TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-03 20:40:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF策略增加“最多检查内容尺寸“选项

Browse Source
This commit is contained in:
GoEdgeLab
2023-08-02 16:58:45 +08:00
parent c018691899
commit ad83c052ad
6 changed files with 168 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
internal/web/actions/default/servers/components/waf/policy.go
View File

@@ -1,6 +1,7 @@
package waf
import (
"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
@@ -86,18 +87,20 @@ func (this *PolicyAction) RunGet(params struct {
}
this.Data["firewallPolicy"] = maps.Map{
"id": firewallPolicy.Id,
"name": firewallPolicy.Name,
"isOn": firewallPolicy.IsOn,
"description": firewallPolicy.Description,
"mode": firewallPolicy.Mode,
"modeInfo": firewallconfigs.FindFirewallMode(firewallPolicy.Mode),
"groups": internalGroups,
"blockOptions": firewallPolicy.BlockOptions,
"captchaOptions": firewallPolicy.CaptchaOptions,
"useLocalFirewall": firewallPolicy.UseLocalFirewall,
"synFlood": firewallPolicy.SYNFlood,
"log": firewallPolicy.Log,
"id": firewallPolicy.Id,
"name": firewallPolicy.Name,
"isOn": firewallPolicy.IsOn,
"description": firewallPolicy.Description,
"mode": firewallPolicy.Mode,
"modeInfo": firewallconfigs.FindFirewallMode(firewallPolicy.Mode),
"groups": internalGroups,
"blockOptions": firewallPolicy.BlockOptions,
"captchaOptions": firewallPolicy.CaptchaOptions,
"useLocalFirewall": firewallPolicy.UseLocalFirewall,
"synFlood": firewallPolicy.SYNFlood,
"log": firewallPolicy.Log,
"maxRequestBodySize": firewallPolicy.MaxRequestBodySize,
"maxRequestBodySizeFormat": numberutils.FormatBytes(firewallPolicy.MaxRequestBodySize),
}
// 正在使用此策略的集群

29
internal/web/actions/default/servers/components/waf/update.go
View File

@@ -9,6 +9,7 @@ import (
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
"github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/maps"
"github.com/iwind/TeaGo/types"
"net/http"
)
@@ -64,16 +65,17 @@ func (this *UpdateAction) RunGet(params struct {
}
this.Data["firewallPolicy"] = maps.Map{
"id": firewallPolicy.Id,
"name": firewallPolicy.Name,
"description": firewallPolicy.Description,
"isOn": firewallPolicy.IsOn,
"mode": firewallPolicy.Mode,
"blockOptions": firewallPolicy.BlockOptions,
"captchaOptions": firewallPolicy.CaptchaOptions,
"useLocalFirewall": firewallPolicy.UseLocalFirewall,
"synFloodConfig": firewallPolicy.SYNFlood,
"log": firewallPolicy.Log,
"id": firewallPolicy.Id,
"name": firewallPolicy.Name,
"description": firewallPolicy.Description,
"isOn": firewallPolicy.IsOn,
"mode": firewallPolicy.Mode,
"blockOptions": firewallPolicy.BlockOptions,
"captchaOptions": firewallPolicy.CaptchaOptions,
"useLocalFirewall": firewallPolicy.UseLocalFirewall,
"synFloodConfig": firewallPolicy.SYNFlood,
"log": firewallPolicy.Log,
"maxRequestBodySize": types.String(firewallPolicy.MaxRequestBodySize),
}
// 预置分组
@@ -110,6 +112,7 @@ func (this *UpdateAction) RunPost(params struct {
UseLocalFirewall bool
SynFloodJSON []byte
LogJSON []byte
MaxRequestBodySize int64
Must *actions.Must
}) {
@@ -134,6 +137,11 @@ func (this *UpdateAction) RunPost(params struct {
this.Fail("验证码动作参数校验失败:" + err.Error())
}
// 最大内容尺寸
if params.MaxRequestBodySize < 0 {
params.MaxRequestBodySize = 0
}
_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
HttpFirewallPolicyId: params.FirewallPolicyId,
IsOn: params.IsOn,
@@ -146,6 +154,7 @@ func (this *UpdateAction) RunPost(params struct {
UseLocalFirewall: params.UseLocalFirewall,
SynFloodJSON: params.SynFloodJSON,
LogJSON: params.LogJSON,
MaxRequestBodySize: params.MaxRequestBodySize,
})
if err != nil {
this.ErrorPage(err)

2
web/views/@default/servers/components/waf/createPopup.html
View File

@@ -30,7 +30,7 @@
</td>
</tr>
<tr>
<td>是否启用</td>
<td>启用当前策略</td>
<td>
<div class="ui checkbox">
<input type="checkbox" name="isOn" value="1" checked="checked"/>

7
web/views/@default/servers/components/waf/policy.html
View File

@@ -74,6 +74,13 @@
<span v-else>不记录</span>
</td>
</tr>
<tr>
<td>最多检查内容尺寸</td>
<td>
<span v-if="firewallPolicy.maxRequestBodySize == 0" class="disabled">使用默认</span>
<span v-else>{{firewallPolicy.maxRequestBodySizeFormat}}</span>
</td>
</tr>
<tr>
<td>描述</td>
<td>

203
web/views/@default/servers/components/waf/update.html
View File

@@ -1,103 +1,114 @@
{$layout}
{$template "waf_menu"}
{$template "waf_menu"}
<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
<table class="ui table definition selectable">
<tr>
<td class="title">策略名称 *</td>
<td>
<input type="text" name="name" maxlength="100" ref="focus" v-model="firewallPolicy.name"/>
<p class="comment">给策略起一个容易识别的名字。</p>
</td>
</tr>
<form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
<table class="ui table definition selectable">
<tr>
<td class="title">策略名称 *</td>
<td>
<input type="text" name="name" maxlength="100" ref="focus" v-model="firewallPolicy.name"/>
<p class="comment">给策略起一个容易识别的名字。</p>
</td>
</tr>
<tr>
<td>当前模式</td>
<td>
<select class="ui dropdown auto-width" name="mode" v-model="firewallPolicy.mode">
<option v-for="mode in modes" :value="mode.code">{{mode.name}}</option>
</select>
<p class="comment" v-for="mode in modes" v-if="mode.code == firewallPolicy.mode">{{mode.description}}</p>
</td>
</tr>
<tr>
<td>启用预置的规则</td>
<td>
<div class="ui checkbox" v-for="group in groups" style="width:10em;margin-bottom:0.5em">
<input type="checkbox" name="groupCodes" :value="group.code" :id="'group-checkbox-' + group.code" v-model="group.isOn"/>
<label :for="'group-checkbox-' + group.code">{{group.name}}</label>
</div>
<p class="comment">可以启用一些我们预置的规则组。</p>
</td>
</tr>
<tr>
<td colspan="2"><more-options-indicator></more-options-indicator></td>
</tr>
<tbody v-show="moreOptionsVisible">
<tr>
<td>当前模式</td>
<td>阻止动作配置</td>
<td>
<select class="ui dropdown auto-width" name="mode" v-model="firewallPolicy.mode">
<option v-for="mode in modes" :value="mode.code">{{mode.name}}</option>
</select>
<p class="comment" v-for="mode in modes" v-if="mode.code == firewallPolicy.mode">{{mode.description}}</p>
<http-firewall-block-options :v-block-options="firewallPolicy.blockOptions"></http-firewall-block-options>
</td>
</tr>
<tr>
<td>启用预置的规则</td>
<td>
<div class="ui checkbox" v-for="group in groups" style="width:10em;margin-bottom:0.5em">
<input type="checkbox" name="groupCodes" :value="group.code" :id="'group-checkbox-' + group.code" v-model="group.isOn"/>
<label :for="'group-checkbox-' + group.code">{{group.name}}</label>
</div>
<p class="comment">可以启用一些我们预置的规则组。</p>
</td>
</tr>
<tr>
<td colspan="2"><more-options-indicator></more-options-indicator></td>
</tr>
<tbody v-show="moreOptionsVisible">
<tr>
<td>阻止动作配置</td>
<td>
<http-firewall-block-options :v-block-options="firewallPolicy.blockOptions"></http-firewall-block-options>
</td>
</tr>
<tr>
<td>验证码动作配置</td>
<td>
<http-firewall-captcha-options :v-captcha-options="firewallPolicy.captchaOptions"></http-firewall-captcha-options>
</td>
</tr>
<tr>
<td>使用系统防火墙</td>
<td>
<checkbox name="useLocalFirewall" v-model="firewallPolicy.useLocalFirewall"></checkbox>
<p class="comment">开启后,可以在合适的时候自动使用系统自带防火墙进行防御。</p>
</td>
</tr>
<tr>
<td>SYN Flood防御</td>
<td>
<firewall-syn-flood-config-box :v-syn-flood-config="firewallPolicy.synFloodConfig"></firewall-syn-flood-config-box>
</td>
</tr>
<tr>
<td :class="{'color-border':firewallPolicy.log.isOn}">记录访问日志</td>
<td>
<input type="hidden" name="logJSON" :value="JSON.stringify(firewallPolicy.log)"/>
<checkbox name="" v-model="firewallPolicy.log.isOn"></checkbox>
<p class="comment">选中后总是记录WAF相关访问日志即使服务中没有开启访问日志。</p>
</td>
</tr>
<tr v-show="firewallPolicy.log.isOn">
<td class="color-border">记录请求Body</td>
<td>
<checkbox v-model="firewallPolicy.log.requestBody"></checkbox>
<p class="comment">选中后,表示在访问日志中记录匹配的请求内容。注意:此选项会明显增加访问日志占用空间,请谨慎开启。</p>
</td>
</tr>
<tr v-show="firewallPolicy.log.isOn">
<td class="color-border">记录区域封禁日志</td>
<td>
<checkbox v-model="firewallPolicy.log.regionDenying"></checkbox>
<p class="comment">选中后,表示在访问日志中记录区域封禁(地区和省份)事件。</p>
</td>
</tr>
<tr>
<td>描述</td>
<td>
<textarea name="description" rows="3" v-model="firewallPolicy.description"></textarea>
</td>
</tr>
<tr>
<td>是否启用</td>
<td>
<div class="ui checkbox">
<input type="checkbox" name="isOn" value="1" v-model="firewallPolicy.isOn"/>
<label></label>
</div>
</td>
</tr>
</tbody>
</table>
<submit-btn></submit-btn>
</form>
<tr>
<td>验证码动作配置</td>
<td>
<http-firewall-captcha-options :v-captcha-options="firewallPolicy.captchaOptions"></http-firewall-captcha-options>
</td>
</tr>
<tr>
<td>使用系统防火墙</td>
<td>
<checkbox name="useLocalFirewall" v-model="firewallPolicy.useLocalFirewall"></checkbox>
<p class="comment">开启后,可以在合适的时候自动使用系统自带防火墙进行防御。</p>
</td>
</tr>
<tr>
<td>SYN Flood防御</td>
<td>
<firewall-syn-flood-config-box :v-syn-flood-config="firewallPolicy.synFloodConfig"></firewall-syn-flood-config-box>
</td>
</tr>
<tr>
<td :class="{'color-border':firewallPolicy.log.isOn}">记录访问日志</td>
<td>
<input type="hidden" name="logJSON" :value="JSON.stringify(firewallPolicy.log)"/>
<checkbox name="" v-model="firewallPolicy.log.isOn"></checkbox>
<p class="comment">选中后总是记录WAF相关访问日志即使服务中没有开启访问日志。</p>
</td>
</tr>
<tr v-show="firewallPolicy.log.isOn">
<td class="color-border">记录请求Body</td>
<td>
<checkbox v-model="firewallPolicy.log.requestBody"></checkbox>
<p class="comment">选中后,表示在访问日志中记录匹配的请求内容。注意:此选项会明显增加访问日志占用空间,请谨慎开启。</p>
</td>
</tr>
<tr v-show="firewallPolicy.log.isOn">
<td class="color-border">记录区域封禁日志</td>
<td>
<checkbox v-model="firewallPolicy.log.regionDenying"></checkbox>
<p class="comment">选中后,表示在访问日志中记录区域封禁(地区和省份)事件。</p>
</td>
</tr>
<tr>
<td>最多检查内容尺寸</td>
<td>
<input type="hidden" name="maxRequestBodySize" v-model="maxRequestBodySize"/>
<div class="ui input right labeled">
<input type="text" style="width: 10em" maxlength="10" v-model="firewallPolicy.maxRequestBodySize" @input="changeMaxRequestBodySize(firewallPolicy.maxRequestBodySize)"/>
<span class="ui label">字节</span>
</div>
<p class="comment"><span v-if="maxRequestBodySize > 0">当前:{{maxRequestBodySizeFormat}}。</span>WAF能够分析的最大文件内容尺寸0表示默认默认为1MB此值越大对应使用的系统内存越多除非特殊情况否则请谨慎修改。</p>
</td>
</tr>
<tr>
<td>描述</td>
<td>
<textarea name="description" rows="3" v-model="firewallPolicy.description"></textarea>
</td>
</tr>
<tr>
<td>启用当前策略</td>
<td>
<div class="ui checkbox">
<input type="checkbox" name="isOn" value="1" v-model="firewallPolicy.isOn"/>
<label></label>
</div>
</td>
</tr>
</tbody>
</table>
<submit-btn></submit-btn>
</form>

19
web/views/@default/servers/components/waf/update.js
View File

@@ -1,3 +1,22 @@
Tea.context(function () {
this.success = NotifySuccess("保存成功", "/servers/components/waf/policy?firewallPolicyId=" + this.firewallPolicyId)
this.maxRequestBodySize = this.firewallPolicy.maxRequestBodySize
this.maxRequestBodySizeFormat = teaweb.formatBytes(this.maxRequestBodySize)
if (this.maxRequestBodySize == 0) {
this.maxRequestBodySizeFormat = ""
}
this.changeMaxRequestBodySize = function (v) {
if (v.toString().length == 0) {
this.maxRequestBodySize = 0
this.maxRequestBodySizeFormat = teaweb.formatBytes(this.maxRequestBodySize)
return
}
let size = parseInt(v)
if (!isNaN(size) && size >= 0) {
this.maxRequestBodySize = size
this.maxRequestBodySizeFormat = teaweb.formatBytes(this.maxRequestBodySize)
}
}
})