2020-10-06 21:02:21 +08:00
|
|
|
|
package firewallconfigs
|
|
|
|
|
|
|
2021-09-29 11:17:18 +08:00
|
|
|
|
import "github.com/iwind/TeaGo/maps"
|
|
|
|
|
|
|
2020-10-06 21:02:21 +08:00
|
|
|
|
type HTTPFirewallRuleConnector = string
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
|
HTTPFirewallRuleConnectorAnd = "and"
|
|
|
|
|
|
HTTPFirewallRuleConnectorOr = "or"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
func HTTPFirewallTemplate() *HTTPFirewallPolicy {
|
|
|
|
|
|
policy := &HTTPFirewallPolicy{}
|
|
|
|
|
|
policy.IsOn = true
|
|
|
|
|
|
policy.Inbound = &HTTPFirewallInboundConfig{}
|
|
|
|
|
|
policy.Outbound = &HTTPFirewallOutboundConfig{}
|
|
|
|
|
|
|
|
|
|
|
|
// xss
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "XSS"
|
|
|
|
|
|
group.Code = "xss"
|
|
|
|
|
|
group.Description = "防跨站脚本攻击(Cross Site Scripting)"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.IsOn = true
|
2023-12-09 17:02:01 +08:00
|
|
|
|
set.Name = "XSS攻击检测"
|
|
|
|
|
|
set.Code = "1010"
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 17:02:01 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
2023-12-09 17:02:01 +08:00
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorContainsXSS,
|
|
|
|
|
|
Value: "",
|
|
|
|
|
|
IsCaseInsensitive: false,
|
2020-10-06 21:02:21 +08:00
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// upload
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = false
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.Name = "文件上传"
|
|
|
|
|
|
group.Code = "upload"
|
|
|
|
|
|
group.Description = "防止上传可执行脚本文件到服务器"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "上传文件扩展名"
|
|
|
|
|
|
set.Code = "2001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 19:25:06 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestUpload.ext}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\.(php|jsp|aspx|asp|exe|asa|rb|py)\b`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// web shell
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = false
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.Name = "Web Shell"
|
|
|
|
|
|
group.Code = "webShell"
|
|
|
|
|
|
group.Description = "防止远程执行服务器命令"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "Web Shell"
|
|
|
|
|
|
set.Code = "3001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 19:25:06 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\b(eval|system|exec|execute|passthru|shell_exec|phpinfo)\s*\(`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// command injection
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = false
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.Name = "命令注入"
|
|
|
|
|
|
group.Code = "commandInjection"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "命令注入"
|
|
|
|
|
|
set.Code = "4001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 19:25:06 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestURI}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestBody}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// path traversal
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "路径穿越"
|
|
|
|
|
|
group.Code = "pathTraversal"
|
|
|
|
|
|
group.Description = "防止读取网站目录之外的其他系统文件"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "路径穿越"
|
|
|
|
|
|
set.Code = "5001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 19:25:06 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestURI}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
2023-12-09 19:25:06 +08:00
|
|
|
|
Value: `((\.+)(/+)){2,}`,
|
2020-10-06 21:02:21 +08:00
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// special dirs
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "特殊目录"
|
|
|
|
|
|
group.Code = "denyDirs"
|
|
|
|
|
|
group.Description = "防止通过Web访问到一些特殊目录"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "特殊目录"
|
|
|
|
|
|
set.Code = "6001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 18:15:27 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestPath}",
|
2023-12-09 18:15:27 +08:00
|
|
|
|
Operator: HTTPFirewallRuleOperatorContainsAnyWord,
|
|
|
|
|
|
Value: "/.git\n/.svn\n/.htaccess\n/.idea\n/.env\n/.vscode",
|
2020-10-06 21:02:21 +08:00
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// sql injection
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
|
|
|
|
|
group.IsOn = false
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.Name = "SQL注入"
|
|
|
|
|
|
group.Code = "sqlInjection"
|
|
|
|
|
|
group.Description = "防止SQL注入漏洞"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.IsOn = true
|
2023-12-09 17:02:01 +08:00
|
|
|
|
set.Name = "SQL注入检测"
|
2023-12-09 15:28:55 +08:00
|
|
|
|
set.Code = "7010"
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 15:54:57 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${requestAll}",
|
2023-12-09 15:28:55 +08:00
|
|
|
|
Operator: HTTPFirewallRuleOperatorContainsSQLInjection,
|
|
|
|
|
|
Value: "",
|
|
|
|
|
|
IsCaseInsensitive: false,
|
2020-10-06 21:02:21 +08:00
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// bot
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "网络爬虫"
|
|
|
|
|
|
group.Code = "bot"
|
|
|
|
|
|
group.Description = "禁止一些网络爬虫"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2022-01-10 10:56:08 +08:00
|
|
|
|
set.IsOn = false
|
2021-12-21 12:08:49 +08:00
|
|
|
|
set.Name = "搜索引擎"
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.Code = "20001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 18:15:27 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
2023-12-09 18:15:27 +08:00
|
|
|
|
Operator: HTTPFirewallRuleOperatorContainsAnyWord,
|
|
|
|
|
|
Value: "360spider\nadldxbot\nadsbot-google\napplebot\nadmantx\nalexa\nbaidu\nbingbot\nbingpreview\nfacebookexternalhit\ngooglebot\nproximic\nslurp\nsogou\ntwitterbot\nyandex\nspider",
|
2021-12-21 12:08:49 +08:00
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2021-12-21 12:08:49 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "爬虫工具"
|
|
|
|
|
|
set.Code = "20003"
|
2022-01-10 10:27:08 +08:00
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
2021-12-21 12:08:49 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 18:15:27 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-12-21 12:08:49 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
2023-12-09 18:15:27 +08:00
|
|
|
|
Operator: HTTPFirewallRuleOperatorContainsAnyWord,
|
|
|
|
|
|
Value: "python\npycurl\nhttp-client\nhttpclient\napachebench\nnethttp\nhttp_request\njava\nperl\nruby\nscrapy\nphp\nrust",
|
2021-12-21 12:08:49 +08:00
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
2022-01-10 10:27:08 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
2023-12-09 18:15:27 +08:00
|
|
|
|
Operator: HTTPFirewallRuleOperatorNotContainsAnyWord,
|
|
|
|
|
|
Value: "goedge",
|
2022-01-10 10:27:08 +08:00
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
Description: "User-Agent白名单",
|
|
|
|
|
|
})
|
2021-12-21 12:08:49 +08:00
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2021-12-21 12:08:49 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "下载工具"
|
|
|
|
|
|
set.Code = "20004"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
|
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionTag,
|
|
|
|
|
|
Options: maps.Map{
|
|
|
|
|
|
"tags": []string{"download"},
|
|
|
|
|
|
},
|
|
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
2023-12-09 18:15:27 +08:00
|
|
|
|
Operator: HTTPFirewallRuleOperatorContainsAnyWord,
|
|
|
|
|
|
Value: "wget\ncurl",
|
2020-10-06 21:02:21 +08:00
|
|
|
|
IsCaseInsensitive: true,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 11:57:25 +08:00
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2021-10-25 11:57:25 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "空Agent"
|
|
|
|
|
|
set.Code = "20002"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorOr
|
|
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 18:15:27 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-10-25 11:57:25 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 空Agent
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${userAgent}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorEqString,
|
|
|
|
|
|
Value: "",
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-06 21:02:21 +08:00
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-19 11:01:43 +08:00
|
|
|
|
// cc2
|
2020-10-06 21:02:21 +08:00
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "CC攻击"
|
|
|
|
|
|
group.Description = "Challenge Collapsar,防止短时间大量请求涌入,请谨慎开启和设置"
|
2021-07-19 11:01:43 +08:00
|
|
|
|
group.Code = "cc2"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.IsOn = true
|
2021-09-23 15:01:12 +08:00
|
|
|
|
set.Name = "CC单URL请求数"
|
|
|
|
|
|
set.Description = "限制单IP在一定时间内对单URL的请求数"
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.Code = "8001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
2021-07-14 22:46:31 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
2021-09-29 11:17:18 +08:00
|
|
|
|
Options: maps.Map{
|
2022-08-20 22:38:12 +08:00
|
|
|
|
"timeout": 1800,
|
2021-09-29 11:17:18 +08:00
|
|
|
|
},
|
2021-07-14 22:46:31 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
2023-12-09 18:15:27 +08:00
|
|
|
|
set.IgnoreLocal = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
2021-07-19 11:01:43 +08:00
|
|
|
|
Param: "${cc2}",
|
2020-10-06 21:02:21 +08:00
|
|
|
|
Operator: HTTPFirewallRuleOperatorGt,
|
2021-09-23 15:01:12 +08:00
|
|
|
|
Value: "120",
|
2020-10-06 21:02:21 +08:00
|
|
|
|
CheckpointOptions: map[string]interface{}{
|
2023-03-10 15:16:29 +08:00
|
|
|
|
"keys": []string{"${remoteAddr}", "${requestPath}"},
|
|
|
|
|
|
"period": "60",
|
|
|
|
|
|
"threshold": 120,
|
|
|
|
|
|
"enableFingerprint": true,
|
2021-09-23 15:01:12 +08:00
|
|
|
|
},
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2021-09-23 15:01:12 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "CC请求数"
|
|
|
|
|
|
set.Description = "限制单IP在一定时间内的总体请求数"
|
2021-10-25 11:57:25 +08:00
|
|
|
|
set.Code = "8002"
|
2021-09-23 15:01:12 +08:00
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
2023-12-09 18:15:27 +08:00
|
|
|
|
set.IgnoreLocal = true
|
2021-09-23 15:01:12 +08:00
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
|
|
|
|
|
Code: HTTPFirewallActionBlock,
|
2021-09-29 11:17:18 +08:00
|
|
|
|
Options: maps.Map{
|
2022-08-20 22:38:12 +08:00
|
|
|
|
"timeout": 1800,
|
2021-09-29 11:17:18 +08:00
|
|
|
|
},
|
2021-09-23 15:01:12 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${cc2}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorGt,
|
|
|
|
|
|
Value: "1200",
|
|
|
|
|
|
CheckpointOptions: map[string]interface{}{
|
2023-03-10 15:16:29 +08:00
|
|
|
|
"keys": []string{"${remoteAddr}"},
|
|
|
|
|
|
"period": "60",
|
|
|
|
|
|
"threshold": 1200,
|
|
|
|
|
|
"enableFingerprint": true,
|
2020-10-06 21:02:21 +08:00
|
|
|
|
},
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 11:57:25 +08:00
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2021-10-25 11:57:25 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "随机URL攻击"
|
|
|
|
|
|
set.Description = "限制用户使用随机URL访问网站"
|
|
|
|
|
|
set.Code = "8003"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
|
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 19:25:06 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-10-25 11:57:25 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${args}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorMatch,
|
|
|
|
|
|
Value: `^[0-9a-zA-Z_\-.]{12,}$`,
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-06 21:02:21 +08:00
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-25 19:02:44 +08:00
|
|
|
|
// custom
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
2021-10-25 19:02:44 +08:00
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "防盗链"
|
|
|
|
|
|
group.Description = "防止第三方网站引用本站资源。"
|
|
|
|
|
|
group.Code = "referer"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2021-10-25 19:02:44 +08:00
|
|
|
|
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var set = &HTTPFirewallRuleSet{}
|
2021-10-25 19:02:44 +08:00
|
|
|
|
set.IsOn = true
|
|
|
|
|
|
set.Name = "防盗链"
|
|
|
|
|
|
set.Description = "防止第三方网站引用本站资源"
|
|
|
|
|
|
set.Code = "9001"
|
|
|
|
|
|
set.Connector = HTTPFirewallRuleConnectorAnd
|
|
|
|
|
|
set.Actions = []*HTTPFirewallActionConfig{
|
|
|
|
|
|
{
|
2023-12-09 19:25:06 +08:00
|
|
|
|
Code: HTTPFirewallActionPage,
|
|
|
|
|
|
Options: maps.Map{"status": 403, "body": ""},
|
2021-10-25 19:02:44 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
set.AddRule(&HTTPFirewallRule{
|
|
|
|
|
|
IsOn: true,
|
|
|
|
|
|
Param: "${refererBlock}",
|
|
|
|
|
|
Operator: HTTPFirewallRuleOperatorEq,
|
|
|
|
|
|
Value: "0",
|
|
|
|
|
|
CheckpointOptions: map[string]interface{}{
|
|
|
|
|
|
"allowEmpty": true,
|
|
|
|
|
|
"allowSameDomain": true,
|
|
|
|
|
|
"allowDomains": []string{"*"},
|
|
|
|
|
|
},
|
|
|
|
|
|
IsCaseInsensitive: false,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
group.AddRuleSet(set)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-10-06 21:02:21 +08:00
|
|
|
|
// custom
|
|
|
|
|
|
{
|
2023-08-02 17:14:24 +08:00
|
|
|
|
var group = &HTTPFirewallRuleGroup{}
|
2020-10-06 21:02:21 +08:00
|
|
|
|
group.IsOn = true
|
|
|
|
|
|
group.Name = "自定义规则分组"
|
|
|
|
|
|
group.Description = "我的自定义规则分组,可以将自定义的规则放在这个分组下"
|
|
|
|
|
|
group.Code = "custom"
|
2021-12-12 20:24:41 +08:00
|
|
|
|
group.IsTemplate = true
|
2020-10-06 21:02:21 +08:00
|
|
|
|
policy.Inbound.Groups = append(policy.Inbound.Groups, group)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return policy
|
|
|
|
|
|
}
|
