WAF策略增加“最多检查内容尺寸“选项

2025-11-04 05:00:24 +08:00 · 2023-08-02 17:00:40 +08:00
parent 92f26b4d46
commit 5eaa396f36
4 changed files with 36 additions and 21 deletions
--- a/build/rpc.json
+++ b/build/rpc.json
@@ -21664,7 +21664,7 @@
    },
    {
      "name": "UpdateHTTPFirewallPolicyRequest",
-      "code": "message UpdateHTTPFirewallPolicyRequest {\n\tint64 httpFirewallPolicyId = 1;\n\tbool isOn = 2;\n\tstring name = 3;\n\tstring description = 4;\n\trepeated string firewallGroupCodes = 5;\n\tbytes blockOptionsJSON = 6;\n\tbytes captchaOptionsJSON = 11;\n\tstring mode = 7;\n\tbool useLocalFirewall = 8;\n\tbytes synFloodJSON = 9;\n\tbytes LogJSON = 10;\n}",
+      "code": "message UpdateHTTPFirewallPolicyRequest {\n\tint64 httpFirewallPolicyId = 1;\n\tbool isOn = 2;\n\tstring name = 3;\n\tstring description = 4;\n\trepeated string firewallGroupCodes = 5;\n\tbytes blockOptionsJSON = 6;\n\tbytes captchaOptionsJSON = 11;\n\tstring mode = 7;\n\tbool useLocalFirewall = 8; // 是否使用本地防火墙\n\tbytes synFloodJSON = 9; // SYN Flood相关配置\n\tbytes LogJSON = 10; // 日志相关配置\n\tint64 maxRequestBodySize = 12; // 最大文件尺寸，单位为字节\n}",
      "doc": "修改防火墙策略"
    },
    {
--- a/pkg/rpc/pb/service_http_firewall_policy.pb.go
+++ b/pkg/rpc/pb/service_http_firewall_policy.pb.go
@@ -391,9 +391,10 @@ type UpdateHTTPFirewallPolicyRequest struct {
 	BlockOptionsJSON     []byte   `protobuf:"bytes,6,opt,name=blockOptionsJSON,proto3" json:"blockOptionsJSON,omitempty"`
 	CaptchaOptionsJSON   []byte   `protobuf:"bytes,11,opt,name=captchaOptionsJSON,proto3" json:"captchaOptionsJSON,omitempty"`
 	Mode                 string   `protobuf:"bytes,7,opt,name=mode,proto3" json:"mode,omitempty"`
-	UseLocalFirewall     bool     `protobuf:"varint,8,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"`
-	SynFloodJSON         []byte   `protobuf:"bytes,9,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"`
-	LogJSON              []byte   `protobuf:"bytes,10,opt,name=LogJSON,proto3" json:"LogJSON,omitempty"`
+	UseLocalFirewall     bool     `protobuf:"varint,8,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"`      // 是否使用本地防火墙
+	SynFloodJSON         []byte   `protobuf:"bytes,9,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"`               // SYN Flood相关配置
+	LogJSON              []byte   `protobuf:"bytes,10,opt,name=LogJSON,proto3" json:"LogJSON,omitempty"`                        // 日志相关配置
+	MaxRequestBodySize   int64    `protobuf:"varint,12,opt,name=maxRequestBodySize,proto3" json:"maxRequestBodySize,omitempty"` // 最大文件尺寸，单位为字节
 }

 func (x *UpdateHTTPFirewallPolicyRequest) Reset() {
@@ -505,6 +506,13 @@ func (x *UpdateHTTPFirewallPolicyRequest) GetLogJSON() []byte {
 	return nil
 }

+func (x *UpdateHTTPFirewallPolicyRequest) GetMaxRequestBodySize() int64 {
+	if x != nil {
+		return x.MaxRequestBodySize
+	}
+	return 0
+}
+
 // 修改分组信息
 type UpdateHTTPFirewallPolicyGroupsRequest struct {
 	state         protoimpl.MessageState
@@ -1317,7 +1325,7 @@ var file_service_http_firewall_policy_proto_rawDesc = []byte{
 	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70,
 	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
 	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65,
-	0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0xa9, 0x03, 0x0a,
+	0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0xd9, 0x03, 0x0a,
 	0x1f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77,
 	0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
 	0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
@@ -1344,7 +1352,10 @@ var file_service_http_firewall_policy_proto_rawDesc = []byte{
 	0x6e, 0x46, 0x6c, 0x6f, 0x6f, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0c,
 	0x52, 0x0c, 0x73, 0x79, 0x6e, 0x46, 0x6c, 0x6f, 0x6f, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x18,
 	0x0a, 0x07, 0x4c, 0x6f, 0x67, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0c, 0x52,
-	0x07, 0x4c, 0x6f, 0x67, 0x4a, 0x53, 0x4f, 0x4e, 0x22, 0xa1, 0x01, 0x0a, 0x25, 0x55, 0x70, 0x64,
+	0x07, 0x4c, 0x6f, 0x67, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2e, 0x0a, 0x12, 0x6d, 0x61, 0x78, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x42, 0x6f, 0x64, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x0c,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x42, 0x6f, 0x64, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x22, 0xa1, 0x01, 0x0a, 0x25, 0x55, 0x70, 0x64,
 	0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50,
 	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
 	0x73, 0x74, 0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,
--- a/pkg/rpc/protos/service_http_firewall_policy.proto
+++ b/pkg/rpc/protos/service_http_firewall_policy.proto
@@ -98,9 +98,10 @@ message UpdateHTTPFirewallPolicyRequest {
 	bytes blockOptionsJSON = 6;
 	bytes captchaOptionsJSON = 11;
 	string mode = 7;
-	bool useLocalFirewall = 8;
-	bytes synFloodJSON = 9;
-	bytes LogJSON = 10;
+	bool useLocalFirewall = 8; // 是否使用本地防火墙
+	bytes synFloodJSON = 9; // SYN Flood相关配置
+	bytes LogJSON = 10; // 日志相关配置
+	int64 maxRequestBodySize = 12; // 最大文件尺寸，单位为字节
 }

 // 修改分组信息
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_policy.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_policy.go
@@ -2,20 +2,23 @@ package firewallconfigs

 import "encoding/json"

+const DefaultMaxRequestBodySize int64 = 1 << 20
+
 // HTTPFirewallPolicy 防火墙策略
 type HTTPFirewallPolicy struct {
-	Id               int64                        `yaml:"id" json:"id"`
-	IsOn             bool                         `yaml:"isOn" json:"isOn"`
-	Name             string                       `yaml:"name" json:"name"`
-	Description      string                       `yaml:"description" json:"description"`
-	Inbound          *HTTPFirewallInboundConfig   `yaml:"inbound" json:"inbound"`
-	Outbound         *HTTPFirewallOutboundConfig  `yaml:"outbound" json:"outbound"`
-	BlockOptions     *HTTPFirewallBlockAction     `yaml:"blockOptions" json:"blockOptions"`
-	CaptchaOptions   *HTTPFirewallCaptchaAction   `yaml:"captchaOptions" json:"captchaOptions"`
-	Mode             FirewallMode                 `yaml:"mode" json:"mode"`
-	UseLocalFirewall bool                         `yaml:"useLocalFirewall" json:"useLocalFirewall"`
-	SYNFlood         *SYNFloodConfig              `yaml:"synFlood" json:"synFlood"`
-	Log              *HTTPFirewallPolicyLogConfig `yaml:"log" json:"log"` // 强制记录日志
+	Id                 int64                        `yaml:"id" json:"id"`
+	IsOn               bool                         `yaml:"isOn" json:"isOn"`
+	Name               string                       `yaml:"name" json:"name"`
+	Description        string                       `yaml:"description" json:"description"`
+	Inbound            *HTTPFirewallInboundConfig   `yaml:"inbound" json:"inbound"`
+	Outbound           *HTTPFirewallOutboundConfig  `yaml:"outbound" json:"outbound"`
+	BlockOptions       *HTTPFirewallBlockAction     `yaml:"blockOptions" json:"blockOptions"`
+	CaptchaOptions     *HTTPFirewallCaptchaAction   `yaml:"captchaOptions" json:"captchaOptions"`
+	Mode               FirewallMode                 `yaml:"mode" json:"mode"`
+	UseLocalFirewall   bool                         `yaml:"useLocalFirewall" json:"useLocalFirewall"`
+	SYNFlood           *SYNFloodConfig              `yaml:"synFlood" json:"synFlood"`
+	Log                *HTTPFirewallPolicyLogConfig `yaml:"log" json:"log"`                               // 强制记录日志
+	MaxRequestBodySize int64                        `yaml:"maxRequestBodySize" json:"maxRequestBodySize"` // 读取的请求最大尺寸
 }

 // Init 初始化