WAF策略：可以修改分组代号/导入时可以根据名称合并

2026-02-22 17:55:37 +08:00 · 2021-12-12 20:24:41 +08:00
parent b333a90532
commit abd5c6dbb1
5 changed files with 122 additions and 90 deletions
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_policy.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_policy.go
@@ -54,6 +54,16 @@ func (this *HTTPFirewallPolicy) FindRuleGroupWithCode(code string) *HTTPFirewall
 	return nil
 }

+// FindRuleGroupWithName 根据名称查找分组
+func (this *HTTPFirewallPolicy) FindRuleGroupWithName(name string) *HTTPFirewallRuleGroup {
+	for _, g := range this.AllRuleGroups() {
+		if g.Name == name {
+			return g
+		}
+	}
+	return nil
+}
+
 // FindRuleGroup 根据ID查找分组
 func (this *HTTPFirewallPolicy) FindRuleGroup(groupId int64) *HTTPFirewallRuleGroup {
 	for _, g := range this.AllRuleGroups() {
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go
@@ -9,6 +9,7 @@ type HTTPFirewallRuleGroup struct {
 	Code        string                    `yaml:"code" json:"code"`
 	SetRefs     []*HTTPFirewallRuleSetRef `yaml:"setRefs" json:"setRefs"`
 	Sets        []*HTTPFirewallRuleSet    `yaml:"sets" json:"sets"`
+	IsTemplate  bool                      `yaml:"isTemplate" json:"isTemplate"`
 }

 // Init 初始化
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_template.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_template.go
@@ -22,6 +22,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "XSS"
 		group.Code = "xss"
 		group.Description = "防跨站脚本攻击（Cross Site Scripting）"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -96,6 +97,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "文件上传"
 		group.Code = "upload"
 		group.Description = "防止上传可执行脚本文件到服务器"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -128,6 +130,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "Web Shell"
 		group.Code = "webShell"
 		group.Description = "防止远程执行服务器命令"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -159,6 +162,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.IsOn = true
 		group.Name = "命令注入"
 		group.Code = "commandInjection"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -198,6 +202,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "路径穿越"
 		group.Code = "pathTraversal"
 		group.Description = "防止读取网站目录之外的其他系统文件"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -230,6 +235,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "特殊目录"
 		group.Code = "denyDirs"
 		group.Description = "防止通过Web访问到一些特殊目录"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -262,6 +268,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "SQL注入"
 		group.Code = "sqlInjection"
 		group.Description = "防止SQL注入漏洞"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -409,6 +416,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "网络爬虫"
 		group.Code = "bot"
 		group.Description = "禁止一些网络爬虫"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -467,6 +475,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "CC攻击"
 		group.Description = "Challenge Collapsar，防止短时间大量请求涌入，请谨慎开启和设置"
 		group.Code = "cc2"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -622,6 +631,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "防盗链"
 		group.Description = "防止第三方网站引用本站资源。"
 		group.Code = "referer"
+		group.IsTemplate = true

 		{
 			set := &HTTPFirewallRuleSet{}
@@ -665,6 +675,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		group.Name = "自定义规则分组"
 		group.Description = "我的自定义规则分组，可以将自定义的规则放在这个分组下"
 		group.Code = "custom"
+		group.IsTemplate = true
 		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
 	}