From abd3c3def53aec51d59407620f17fc60f1a1fb69 Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Fri, 8 Dec 2023 15:09:32 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96WAF=20checkpoint=E5=8F=82?= =?UTF-8?q?=E6=95=B0=E6=96=87=E5=AD=97=E6=8F=90=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../http_firewall_checkpoints.go | 82 +++++++++---------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_checkpoints.go b/pkg/serverconfigs/firewallconfigs/http_firewall_checkpoints.go index 9cbcd5a..6d8b638 100644 --- a/pkg/serverconfigs/firewallconfigs/http_firewall_checkpoints.go +++ b/pkg/serverconfigs/firewallconfigs/http_firewall_checkpoints.go @@ -10,7 +10,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "通用请求Header长度限制", Prefix: "requestGeneralHeaderLength", - Description: "通用Header比如Cache-Control、Accept之类的长度限制,防止缓冲区溢出攻击", + Description: "通用Header比如Cache-Control、Accept之类的长度限制,防止缓冲区溢出攻击。", IsRequest: true, IsComposed: true, Priority: 100, @@ -18,7 +18,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "通用响应Header长度限制", Prefix: "responseGeneralHeaderLength", - Description: "通用Header比如Cache-Control、Date之类的长度限制,防止缓冲区溢出攻击", + Description: "通用Header比如Cache-Control、Date之类的长度限制,防止缓冲区溢出攻击。", IsRequest: false, IsComposed: true, Priority: 100, @@ -26,77 +26,77 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "客户端地址(IP)", Prefix: "remoteAddr", - Description: "试图通过分析X-Forwarded-For等Header获取的客户端地址,比如192.168.1.100,存在伪造的可能", + Description: "试图通过分析X-Forwarded-For等Header获取的客户端地址,比如192.168.1.100,存在伪造的可能。", IsRequest: true, Priority: 100, }, { Name: "客户端源地址(IP)", Prefix: "rawRemoteAddr", - Description: "直接连接的客户端地址,比如192.168.1.100", + Description: "直接连接的客户端地址,比如192.168.1.100。", IsRequest: true, Priority: 100, }, { Name: "客户端端口", Prefix: "remotePort", - Description: "直接连接的客户端地址端口", + Description: "直接连接的客户端地址端口。", IsRequest: true, Priority: 100, }, { Name: "客户端用户名", Prefix: "remoteUser", - Description: "通过BasicAuth登录的客户端用户名", + Description: "通过BasicAuth登录的客户端用户名。", IsRequest: true, Priority: 100, }, { Name: "请求URI", Prefix: "requestURI", - Description: "包含URL参数的请求URI,类似于 /hello/world?lang=go,不包含域名部分", + Description: "包含URL参数的请求URI,类似于 /hello/world?lang=go,不包含域名部分。", IsRequest: true, Priority: 100, }, { Name: "请求路径", Prefix: "requestPath", - Description: "不包含URL参数的请求路径,类似于 /hello/world,不包含域名部分", + Description: "不包含URL参数的请求路径,类似于 /hello/world,不包含域名部分。", IsRequest: true, Priority: 100, }, { Name: "请求完整URL", Prefix: "requestURL", - Description: "完整的请求URL,包含协议、域名、请求路径、参数等,类似于 https://example.com/hello?name=lily", + Description: "完整的请求URL,包含协议、域名、请求路径、参数等,类似于 https://example.com/hello?name=lily 。", IsRequest: true, Priority: 100, }, { Name: "请求内容长度", Prefix: "requestLength", - Description: "请求Header中的Content-Length", + Description: "请求Header中的Content-Length。", IsRequest: true, Priority: 100, }, { Name: "请求体内容", Prefix: "requestBody", - Description: "通常在POST或者PUT等操作时会附带请求体,最大限制32M", + Description: "通常在POST或者PUT等操作时会附带请求体,最大限制32M。", IsRequest: true, Priority: 5, }, { Name: "请求URI和请求体组合", Prefix: "requestAll", - Description: "${requestURI}和${requestBody}组合", + Description: "${requestURI}和${requestBody}组合。", IsRequest: true, Priority: 5, }, { Name: "请求表单参数", Prefix: "requestForm", - Description: "获取POST或者其他方法发送的表单参数,最大请求体限制32M", + Description: "获取POST或者其他方法发送的表单参数,最大请求体限制32M。", IsRequest: true, HasParams: true, Priority: 5, @@ -104,7 +104,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "上传文件", Prefix: "requestUpload", - Description: "获取POST上传的文件信息,最大请求体限制32M", + Description: "获取POST上传的文件信息,最大请求体限制32M。", Params: []*KeyValue{ NewKeyValue("最小文件尺寸", "minSize"), NewKeyValue("最大文件尺寸", "maxSize"), @@ -119,7 +119,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "请求JSON参数", Prefix: "requestJSON", - Description: "获取POST或者其他方法发送的JSON,最大请求体限制32M,使用点(.)符号表示多级数据", + Description: "获取POST或者其他方法发送的JSON,最大请求体限制32M,使用点(.)符号表示多级数据。", IsRequest: true, HasParams: true, Priority: 5, @@ -127,42 +127,42 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "请求方法", Prefix: "requestMethod", - Description: "比如GET、POST", + Description: "比如GET、POST。", IsRequest: true, Priority: 100, }, { Name: "请求协议", Prefix: "scheme", - Description: "比如http或https", + Description: "比如http或https。", IsRequest: true, Priority: 100, }, { Name: "HTTP协议版本", Prefix: "proto", - Description: "比如HTTP/1.1", + Description: "比如HTTP/1.1。", IsRequest: true, Priority: 100, }, { Name: "主机名", Prefix: "host", - Description: "比如goedge.cn", + Description: "比如goedge.cn。", IsRequest: true, Priority: 100, }, { Name: "CNAME", Prefix: "cname", - Description: "当前网站服务CNAME,比如38b48e4f.goedge.cn", + Description: "当前网站服务CNAME,比如38b48e4f.goedge.cn。", IsRequest: true, Priority: 100, }, { Name: "是否为CNAME", Prefix: "isCNAME", - Description: "是否为CNAME,值为1(是)或0(否)", + Description: "是否为CNAME,值为1(是)或0(否)。", IsRequest: true, Priority: 100, DataType: "bool", @@ -170,35 +170,35 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "请求来源URL", Prefix: "referer", - Description: "请求Header中的Referer值", + Description: "请求Header中的Referer值。", IsRequest: true, Priority: 100, }, { Name: "客户端信息", Prefix: "userAgent", - Description: "比如Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103", + Description: "比如Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103。", IsRequest: true, Priority: 100, }, { Name: "内容类型", Prefix: "contentType", - Description: "请求Header的Content-Type", + Description: "请求Header的Content-Type。", IsRequest: true, Priority: 100, }, { Name: "所有cookie组合字符串", Prefix: "cookies", - Description: "比如sid=IxZVPFhE&city=beijing&uid=18237", + Description: "比如sid=IxZVPFhE&city=beijing&uid=18237。", IsRequest: true, Priority: 100, }, { Name: "单个cookie值", Prefix: "cookie", - Description: "单个cookie值", + Description: "单个cookie值。", IsRequest: true, HasParams: true, Priority: 100, @@ -206,14 +206,14 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "所有URL参数组合", Prefix: "args", - Description: "比如name=lu&age=20", + Description: "比如name=lu&age=20。", IsRequest: true, Priority: 100, }, { Name: "单个URL参数值", Prefix: "arg", - Description: "单个URL参数值", + Description: "单个URL参数值。", IsRequest: true, HasParams: true, Priority: 100, @@ -221,14 +221,14 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "所有Header信息", Prefix: "headers", - Description: "使用\\n隔开的Header信息字符串", + Description: "使用换行符(\\n)隔开的Header信息字符串,每行均为\"NAME: VALUE格式\"。", IsRequest: true, Priority: 100, }, { Name: "单个Header值", Prefix: "header", - Description: "单个Header值", + Description: "单个Header值。", IsRequest: true, HasParams: true, Priority: 100, @@ -236,7 +236,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "国家/地区名称", Prefix: "geoCountryName", - Description: "国家/地区名称", + Description: "当前访问者国家/地区名称。", IsRequest: true, HasParams: false, Priority: 90, @@ -244,7 +244,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "省份名称", Prefix: "geoProvinceName", - Description: "中国省份名称", + Description: "当前访问者中国省份名称。", IsRequest: true, HasParams: false, Priority: 90, @@ -252,7 +252,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "城市名称", Prefix: "geoCityName", - Description: "中国城市名称", + Description: "当前访问者中国城市名称。", IsRequest: true, HasParams: false, Priority: 90, @@ -260,7 +260,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "ISP名称", Prefix: "ispName", - Description: "ISP名称", + Description: "当前访问者ISP名称。", IsRequest: true, HasParams: false, Priority: 90, @@ -268,7 +268,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "CC统计", Prefix: "cc2", - Description: "对统计对象进行统计", + Description: "对统计对象进行统计。", HasParams: false, IsRequest: true, IsComposed: true, @@ -277,7 +277,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "防盗链", Prefix: "refererBlock", - Description: "对统计对象进行统计", + Description: "对统计对象进行统计。", HasParams: false, IsRequest: true, IsComposed: true, @@ -286,7 +286,7 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "CC统计(旧)", Prefix: "cc", - Description: "统计某段时间段内的请求信息(不推荐再使用,请使用新的CC2统计代替)", + Description: "统计某段时间段内的请求信息(不推荐再使用,请使用新的CC2统计代替)。", HasParams: true, Params: []*KeyValue{ NewKeyValue("请求数", "requests"), @@ -366,14 +366,14 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "响应状态码", Prefix: "status", - Description: "响应状态码,比如200、404、500", + Description: "响应状态码,比如200、404、500。", IsRequest: false, Priority: 100, }, { Name: "响应Header", Prefix: "responseHeader", - Description: "响应Header值", + Description: "响应Header值。", IsRequest: false, HasParams: true, Priority: 100, @@ -381,14 +381,14 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "响应内容", Prefix: "responseBody", - Description: "响应内容字符串", + Description: "响应内容字符串。", IsRequest: false, Priority: 5, }, { Name: "响应内容长度", Prefix: "bytesSent", - Description: "响应内容长度,通过响应的Header Content-Length获取", + Description: "响应内容长度,通过响应的Header Content-Length获取。", IsRequest: false, Priority: 100, },