将WAF模板中的cc修改为cc2

pkg/serverconfigs/firewallconfigs/http_firewall_checkpoints.go

@@ -5,7 +5,7 @@ import (
 	"regexp"
 )
 
-// all check points list
+// AllCheckpoints all check points list
 var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{
 	{
 		Name:        "通用请求Header长度限制",
@@ -185,9 +185,17 @@ var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{
 		HasParams:   true,
 	},
 	{
-		Name:        "CC统计",
+		Name:        "CC统计（新）",
+		Prefix:      "cc2",
+		Description: "对统计对象进行统计",
+		HasParams:   false,
+		IsRequest:   true,
+		IsComposed:  true,
+	},
+	{
+		Name:        "CC统计（旧）",
 		Prefix:      "cc",
-		Description: "统计某段时间段内的请求信息",
+		Description: "统计某段时间段内的请求信息（请使用新的CC统计代替）",
 		HasParams:   true,
 		Params: []*KeyValue{
 			NewKeyValue("请求数", "requests"),

pkg/serverconfigs/firewallconfigs/http_firewall_template.go

@@ -434,13 +434,13 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
 	}
 
-	// cc
+	// cc2
 	{
 		group := &HTTPFirewallRuleGroup{}
 		group.IsOn = true
 		group.Name = "CC攻击"
 		group.Description = "Challenge Collapsar，防止短时间大量请求涌入，请谨慎开启和设置"
-		group.Code = "cc"
+		group.Code = "cc2"
 
 		{
 			set := &HTTPFirewallRuleSet{}
@@ -456,11 +456,13 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 			}
 			set.AddRule(&HTTPFirewallRule{
 				IsOn:     true,
-				Param:    "${cc.requests}",
+				Param:    "${cc2}",
 				Operator: HTTPFirewallRuleOperatorGt,
 				Value:    "1000",
 				CheckpointOptions: map[string]interface{}{
+					"keys":      []string{"${remoteAddr}", "${requestPath}"},
 					"period":    "60",
+					"threshold": 1000,
 				},
 				IsCaseInsensitive: false,
 			})

pkg/serverconfigs/metric_item_utils.go

@@ -40,7 +40,7 @@ func FindAllMetricKeyDefinitions(category MetricItemCategory) []*shared.Definiti
 			{
 				Name:        "客户端地址（IP）",
 				Code:        "${remoteAddr}",
-				Description: "会依次根据X-Forwarded-For、X-Real-IP、RemoteAddr获取",
+				Description: "会依次根据X-Forwarded-For、X-Real-IP、RemoteAddr获取，适用于前端可能有别的反向代理的情形，存在被伪造的可能",
 			},
 			{
 				Name:        "直接客户端地址（IP）",
@@ -55,12 +55,27 @@ func FindAllMetricKeyDefinitions(category MetricItemCategory) []*shared.Definiti
 			{
 				Name:        "请求URI",
 				Code:        "${requestURI}",
-				Description: "包含参数",
+				Description: "包含参数，比如/hello?name=lily",
 			},
 			{
 				Name:        "请求路径",
 				Code:        "${requestPath}",
-				Description: "不包含参数",
+				Description: "不包含参数，比如/hello",
+			},
+			{
+				Name:        "完整URL",
+				Code:        "${requestURL}",
+				Description: "比如https://example.com/hello?name=lily",
+			},
+			{
+				Name:        "请求方法",
+				Code:        "${requestMethod}",
+				Description: "比如GET、POST等",
+			},
+			{
+				Name:        "请求协议",
+				Code:        "${scheme}",
+				Description: "http或https",
 			},
 			{
 				Name:        "文件扩展名",

pkg/serverconfigs/shared/request_variables.go

@@ -12,8 +12,9 @@ func DefaultRequestVariables() []maps.Map {
 		{"code": "${rawRemoteAddr}", "name": "客户端地址（IP）", "description": "返回直接连接服务的客户端原始IP地址"},
 		{"code": "${remotePort}", "name": "客户端端口", "description": ""},
 		{"code": "${remoteUser}", "name": "客户端用户名", "description": ""},
-		{"code": "${requestURI}", "name": "请求URI", "description": ""},
+		{"code": "${requestURI}", "name": "请求URI", "description": "比如/hello?name=lily"},
-		{"code": "${requestPath}", "name": "请求路径（不包括参数）", "description": ""},
+		{"code": "${requestPath}", "name": "请求路径（不包括参数）", "description": "比如/hello"},
+		{"code": "${requestURL}", "name": "完整的请求URL", "description": "比如https://example.com/hello?name=lily"},
 		{"code": "${requestLength}", "name": "请求内容长度", "description": ""},
 		{"code": "${requestMethod}", "name": "请求方法", "description": "比如GET、POST"},
 		{"code": "${requestFilename}", "name": "请求文件路径", "description": ""},