TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-11-07 23:30:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF规则模板中XSS注入检测规则使用“包含XSS注入”操作符替代以往的正则表达式

Browse Source
This commit is contained in:
GoEdgeLab
2023-12-09 17:02:01 +08:00
parent 4bbaab49a2
commit d37054efb5
1 changed files with 9 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
pkg/serverconfigs/firewallconfigs/http_firewall_template.go
View File

@@ -27,62 +27,21 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
{ {
var set = &HTTPFirewallRuleSet{} var set = &HTTPFirewallRuleSet{}
set.IsOn = true set.IsOn = true
set.Name = "Javascript事件" set.Name = "XSS攻击检测"
set.Code = "1001" set.Code = "1010"
set.Connector = HTTPFirewallRuleConnectorOr set.Connector = HTTPFirewallRuleConnectorOr
set.Actions = []*HTTPFirewallActionConfig{ set.Actions = []*HTTPFirewallActionConfig{
{ {
Code: HTTPFirewallActionBlock, Code: HTTPFirewallActionPage,
Options: maps.Map{"status": 403, "body": ""},
}, },
} }
set.AddRule(&HTTPFirewallRule{ set.AddRule(&HTTPFirewallRule{
IsOn: true, IsOn: true,
Param: "${requestURI}", Param: "${requestAll}",
Operator: HTTPFirewallRuleOperatorMatch, Operator: HTTPFirewallRuleOperatorContainsXSS,
Value: `(onmouseover|onmousemove|onmousedown|onmouseup|onerror|onload|onclick|ondblclick|onkeydown|onkeyup|onkeypress)\s*=`, // TODO more keywords here Value: "",
IsCaseInsensitive: true, IsCaseInsensitive: false,
})
group.AddRuleSet(set)
}
{
var set = &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "Javascript函数"
set.Code = "1002"
set.Connector = HTTPFirewallRuleConnectorOr
set.Actions = []*HTTPFirewallActionConfig{
{
Code: HTTPFirewallActionBlock,
},
}
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestURI}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `(alert|eval|prompt|confirm)\s*\(`, // TODO more keywords here
IsCaseInsensitive: true,
})
group.AddRuleSet(set)
}
{
var set = &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "HTML标签"
set.Code = "1003"
set.Connector = HTTPFirewallRuleConnectorOr
set.Actions = []*HTTPFirewallActionConfig{
{
Code: HTTPFirewallActionBlock,
},
}
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${requestURI}",
Operator: HTTPFirewallRuleOperatorMatch,
Value: `<(script|iframe|link)`, // TODO more keywords here
IsCaseInsensitive: true,
}) })
group.AddRuleSet(set) group.AddRuleSet(set)
} }
@@ -273,7 +232,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
{ {
var set = &HTTPFirewallRuleSet{} var set = &HTTPFirewallRuleSet{}
set.IsOn = true set.IsOn = true
set.Name = "检测SQL注入" set.Name = "SQL注入检测"
set.Code = "7010" set.Code = "7010"
set.Connector = HTTPFirewallRuleConnectorOr set.Connector = HTTPFirewallRuleConnectorOr
set.Actions = []*HTTPFirewallActionConfig{ set.Actions = []*HTTPFirewallActionConfig{