新创建WAF时增加默认选项

pkg/nodeconfigs/node_config.go

@@ -423,12 +423,18 @@ func (this *NodeConfig) lookupWeb(server *serverconfigs.ServerConfig, web *serve
 	if web.FirewallPolicy != nil && web.FirewallPolicy.IsOn {
 		// 复用节点的选项设置
 		if server.HTTPFirewallPolicy != nil {
-			if (web.FirewallPolicy.BlockOptions == nil || !web.FirewallPolicy.BlockOptions.IsPrior) || server.HTTPFirewallPolicy.BlockOptions != nil {
+			if (web.FirewallPolicy.BlockOptions == nil || !web.FirewallPolicy.BlockOptions.IsPrior) && server.HTTPFirewallPolicy.BlockOptions != nil {
 				web.FirewallPolicy.BlockOptions = server.HTTPFirewallPolicy.BlockOptions
 			}
-			if (web.FirewallPolicy.CaptchaOptions == nil || !web.FirewallPolicy.CaptchaOptions.IsPrior) || server.HTTPFirewallPolicy.CaptchaOptions != nil {
+			if (web.FirewallPolicy.CaptchaOptions == nil || !web.FirewallPolicy.CaptchaOptions.IsPrior) && server.HTTPFirewallPolicy.CaptchaOptions != nil {
 				web.FirewallPolicy.CaptchaOptions = server.HTTPFirewallPolicy.CaptchaOptions
 			}
+			if (web.FirewallPolicy.SYNFlood == nil || !web.FirewallPolicy.SYNFlood.IsPrior) && server.HTTPFirewallPolicy.SYNFlood != nil {
+				web.FirewallPolicy.SYNFlood = server.HTTPFirewallPolicy.SYNFlood
+			}
+			if (web.FirewallPolicy.Log == nil || !web.FirewallPolicy.Log.IsPrior) && server.HTTPFirewallPolicy.Log != nil {
+				web.FirewallPolicy.Log = server.HTTPFirewallPolicy.Log
+			}
 
 			web.FirewallPolicy.Mode = server.HTTPFirewallPolicy.Mode
 			web.FirewallPolicy.UseLocalFirewall = server.HTTPFirewallPolicy.UseLocalFirewall

pkg/serverconfigs/firewallconfigs/firewall_action_config.go

@@ -2,7 +2,7 @@ package firewallconfigs
 
 import "github.com/iwind/TeaGo/maps"
 
-// 防火墙动作配置
+// FirewallActionConfig 防火墙动作配置
 type FirewallActionConfig struct {
 	Id         int64    `yaml:"id" json:"id"`                 // Id
 	Type       string   `yaml:"type" json:"type"`             // 类型
@@ -10,7 +10,7 @@ type FirewallActionConfig struct {
 	EventLevel string   `yaml:"eventLevel" json:"eventLevel"` // 事件级别
 }
 
-// 初始化
+// Init 初始化
 func (this *FirewallActionConfig) Init() error {
 	return nil
 }

pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go

@@ -1,5 +1,7 @@
 package firewallconfigs
 
+import "net/http"
+
 // HTTPFirewallBlockAction url client configure
 type HTTPFirewallBlockAction struct {
 	IsPrior bool `yaml:"isPrior" json:"isPrior"`
@@ -10,3 +12,11 @@ type HTTPFirewallBlockAction struct {
 	Timeout    int32         `yaml:"timeout" json:"timeout"`
 	Scope      FirewallScope `yaml:"scope" json:"scope"`
 }
+
+func DefaultHTTPFirewallBlockAction() *HTTPFirewallBlockAction {
+	return &HTTPFirewallBlockAction{
+		StatusCode: http.StatusForbidden,
+		Body:       "Blocked By WAF",
+		Timeout:    60,
+	}
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go

@@ -23,3 +23,12 @@ type HTTPFirewallCaptchaAction struct {
 
 	Lang string `yaml:"lang" json:"lang"` // 语言，zh-CN, en-US ... TODO 需要实现，目前是根据浏览器Accept-Language动态获取
 }
+
+func DefaultHTTPFirewallCaptchaAction() *HTTPFirewallCaptchaAction {
+	return &HTTPFirewallCaptchaAction{
+		Life:              600,
+		MaxFails:          100,
+		FailBlockTimeout:  3600,
+		FailBlockScopeAll: true,
+	}
+}

pkg/serverconfigs/firewallconfigs/http_firewall_policy_log_config.go

@@ -8,6 +8,7 @@ var DefaultHTTPFirewallPolicyLogConfig = &HTTPFirewallPolicyLogConfig{
 }
 
 type HTTPFirewallPolicyLogConfig struct {
+	IsPrior     bool `yaml:"isPrior" json:"isPrior"`
 	IsOn        bool `yaml:"isOn" json:"isOn"`
 	RequestBody bool `yaml:"requestBody" json:"requestBody"`
 }

pkg/serverconfigs/firewallconfigs/syn_flood_config.go

@@ -4,6 +4,7 @@ package firewallconfigs
 
 // SYNFloodConfig Syn flood防护设置
 type SYNFloodConfig struct {
+	IsPrior        bool  `yaml:"isPrior" json:"isPrior"`
 	IsOn           bool  `yaml:"isOn" json:"isOn"`
 	MinAttempts    int32 `yaml:"minAttempts" json:"minAttempts"`       // 最小尝试次数/分钟
 	TimeoutSeconds int32 `yaml:"timeoutSeconds" json:"timeoutSeconds"` // 拦截超时时间