WAF策略和缓存策略跟随集群

2025-11-15 05:50:27 +08:00 · 2021-08-01 14:52:10 +08:00
parent 9a037680cf
commit 7caf0c2f68
2 changed files with 55 additions and 20 deletions
--- a/pkg/nodeconfigs/node_config.go
+++ b/pkg/nodeconfigs/node_config.go
@@ -33,11 +33,11 @@ type NodeConfig struct {
 	GlobalConfig *serverconfigs.GlobalConfig `yaml:"globalConfig" json:"globalConfig"` // 全局配置
 	// 集群统一配置
-	HTTPFirewallPolicy *firewallconfigs.HTTPFirewallPolicy     `yaml:"httpFirewallPolicy" json:"httpFirewallPolicy"`
+	HTTPFirewallPolicies []*firewallconfigs.HTTPFirewallPolicy   `yaml:"httpFirewallPolicies" json:"httpFirewallPolicies"`
-	HTTPCachePolicy    *serverconfigs.HTTPCachePolicy          `yaml:"httpCachePolicy" json:"httpCachePolicy"`
+	HTTPCachePolicies    []*serverconfigs.HTTPCachePolicy        `yaml:"httpCachePolicies" json:"httpCachePolicies"`
-	TOA                *TOAConfig                              `yaml:"toa" json:"toa"`
+	TOA                  *TOAConfig                              `yaml:"toa" json:"toa"`
-	SystemServices     map[string]maps.Map                     `yaml:"systemServices" json:"systemServices"` // 系统服务配置 type => params
+	SystemServices       map[string]maps.Map                     `yaml:"systemServices" json:"systemServices"` // 系统服务配置 type => params
-	FirewallActions    []*firewallconfigs.FirewallActionConfig `yaml:"firewallActions" json:"firewallActions"`
+	FirewallActions      []*firewallconfigs.FirewallActionConfig `yaml:"firewallActions" json:"firewallActions"`
 	MetricItems []*serverconfigs.MetricItemConfig `yaml:"metricItems" json:"metricItems"`
@@ -103,18 +103,22 @@ func (this *NodeConfig) Init() error {
 	}
 	// cache policy
-	if this.HTTPCachePolicy != nil {
+	if len(this.HTTPCachePolicies) > 0 {
-		err := this.HTTPCachePolicy.Init()
+		for _, policy := range this.HTTPCachePolicies {
-		if err != nil {
+			err := policy.Init()
-			return err
+			if err != nil {
 				return err
 			}
 		}
 	}
 	// firewall policy
-	if this.HTTPFirewallPolicy != nil {
+	if len(this.HTTPFirewallPolicies) > 0 {
-		err := this.HTTPFirewallPolicy.Init()
+		for _, policy := range this.HTTPFirewallPolicies {
-		if err != nil {
+			err := policy.Init()
-			return err
+			if err != nil {
 				return err
 			}
 		}
 	}
@@ -128,15 +132,37 @@ func (this *NodeConfig) Init() error {
 	// 查找FirewallPolicy
 	this.firewallPolicies = []*firewallconfigs.HTTPFirewallPolicy{}
-	if this.HTTPFirewallPolicy != nil && this.HTTPFirewallPolicy.IsOn {
+	for _, policy := range this.HTTPFirewallPolicies {
-		this.firewallPolicies = append(this.firewallPolicies, this.HTTPFirewallPolicy)
+		if policy.IsOn {
 			this.firewallPolicies = append(this.firewallPolicies, policy)
 		}
 	}
 	for _, server := range this.Servers {
 		if !server.IsOk() || !server.IsOn {
 			continue
 		}
 		// WAF策略
 		if server.HTTPFirewallPolicyId > 0 {
 			for _, policy := range this.HTTPFirewallPolicies {
 				if server.HTTPFirewallPolicyId == policy.Id {
 					server.HTTPFirewallPolicy = policy
 					break
 				}
 			}
 		}
 		// 缓存策略
 		if server.HTTPCachePolicyId > 0 {
 			for _, policy := range this.HTTPCachePolicies {
 				if server.HTTPCachePolicyId == policy.Id {
 					server.HTTPCachePolicy = policy
 				}
 			}
 		}
 		if server.Web != nil {
-			this.lookupWeb(server.Web)
+			this.lookupWeb(server, server.Web)
 		}
 	}
@@ -217,21 +243,21 @@ func (this *NodeConfig) HasHTTPConnectionMetrics() bool {
 }
 // 搜索WAF策略
-func (this *NodeConfig) lookupWeb(web *serverconfigs.HTTPWebConfig) {
+func (this *NodeConfig) lookupWeb(server *serverconfigs.ServerConfig, web *serverconfigs.HTTPWebConfig) {
 	if web == nil || !web.IsOn {
 		return
 	}
 	if web.FirewallPolicy != nil && web.FirewallPolicy.IsOn {
 		// 复用节点的拦截选项设置
-		if web.FirewallPolicy.BlockOptions == nil && this.HTTPFirewallPolicy != nil && this.HTTPFirewallPolicy.BlockOptions != nil {
+		if web.FirewallPolicy.BlockOptions == nil && server.HTTPFirewallPolicy != nil && server.HTTPFirewallPolicy.BlockOptions != nil {
-			web.FirewallPolicy.BlockOptions = this.HTTPFirewallPolicy.BlockOptions
+			web.FirewallPolicy.BlockOptions = server.HTTPFirewallPolicy.BlockOptions
 		}
 		this.firewallPolicies = append(this.firewallPolicies, web.FirewallPolicy)
 	}
 	if len(web.Locations) > 0 {
 		for _, location := range web.Locations {
 			if location.Web != nil && location.Web.IsOn {
-				this.lookupWeb(location.Web)
+				this.lookupWeb(server, location.Web)
 			}
 		}
 	}
--- a/pkg/serverconfigs/server_config.go
+++ b/pkg/serverconfigs/server_config.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 )
@@ -32,6 +33,14 @@ type ServerConfig struct {
 	ReverseProxyRef *ReverseProxyRef    `yaml:"reverseProxyRef" json:"reverseProxyRef"`
 	ReverseProxy    *ReverseProxyConfig `yaml:"reverseProxy" json:"reverseProxy"`
 	// WAF策略
 	HTTPFirewallPolicyId int64                               `yaml:"httpFirewallPolicyId" json:"httpFirewallPolicyId"`
 	HTTPFirewallPolicy   *firewallconfigs.HTTPFirewallPolicy `yaml:"httpFirewallPolicy" json:"httpFirewallPolicy"` // 通过 HTTPFirewallPolicyId 获取
 	// 缓存策略
 	HTTPCachePolicyId int64            `yaml:"httpCachePolicyId" json:"httpCachePolicyId"`
 	HTTPCachePolicy   *HTTPCachePolicy `yaml:"httpCachePolicy" json:"httpCachePolicy"` // 通过 HTTPCachePolicyId 获取
 	isOk bool
 }