WAF策略增加观察模式和通过模式

2026-04-29 10:15:17 +08:00 · 2021-09-30 11:30:16 +08:00
parent 801f327f36
commit c2ea2c96d5
7 changed files with 259 additions and 195 deletions
--- a/pkg/serverconfigs/firewallconfigs/firewall_mode.go
+++ b/pkg/serverconfigs/firewallconfigs/firewall_mode.go
@@ -0,0 +1,43 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package firewallconfigs
+
+import "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+
+// FirewallMode 模式
+type FirewallMode = string
+
+const (
+	FirewallModeDefend  FirewallMode = "defend"  // 防御模式
+	FirewallModeObserve FirewallMode = "observe" // 观察模式
+	FirewallModePass    FirewallMode = "pass"    // 通过模式
+)
+
+func FindAllFirewallModes() []*shared.Definition {
+	return []*shared.Definition{
+		{
+			Name:        "防御模式",
+			Description: "执行正常的防御规则和相应动作。",
+			Code:        FirewallModeDefend,
+		},
+		{
+			Name:        "观察模式",
+			Description: "执行正常的防御规则，但只记录日志，不执行动作。",
+			Code:        FirewallModeObserve,
+		},
+		{
+			Name:        "通过模式",
+			Description: "不执行任何规则，所有的请求都将会直接通过。",
+			Code:        FirewallModePass,
+		},
+	}
+}
+
+func FindFirewallMode(code FirewallMode) *shared.Definition {
+	for _, def := range FindAllFirewallModes() {
+		if def.Code == code {
+			return def
+		}
+	}
+	return nil
+}
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_policy.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_policy.go
@@ -11,7 +11,7 @@ type HTTPFirewallPolicy struct {
 	Inbound      *HTTPFirewallInboundConfig  `yaml:"inbound" json:"inbound"`
 	Outbound     *HTTPFirewallOutboundConfig `yaml:"outbound" json:"outbound"`
 	BlockOptions *HTTPFirewallBlockAction    `yaml:"blockOptions" json:"blockOptions"`
-
+	Mode         FirewallMode                `yaml:"mode" json:"mode"`
 }

 // Init 初始化