[WAF]规则中增加请求Header长度限制和响应Header长度限制

2025-11-03 20:40:25 +08:00 · 2020-11-18 19:48:27 +08:00
parent b001883c54
commit 317f16746f
3 changed files with 52 additions and 10 deletions
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_checkpoints.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_checkpoints.go
@@ -7,6 +7,20 @@ import (

 // all check points list
 var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{
+	{
+		Name:        "通用请求Header长度限制",
+		Prefix:      "requestGeneralHeaderLength",
+		Description: "通用Header比如Cache-Control、Accept之类的长度限制，防止缓冲区溢出攻击",
+		IsRequest:   true,
+		IsComposed:  true,
+	},
+	{
+		Name:        "通用响应Header长度限制",
+		Prefix:      "responseGeneralHeaderLength",
+		Description: "通用Header比如Cache-Control、Date之类的长度限制，防止缓冲区溢出攻击",
+		IsRequest:   false,
+		IsComposed:  true,
+	},
 	{
 		Name:        "客户端地址（IP）",
 		Prefix:      "remoteAddr",
@@ -268,12 +282,22 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{
 	},
 }

-// find a check point definition
+// 查找Checkpoint定义
 func FindCheckpointDefinition(prefix string) *HTTPFirewallCheckpointDefinition {
-	for _, def := range AllCheckpoints {
-		if def.Prefix == prefix {
-			return def
+	for _, checkpoint := range AllCheckpoints {
+		if checkpoint.Prefix == prefix {
+			return checkpoint
 		}
 	}
 	return nil
 }
+
+// 判断Checkpoint是否为组合的
+func CheckCheckpointIsComposed(prefix string) bool {
+	for _, checkpoint := range AllCheckpoints {
+		if checkpoint.Prefix == prefix {
+			return checkpoint.IsComposed
+		}
+	}
+	return false
+}