参数"></optgroup>
<option v-for="cp in checkpoints" v-if="!cp.isComposed" :value="cp.prefix">{{cp.name}} - [ {{cp.prefix}}]</option>
</select>
<p class="comment" v-if="checkpoint != null"><span class="ui label tiny">${<em style="font-style: normal;">{{checkpoint.prefix}}</em>}</span>{{checkpoint.description}}</p>
</td>
@@ -27,59 +30,71 @@
</td>
</tr>
<!-- 选项 -->
<tbody v-if="checkpoint != null && checkpoint.options != null && checkpoint.options.length > 0">
<tr v-for="option in checkpoint.options">
<td>{{option.name}}</td>
<td>
<div class="ui fields inline" v-if="option.type == 'field'">
<div class="ui field">
<input type="text" name="" :placeholder="option.placeholder" :maxlength="(option.maxLength > 0)?option.maxLength:1024" :size="option.size" v-model="option.value"/>
</div>
<div class="ui field">
{{option.rightLabel}}
</div>
</div>
<div class="ui fields inline" v-if="option.type == 'options'">
<div class="ui field">
<select class="ui dropdown" :style="'width:' + option.size + 'em'" name="" v-model="option.value">
<option v-for="opt in option.options" :value="opt.value">{{opt.name}}</option>
</select>
</div>
<div class="ui field">
{{option.rightLabel}}
</div>
</div>
<p class="comment" v-if="option.comment != null && option.comment.length > 0">{{option.comment}}</p>
</td>
</tr>
<!-- 组合规则的选项 -->
<tbody v-if="checkpoint != null && checkpoint.isComposed">
<tr>
<td>配置选项</td>
<td>
<http-cond-general-header-length v-if="checkpoint.prefix == 'requestGeneralHeaderLength' || checkpoint.prefix == 'responseGeneralHeaderLength'" :v-checkpoint="checkpoint"></http-cond-general-header-length>
</td>
</tr>
</tbody>
<tr>
<td>操作符</td>
<td>
<select class="ui dropdown" name="operator" style="width:10em" v-model="rule.operator" @change="changeOperator()">
<option v-for="op in operators" :value="op.code">{{op.name}}</option>
</select>
<p class="comment" v-if="operator != null" v-html="operator.description"></p>
</td>
</tr>
<tr v-if="operator.case != 'none'">
<td>开启大小写不敏感</td>
<td>
<div class="ui checkbox">
<input name="case" type="checkbox" value="1" v-model="rule.isCaseInsensitive"/>
<label></label>
</div>
<p class="comment">开启后忽略英文字母大小写</p>
</td>
</tr>
<tr>
<td>对比值</td>
<td>
<textarea rows="3" maxlength="4096" name="value" v-model="rule.value"></textarea>
</td>
</tr>
<!-- 选项 -->
<tbody v-if="checkpoint != null && !checkpoint.isComposed && checkpoint.options != null && checkpoint.options.length > 0">
<tr v-for="option in checkpoint.options">
<td>{{option.name}}</td>
<td>
<div class="ui fields inline" v-if="option.type == 'field'">
<div class="ui field">
<input type="text" name="" :placeholder="option.placeholder" :maxlength="(option.maxLength > 0)?option.maxLength:1024" :size="option.size" v-model="option.value"/>
</div>
<div class="ui field">
{{option.rightLabel}}
</div>
</div>
<div class="ui fields inline" v-if="option.type == 'options'">
<div class="ui field">
<select class="ui dropdown" :style="'width:' + option.size + 'em'" name="" v-model="option.value">
<option v-for="opt in option.options" :value="opt.value">{{opt.name}}</option>
</select>
</div>
<div class="ui field">
{{option.rightLabel}}
</div>
</div>
<p class="comment" v-if="option.comment != null && option.comment.length > 0">{{option.comment}}</p>
</td>
</tr>
</tbody>
<tbody v-show="checkpoint != null && !checkpoint.isComposed">
<tr>
<td>操作符</td>
<td>
<select class="ui dropdown" name="operator" style="width:10em" v-model="rule.operator" @change="changeOperator()">
<option v-for="op in operators" :value="op.code">{{op.name}}</option>
</select>
<p class="comment" v-if="operator != null" v-html="operator.description"></p>
</td>
</tr>
<tr v-if="operator.case != 'none'">
<td>开启大小写不敏感</td>
<td>
<div class="ui checkbox">
<input name="case" type="checkbox" value="1" v-model="rule.isCaseInsensitive"/>
<label></label>
</div>
<p class="comment">开启后忽略英文字母大小写</p>
</td>
</tr>
<tr>
<td>对比值</td>
<td>
<textarea rows="3" maxlength="4096" name="value" v-model="rule.value"></textarea>
</td>
</tr>
</tbody>
</table>
<submit-btn></submit-btn>

2
web/views/@default/servers/components/waf/group.html
View File

@@ -48,7 +48,7 @@
</td>
<td class="rules-box">
<div v-for="rule in set.rules" style="margin-top: 0.4em;margin-bottom:0.4em">
<span class="ui label tiny">{{rule.name}}[{{rule.param}}] <var :class="{dash:rule.isCaseInsensitive}" :title="rule.isCaseInsensitive ? '大小写不敏感':''">{{rule.operator}}</var> {{rule.value}}</span>
<span class="ui label tiny">{{rule.name}}[{{rule.param}}] <var :class="{dash:rule.isCaseInsensitive}" :title="rule.isCaseInsensitive ? '大小写不敏感':''" v-if="!rule.isComposed">{{rule.operator}}</var> {{rule.value}}</span>
</div>
<span class="ui disabled" v-if="set.rules.length == 0">暂时还没有规则</span>
</td>

8
web/views/@default/servers/components/waf/policy.html
View File

@@ -29,4 +29,12 @@
</td>
</tr>
</table>
<h4>使用此策略的服务</h4>
<p class="comment" v-if="servers.length == 0">暂时还没有代理服务使用此策略。</p>
<table class="ui table selectable" v-if="servers.length > 0">
<tr v-for="server in servers">
<td>{{server.name}}<link-icon :href="'/servers/server?serverId=' + server.id"></link-icon></td>
</tr>
</table>
</div>