TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-11-04 05:00:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF策略中增加验证码相关定制设置

Browse Source
This commit is contained in:
刘祥超
2022-05-20 22:10:58 +08:00
parent a660815df7
commit 8c450a9b43
6 changed files with 43 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/nodeconfigs/node_config.go
View File

@@ -421,12 +421,19 @@ func (this *NodeConfig) lookupWeb(server *serverconfigs.ServerConfig, web *serve
return
}
if web.FirewallPolicy != nil && web.FirewallPolicy.IsOn {
// 复用节点的拦截选项设置
if web.FirewallPolicy.BlockOptions == nil && server.HTTPFirewallPolicy != nil && server.HTTPFirewallPolicy.BlockOptions != nil {
web.FirewallPolicy.BlockOptions = server.HTTPFirewallPolicy.BlockOptions
// 复用节点的选项设置
if server.HTTPFirewallPolicy != nil {
if (web.FirewallPolicy.BlockOptions == nil || !web.FirewallPolicy.BlockOptions.IsPrior) || server.HTTPFirewallPolicy.BlockOptions != nil {
web.FirewallPolicy.BlockOptions = server.HTTPFirewallPolicy.BlockOptions
}
if (web.FirewallPolicy.CaptchaOptions == nil || !web.FirewallPolicy.CaptchaOptions.IsPrior) || server.HTTPFirewallPolicy.CaptchaOptions != nil {
web.FirewallPolicy.CaptchaOptions = server.HTTPFirewallPolicy.CaptchaOptions
}
web.FirewallPolicy.Mode = server.HTTPFirewallPolicy.Mode
web.FirewallPolicy.UseLocalFirewall = server.HTTPFirewallPolicy.UseLocalFirewall
}
this.firewallPolicies = append(this.firewallPolicies, web.FirewallPolicy)
}
if len(web.Locations) > 0 {

13
pkg/rpc/pb/service_http_firewall_policy.pb.go
View File

@@ -389,6 +389,7 @@ type UpdateHTTPFirewallPolicyRequest struct {
Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
FirewallGroupCodes []string `protobuf:"bytes,5,rep,name=firewallGroupCodes,proto3" json:"firewallGroupCodes,omitempty"`
BlockOptionsJSON []byte `protobuf:"bytes,6,opt,name=blockOptionsJSON,proto3" json:"blockOptionsJSON,omitempty"`
CaptchaOptionsJSON []byte `protobuf:"bytes,11,opt,name=captchaOptionsJSON,proto3" json:"captchaOptionsJSON,omitempty"`
Mode string `protobuf:"bytes,7,opt,name=mode,proto3" json:"mode,omitempty"`
UseLocalFirewall bool `protobuf:"varint,8,opt,name=useLocalFirewall,proto3" json:"useLocalFirewall,omitempty"`
SynFloodJSON []byte `protobuf:"bytes,9,opt,name=synFloodJSON,proto3" json:"synFloodJSON,omitempty"`
@@ -469,6 +470,13 @@ func (x *UpdateHTTPFirewallPolicyRequest) GetBlockOptionsJSON() []byte {
return nil
}
func (x *UpdateHTTPFirewallPolicyRequest) GetCaptchaOptionsJSON() []byte {
if x != nil {
return x.CaptchaOptionsJSON
}
return nil
}
func (x *UpdateHTTPFirewallPolicyRequest) GetMode() string {
if x != nil {
return x.Mode
@@ -1309,7 +1317,7 @@ var file_service_http_firewall_policy_proto_rawDesc = []byte{
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70,
0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65,
0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0xf9, 0x02, 0x0a,
0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0xa9, 0x03, 0x0a,
0x1f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77,
0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x12, 0x32, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
@@ -1325,6 +1333,9 @@ var file_service_http_firewall_policy_proto_rawDesc = []byte{
0x77, 0x61, 0x6c, 0x6c, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x2a,
0x0a, 0x10, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53,
0x4f, 0x4e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x10, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4f,
0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2e, 0x0a, 0x12, 0x63, 0x61,
0x70, 0x74, 0x63, 0x68, 0x61, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e,
0x18, 0x0b, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x12, 0x63, 0x61, 0x70, 0x74, 0x63, 0x68, 0x61, 0x4f,
0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f,
0x64, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2a,
0x0a, 0x10, 0x75, 0x73, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,

1
pkg/rpc/protos/service_http_firewall_policy.proto
View File

@@ -95,6 +95,7 @@ message UpdateHTTPFirewallPolicyRequest {
string description = 4;
repeated string firewallGroupCodes = 5;
bytes blockOptionsJSON = 6;
bytes captchaOptionsJSON = 11;
string mode = 7;
bool useLocalFirewall = 8;
bytes synFloodJSON = 9;

2
pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go
View File

@@ -2,6 +2,8 @@ package firewallconfigs
// HTTPFirewallBlockAction url client configure
type HTTPFirewallBlockAction struct {
IsPrior bool `yaml:"isPrior" json:"isPrior"`
StatusCode int `yaml:"statusCode" json:"statusCode"`
Body string `yaml:"body" json:"body"` // supports HTML
URL string `yaml:"url" json:"url"`

28
pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go
View File

@@ -1,19 +1,25 @@
package firewallconfigs
type HTTPFirewallCaptchaAction struct {
Life int32 `yaml:"life" json:"life"` // 有效期
MaxFails int `yaml:"maxFails" json:"maxFails"` // 最大失败次数
FailBlockTimeout int `yaml:"failBlockTimeout" json:"failBlockTimeout"` // 失败拦截时间
IsPrior bool `yaml:"isPrior" json:"isPrior"`
UIIsOn bool `yaml:"uiIsOn" json:"uiIsOn"` // 是否使用自定义UI TODO
UITitle string `yaml:"uiTitle" json:"uiTitle"` // 消息标题 TODO
UIPrompt string `yaml:"uiPrompt" json:"uiPrompt"` // 消息提示 TODO
UIButtonTitle string `yaml:"uiButtonTitle" json:"uiButtonTitle"` // 按钮标题 TODO
UIShowRequestId bool `yaml:"uiShowRequestId" json:"uiShowRequestId"` // 是否显示请求ID TODO
UICss string `yaml:"uiCss" json:"uiCss"` // CSS样式 TODO
UIFooter string `yaml:"uiFooter" json:"uiFooter"` // TODO
Life int32 `yaml:"life" json:"life"` // 有效期
MaxFails int `yaml:"maxFails" json:"maxFails"` // 最大失败次数
FailBlockTimeout int `yaml:"failBlockTimeout" json:"failBlockTimeout"` // 失败拦截时间
FailBlockScopeAll bool `yaml:"failBlockScopeAll" json:"failBlockScopeAll"` // 是否全局有效
CountLetters int8 `yaml:"countLetters" json:"countLetters"` // 字符数量
UIIsOn bool `yaml:"uiIsOn" json:"uiIsOn"` // 是否使用自定义UI
UITitle string `yaml:"uiTitle" json:"uiTitle"` // 消息标题
UIPrompt string `yaml:"uiPrompt" json:"uiPrompt"` // 消息提示
UIButtonTitle string `yaml:"uiButtonTitle" json:"uiButtonTitle"` // 按钮标题
UIShowRequestId bool `yaml:"uiShowRequestId" json:"uiShowRequestId"` // 是否显示请求ID
UICss string `yaml:"uiCss" json:"uiCss"` // CSS样式
UIFooter string `yaml:"uiFooter" json:"uiFooter"` // 页脚
UIBody string `yaml:"uiBody" json:"uiBody"` // 内容轮廓
CookieId string `yaml:"cookieId" json:"cookieId"` // TODO
Language string `yaml:"language" json:"language"` // 语言zh-CN, en-US ... TODO 需要实现目前是根据浏览器Accept-Language动态获取
Lang string `yaml:"lang" json:"lang"` // 语言zh-CN, en-US ... TODO 需要实现目前是根据浏览器Accept-Language动态获取
}

1
pkg/serverconfigs/firewallconfigs/http_firewall_policy.go
View File

@@ -11,6 +11,7 @@ type HTTPFirewallPolicy struct {
Inbound *HTTPFirewallInboundConfig `yaml:"inbound" json:"inbound"`
Outbound *HTTPFirewallOutboundConfig `yaml:"outbound" json:"outbound"`
BlockOptions *HTTPFirewallBlockAction `yaml:"blockOptions" json:"blockOptions"`
CaptchaOptions *HTTPFirewallCaptchaAction `yaml:"captchaOptions" json:"captchaOptions"`
Mode FirewallMode `yaml:"mode" json:"mode"`
UseLocalFirewall bool `yaml:"useLocalFirewall" json:"useLocalFirewall"`
SYNFlood *SYNFloodConfig `yaml:"synFlood" json:"synFlood"`