From d23c4b244f463e770a8dd6d06920eb8ba4f9b073 Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Sat, 21 May 2022 18:57:59 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=88=9B=E5=BB=BAWAF=E6=97=B6?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E9=BB=98=E8=AE=A4=E9=80=89=E9=A1=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkg/nodeconfigs/node_config.go | 10 ++++++++-- .../firewallconfigs/firewall_action_config.go | 4 ++-- .../firewallconfigs/http_firewall_action_block.go | 10 ++++++++++ .../firewallconfigs/http_firewall_action_captcha.go | 9 +++++++++ .../firewallconfigs/http_firewall_policy_log_config.go | 1 + pkg/serverconfigs/firewallconfigs/syn_flood_config.go | 1 + 6 files changed, 31 insertions(+), 4 deletions(-) diff --git a/pkg/nodeconfigs/node_config.go b/pkg/nodeconfigs/node_config.go index a79ca41..2ede4d8 100644 --- a/pkg/nodeconfigs/node_config.go +++ b/pkg/nodeconfigs/node_config.go @@ -423,12 +423,18 @@ func (this *NodeConfig) lookupWeb(server *serverconfigs.ServerConfig, web *serve if web.FirewallPolicy != nil && web.FirewallPolicy.IsOn { // 复用节点的选项设置 if server.HTTPFirewallPolicy != nil { - if (web.FirewallPolicy.BlockOptions == nil || !web.FirewallPolicy.BlockOptions.IsPrior) || server.HTTPFirewallPolicy.BlockOptions != nil { + if (web.FirewallPolicy.BlockOptions == nil || !web.FirewallPolicy.BlockOptions.IsPrior) && server.HTTPFirewallPolicy.BlockOptions != nil { web.FirewallPolicy.BlockOptions = server.HTTPFirewallPolicy.BlockOptions } - if (web.FirewallPolicy.CaptchaOptions == nil || !web.FirewallPolicy.CaptchaOptions.IsPrior) || server.HTTPFirewallPolicy.CaptchaOptions != nil { + if (web.FirewallPolicy.CaptchaOptions == nil || !web.FirewallPolicy.CaptchaOptions.IsPrior) && server.HTTPFirewallPolicy.CaptchaOptions != nil { web.FirewallPolicy.CaptchaOptions = server.HTTPFirewallPolicy.CaptchaOptions } + if (web.FirewallPolicy.SYNFlood == nil || !web.FirewallPolicy.SYNFlood.IsPrior) && server.HTTPFirewallPolicy.SYNFlood != nil { + web.FirewallPolicy.SYNFlood = server.HTTPFirewallPolicy.SYNFlood + } + if (web.FirewallPolicy.Log == nil || !web.FirewallPolicy.Log.IsPrior) && server.HTTPFirewallPolicy.Log != nil { + web.FirewallPolicy.Log = server.HTTPFirewallPolicy.Log + } web.FirewallPolicy.Mode = server.HTTPFirewallPolicy.Mode web.FirewallPolicy.UseLocalFirewall = server.HTTPFirewallPolicy.UseLocalFirewall diff --git a/pkg/serverconfigs/firewallconfigs/firewall_action_config.go b/pkg/serverconfigs/firewallconfigs/firewall_action_config.go index 621e59c..af9dc72 100644 --- a/pkg/serverconfigs/firewallconfigs/firewall_action_config.go +++ b/pkg/serverconfigs/firewallconfigs/firewall_action_config.go @@ -2,7 +2,7 @@ package firewallconfigs import "github.com/iwind/TeaGo/maps" -// 防火墙动作配置 +// FirewallActionConfig 防火墙动作配置 type FirewallActionConfig struct { Id int64 `yaml:"id" json:"id"` // Id Type string `yaml:"type" json:"type"` // 类型 @@ -10,7 +10,7 @@ type FirewallActionConfig struct { EventLevel string `yaml:"eventLevel" json:"eventLevel"` // 事件级别 } -// 初始化 +// Init 初始化 func (this *FirewallActionConfig) Init() error { return nil } diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go index 97aefff..6a08b50 100644 --- a/pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go +++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go @@ -1,5 +1,7 @@ package firewallconfigs +import "net/http" + // HTTPFirewallBlockAction url client configure type HTTPFirewallBlockAction struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` @@ -10,3 +12,11 @@ type HTTPFirewallBlockAction struct { Timeout int32 `yaml:"timeout" json:"timeout"` Scope FirewallScope `yaml:"scope" json:"scope"` } + +func DefaultHTTPFirewallBlockAction() *HTTPFirewallBlockAction { + return &HTTPFirewallBlockAction{ + StatusCode: http.StatusForbidden, + Body: "Blocked By WAF", + Timeout: 60, + } +} diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go index cc0e05a..ab9c088 100644 --- a/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go +++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go @@ -23,3 +23,12 @@ type HTTPFirewallCaptchaAction struct { Lang string `yaml:"lang" json:"lang"` // 语言,zh-CN, en-US ... TODO 需要实现,目前是根据浏览器Accept-Language动态获取 } + +func DefaultHTTPFirewallCaptchaAction() *HTTPFirewallCaptchaAction { + return &HTTPFirewallCaptchaAction{ + Life: 600, + MaxFails: 100, + FailBlockTimeout: 3600, + FailBlockScopeAll: true, + } +} diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_policy_log_config.go b/pkg/serverconfigs/firewallconfigs/http_firewall_policy_log_config.go index c7cf6df..f914a97 100644 --- a/pkg/serverconfigs/firewallconfigs/http_firewall_policy_log_config.go +++ b/pkg/serverconfigs/firewallconfigs/http_firewall_policy_log_config.go @@ -8,6 +8,7 @@ var DefaultHTTPFirewallPolicyLogConfig = &HTTPFirewallPolicyLogConfig{ } type HTTPFirewallPolicyLogConfig struct { + IsPrior bool `yaml:"isPrior" json:"isPrior"` IsOn bool `yaml:"isOn" json:"isOn"` RequestBody bool `yaml:"requestBody" json:"requestBody"` } diff --git a/pkg/serverconfigs/firewallconfigs/syn_flood_config.go b/pkg/serverconfigs/firewallconfigs/syn_flood_config.go index ad87a64..fe4f6fa 100644 --- a/pkg/serverconfigs/firewallconfigs/syn_flood_config.go +++ b/pkg/serverconfigs/firewallconfigs/syn_flood_config.go @@ -4,6 +4,7 @@ package firewallconfigs // SYNFloodConfig Syn flood防护设置 type SYNFloodConfig struct { + IsPrior bool `yaml:"isPrior" json:"isPrior"` IsOn bool `yaml:"isOn" json:"isOn"` MinAttempts int32 `yaml:"minAttempts" json:"minAttempts"` // 最小尝试次数/分钟 TimeoutSeconds int32 `yaml:"timeoutSeconds" json:"timeoutSeconds"` // 拦截超时时间