2020-10-06 21:02:21 +08:00
|
|
|
|
package firewallconfigs
|
|
|
|
|
|
|
2021-09-29 11:17:18 +08:00
|
|
|
|
import "github.com/iwind/TeaGo/maps"
|
|
|
|
|
|
|
2020-10-06 21:02:21 +08:00
|
|
|
|
type HTTPFirewallRuleConnector = string
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
|
HTTPFirewallRuleConnectorAnd = "and"
|
|
|
|
|
|
HTTPFirewallRuleConnectorOr = "or"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
func HTTPFirewallTemplate() *HTTPFirewallPolicy {
|
|
|
|
|
|
policy := &HTTPFirewallPolicy{}
|
|
|
|
|
|
policy.IsOn = true
|
|
|
|
|
|
policy.Inbound = &HTTPFirewallInboundConfig{}
|
|
|
|
|
|
policy.Outbound = &HTTPFirewallOutboundConfig{}
|
|
|
|
|
|
|
|
|
|
|
|
// xss
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "XSS"
|
|
|
|
|
|
group.Code = "xss"
|
|
|
|
|
|
group.Description = "防跨站脚本攻击(Cross Site Scripting)"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "Javascript事件"
|
|
|
|
|
|
set.Code = "1001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestURI}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `(onmouseover|onmousemove|onmousedown|onmouseup|onerror|onload|onclick|ondblclick|onkeydown|onkeyup|onkeypress)\s*=`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "Javascript函数"
|
|
|
|
|
|
set.Code = "1002"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestURI}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `(alert|eval|prompt|confirm)\s*\(`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "HTML标签"
|
|
|
|
|
|
set.Code = "1003"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestURI}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `<(script|iframe|link)`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// upload
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "文件上传"
|
|
|
|
|
|
group.Code = "upload"
|
|
|
|
|
|
group.Description = "防止上传可执行脚本文件到服务器"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "上传文件扩展名"
|
|
|
|
|
|
set.Code = "2001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestUpload.ext}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\.(php|jsp|aspx|asp|exe|asa|rb|py)\b`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// web shell
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "Web Shell"
|
|
|
|
|
|
group.Code = "webShell"
|
|
|
|
|
|
group.Description = "防止远程执行服务器命令"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "Web Shell"
|
|
|
|
|
|
set.Code = "3001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\b(eval|system|exec|execute|passthru|shell_exec|phpinfo)\s*\(`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// command injection
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "命令注入"
|
|
|
|
|
|
group.Code = "commandInjection"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "命令注入"
|
|
|
|
|
|
set.Code = "4001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestURI}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestBody}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// path traversal
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "路径穿越"
|
|
|
|
|
|
group.Code = "pathTraversal"
|
|
|
|
|
|
group.Description = "防止读取网站目录之外的其他系统文件"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "路径穿越"
|
|
|
|
|
|
set.Code = "5001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestURI}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `((\.+)(/+)){2,}`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// special dirs
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "特殊目录"
|
|
|
|
|
|
group.Code = "denyDirs"
|
|
|
|
|
|
group.Description = "防止通过Web访问到一些特殊目录"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "特殊目录"
|
|
|
|
|
|
set.Code = "6001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestPath}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
2022-01-09 20:29:46 +08:00
|
|
|
|
Value: `/\.(git|svn|htaccess|idea|env)\b`, // TODO more keywords here
|
2020-10-06 21:02:21 +08:00
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// sql injection
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "SQL注入"
|
|
|
|
|
|
group.Code = "sqlInjection"
|
|
|
|
|
|
group.Description = "防止SQL注入漏洞"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "Union SQL Injection"
|
|
|
|
|
|
set.Code = "7001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `union[\s/\*]+select`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "SQL注释"
|
|
|
|
|
|
set.Code = "7002"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `/\*(!|\x00)`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "SQL条件"
|
|
|
|
|
|
set.Code = "7003"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\s(and|or|rlike)\s+(if|updatexml)\s*\(`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\s+(and|or|rlike)\s+(select|case)\s+`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\s+(and|or|procedure)\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+(\s|$|--|#)`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\(\s*case\s+when\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+\s+then\s+`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "SQL函数"
|
|
|
|
|
|
set.Code = "7004"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
2022-03-19 15:41:25 +08:00
|
|
|
|
Value: `\b(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\s*\(.*\)`,
|
2020-10-06 21:02:21 +08:00
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "SQL附加语句"
|
|
|
|
|
|
set.Code = "7005"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `;\s*(declare|use|drop|create|exec|delete|update|insert)\s`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// bot
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "网络爬虫"
|
|
|
|
|
|
group.Code = "bot"
|
|
|
|
|
|
group.Description = "禁止一些网络爬虫"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
2022-01-10 10:56:08 +08:00
|
|
|
|
set.IsOn = false
|
2021-12-21 12:08:49 +08:00
|
|
|
|
set.Name = "搜索引擎"
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.Code = "20001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
2021-12-21 12:08:49 +08:00
|
|
|
|
Value: `360spider|adldxbot|adsbot-google|applebot|admantx|alexa|baidu|bingbot|bingpreview|facebookexternalhit|googlebot|proximic|slurp|sogou|twitterbot|yandex|spider`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "爬虫工具"
|
|
|
|
|
|
set.Code = "20003"
|
2022-01-10 10:27:08 +08:00
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
2021-12-21 12:08:49 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `python|pycurl|http-client|httpclient|apachebench|nethttp|http_request|java|perl|ruby|scrapy|php|rust`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
2022-01-10 10:27:08 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotMatch,
|
|
|
|
|
|
Value: `goedge`,
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
Description: "User-Agent白名单",
|
|
|
|
|
|
})
|
2021-12-21 12:08:49 +08:00
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "下载工具"
|
|
|
|
|
|
set.Code = "20004"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
|
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionTag,
|
|
|
|
|
|
Options: maps.Map{
|
|
|
|
|
|
"tags": []string{"download"},
|
|
|
|
|
|
},
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `wget|curl`,
|
2020-10-06 21:02:21 +08:00
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 11:57:25 +08:00
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "空Agent"
|
|
|
|
|
|
set.Code = "20002"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
|
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 空Agent
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorEqString,
|
|
|
|
|
|
Value: "",
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-06 21:02:21 +08:00
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-19 11:01:43 +08:00
|
|
|
|
// cc2
|
2020-10-06 21:02:21 +08:00
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "CC攻击"
|
|
|
|
|
|
group.Description = "Challenge Collapsar,防止短时间大量请求涌入,请谨慎开启和设置"
|
2021-07-19 11:01:43 +08:00
|
|
|
|
group.Code = "cc2"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
2021-09-23 15:01:12 +08:00
|
|
|
|
set.Name = "CC单URL请求数"
|
|
|
|
|
|
set.Description = "限制单IP在一定时间内对单URL的请求数"
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.Code = "8001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
2021-09-29 11:17:18 +08:00
|
|
|
|
Options: maps.Map{
|
|
|
|
|
|
"timeout": 600,
|
|
|
|
|
|
},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
2021-07-19 11:01:43 +08:00
|
|
|
|
Param: "${cc2}",
|
2020-10-06 21:02:21 +08:00
|
|
|
|
Operator: HTTPFirewallRuleOperatorGt,
|
2021-09-23 15:01:12 +08:00
|
|
|
|
Value: "120",
|
2020-10-06 21:02:21 +08:00
|
|
|
|
CheckpointOptions: map[string]interface{}{
|
2021-07-19 11:01:43 +08:00
|
|
|
|
"keys": []string{"${remoteAddr}", "${requestPath}"},
|
|
|
|
|
|
"period": "60",
|
2021-09-23 15:01:12 +08:00
|
|
|
|
"threshold": 120,
|
|
|
|
|
|
},
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${remoteAddr}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotIPRange,
|
|
|
|
|
|
Value: `127.0.0.1/8`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${remoteAddr}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotIPRange,
|
|
|
|
|
|
Value: `192.168.0.1/16`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${remoteAddr}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotIPRange,
|
|
|
|
|
|
Value: `10.0.0.1/8`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${remoteAddr}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotIPRange,
|
|
|
|
|
|
Value: `172.16.0.1/12`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "CC请求数"
|
|
|
|
|
|
set.Description = "限制单IP在一定时间内的总体请求数"
|
2021-10-25 11:57:25 +08:00
|
|
|
|
set.Code = "8002"
|
2021-09-23 15:01:12 +08:00
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
|
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
2021-09-29 11:17:18 +08:00
|
|
|
|
Options: maps.Map{
|
|
|
|
|
|
"timeout": 600,
|
|
|
|
|
|
},
|
2021-09-23 15:01:12 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${cc2}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorGt,
|
|
|
|
|
|
Value: "1200",
|
|
|
|
|
|
CheckpointOptions: map[string]interface{}{
|
|
|
|
|
|
"keys": []string{"${remoteAddr}"},
|
|
|
|
|
|
"period": "60",
|
|
|
|
|
|
"threshold": 1200,
|
2020-10-06 21:02:21 +08:00
|
|
|
|
},
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${remoteAddr}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotIPRange,
|
|
|
|
|
|
Value: `127.0.0.1/8`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${remoteAddr}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotIPRange,
|
|
|
|
|
|
Value: `192.168.0.1/16`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${remoteAddr}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotIPRange,
|
|
|
|
|
|
Value: `10.0.0.1/8`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${remoteAddr}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotIPRange,
|
|
|
|
|
|
Value: `172.16.0.1/12`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 11:57:25 +08:00
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "随机URL攻击"
|
|
|
|
|
|
set.Description = "限制用户使用随机URL访问网站"
|
|
|
|
|
|
set.Code = "8003"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
|
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
Options: maps.Map{
|
|
|
|
|
|
"timeout": 600,
|
|
|
|
|
|
},
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${args}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `^[0-9a-zA-Z_\-.]{12,}$`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-06 21:02:21 +08:00
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 19:02:44 +08:00
|
|
|
|
// custom
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "防盗链"
|
|
|
|
|
|
group.Description = "防止第三方网站引用本站资源。"
|
|
|
|
|
|
group.Code = "referer"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2021-10-25 19:02:44 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
set := &HTTPFirewallRuleSet{}
|
|
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "防盗链"
|
|
|
|
|
|
set.Description = "防止第三方网站引用本站资源"
|
|
|
|
|
|
set.Code = "9001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
|
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
|
|
|
|
|
Options: maps.Map{
|
|
|
|
|
|
"timeout": 60,
|
|
|
|
|
|
},
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${refererBlock}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorEq,
|
|
|
|
|
|
Value: "0",
|
|
|
|
|
|
CheckpointOptions: map[string]interface{}{
|
|
|
|
|
|
"allowEmpty": true,
|
|
|
|
|
|
"allowSameDomain": true,
|
|
|
|
|
|
"allowDomains": []string{"*"},
|
|
|
|
|
|
},
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-06 21:02:21 +08:00
|
|
|
|
// custom
|
|
|
|
|
|
{
|
|
|
|
|
|
group := &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "自定义规则分组"
|
|
|
|
|
|
group.Description = "我的自定义规则分组,可以将自定义的规则放在这个分组下"
|
|
|
|
|
|
group.Code = "custom"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return policy
|
|
|
|
|
|
}
|
