WAF策略增加“最多检查内容尺寸“选项

build/rpc.json

@@ -21664,7 +21664,7 @@
     },
     {
       "name": "UpdateHTTPFirewallPolicyRequest",
-      "code": "message UpdateHTTPFirewallPolicyRequest {\n\tint64 httpFirewallPolicyId = 1;\n\tbool isOn = 2;\n\tstring name = 3;\n\tstring description = 4;\n\trepeated string firewallGroupCodes = 5;\n\tbytes blockOptionsJSON = 6;\n\tbytes captchaOptionsJSON = 11;\n\tstring mode = 7;\n\tbool useLocalFirewall = 8;\n\tbytes synFloodJSON = 9;\n\tbytes LogJSON = 10;\n}",
+      "code": "message UpdateHTTPFirewallPolicyRequest {\n\tint64 httpFirewallPolicyId = 1;\n\tbool isOn = 2;\n\tstring name = 3;\n\tstring description = 4;\n\trepeated string firewallGroupCodes = 5;\n\tbytes blockOptionsJSON = 6;\n\tbytes captchaOptionsJSON = 11;\n\tstring mode = 7;\n\tbool useLocalFirewall = 8; // 是否使用本地防火墙\n\tbytes synFloodJSON = 9; // SYN Flood相关配置\n\tbytes LogJSON = 10; // 日志相关配置\n\tint64 maxRequestBodySize = 12; // 最大文件尺寸，单位为字节\n}",
       "doc": "修改防火墙策略"
     },
     {

pkg/rpc/pb/service_http_firewall_policy.pb.go

@@ -391,9 +391,10 @@ type UpdateHTTPFirewallPolicyRequest struct {
 	BlockOptionsJSON     []byte   `protobuf:"bytes,6,opt,name=blockOptionsJSON,proto3" json:"blockOptionsJSON,omitempty"`
 	CaptchaOptionsJSON   []byte   `protobuf:"bytes,11,opt,name=captchaOptionsJSON,proto3" json:"captchaOptionsJSON,omitempty"`
 	Mode                 string   `protobuf:"bytes,7,opt,name=mode,proto3" json:"mode,omitempty"`
-	UseLocalFirewall     bool     `protobuf:"varint,8,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"`
-	SynFloodJSON         []byte   `protobuf:"bytes,9,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"`
-	LogJSON              []byte   `protobuf:"bytes,10,opt,name=LogJSON,proto3" json:"LogJSON,omitempty"`
+	UseLocalFirewall     bool     `protobuf:"varint,8,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"`      // 是否使用本地防火墙
+	SynFloodJSON         []byte   `protobuf:"bytes,9,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"`               // SYN Flood相关配置
+	LogJSON              []byte   `protobuf:"bytes,10,opt,name=LogJSON,proto3" json:"LogJSON,omitempty"`                        // 日志相关配置
+	MaxRequestBodySize   int64    `protobuf:"varint,12,opt,name=maxRequestBodySize,proto3" json:"maxRequestBodySize,omitempty"` // 最大文件尺寸，单位为字节
 }
 
 func (x *UpdateHTTPFirewallPolicyRequest) Reset() {
@@ -505,6 +506,13 @@ func (x *UpdateHTTPFirewallPolicyRequest) GetLogJSON() []byte {
 	return nil
 }
 
+func (x *UpdateHTTPFirewallPolicyRequest) GetMaxRequestBodySize() int64 {
+	if x != nil {
+		return x.MaxRequestBodySize
+	}
+	return 0
+}
+
 // 修改分组信息
 type UpdateHTTPFirewallPolicyGroupsRequest struct {
 	state         protoimpl.MessageState
@@ -1317,7 +1325,7 @@ var file_service_http_firewall_policy_proto_rawDesc = []byte{
 	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70,
 	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
 	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65,
-	0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0xa9, 0x03, 0x0a,
+	0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0xd9, 0x03, 0x0a,
 	0x1f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77,
 	0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
 	0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
@@ -1344,7 +1352,10 @@ var file_service_http_firewall_policy_proto_rawDesc = []byte{
 	0x6e, 0x46, 0x6c, 0x6f, 0x6f, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0c,
 	0x52, 0x0c, 0x73, 0x79, 0x6e, 0x46, 0x6c, 0x6f, 0x6f, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x18,
 	0x0a, 0x07, 0x4c, 0x6f, 0x67, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0c, 0x52,
-	0x07, 0x4c, 0x6f, 0x67, 0x4a, 0x53, 0x4f, 0x4e, 0x22, 0xa1, 0x01, 0x0a, 0x25, 0x55, 0x70, 0x64,
+	0x07, 0x4c, 0x6f, 0x67, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2e, 0x0a, 0x12, 0x6d, 0x61, 0x78, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x42, 0x6f, 0x64, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x0c,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x42, 0x6f, 0x64, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x22, 0xa1, 0x01, 0x0a, 0x25, 0x55, 0x70, 0x64,
 	0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50,
 	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
 	0x73, 0x74, 0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,

pkg/rpc/protos/service_http_firewall_policy.proto

@@ -98,9 +98,10 @@ message UpdateHTTPFirewallPolicyRequest {
 	bytes blockOptionsJSON = 6;
 	bytes captchaOptionsJSON = 11;
 	string mode = 7;
-	bool useLocalFirewall = 8;
-	bytes synFloodJSON = 9;
-	bytes LogJSON = 10;
+	bool useLocalFirewall = 8; // 是否使用本地防火墙
+	bytes synFloodJSON = 9; // SYN Flood相关配置
+	bytes LogJSON = 10; // 日志相关配置
+	int64 maxRequestBodySize = 12; // 最大文件尺寸，单位为字节
 }
 
 // 修改分组信息

pkg/serverconfigs/firewallconfigs/http_firewall_policy.go

@@ -2,6 +2,8 @@ package firewallconfigs
 
 import "encoding/json"
 
+const DefaultMaxRequestBodySize int64 = 1 << 20
+
 // HTTPFirewallPolicy 防火墙策略
 type HTTPFirewallPolicy struct {
 	Id                 int64                        `yaml:"id" json:"id"`
@@ -16,6 +18,7 @@ type HTTPFirewallPolicy struct {
 	UseLocalFirewall   bool                         `yaml:"useLocalFirewall" json:"useLocalFirewall"`
 	SYNFlood           *SYNFloodConfig              `yaml:"synFlood" json:"synFlood"`
 	Log                *HTTPFirewallPolicyLogConfig `yaml:"log" json:"log"`                               // 强制记录日志
+	MaxRequestBodySize int64                        `yaml:"maxRequestBodySize" json:"maxRequestBodySize"` // 读取的请求最大尺寸
 }
 
 // Init 初始化