From f5bdf33618f58a4baab56c0cf80cd3c45ba61197 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Sun, 8 Jan 2023 10:15:57 +0800
Subject: [PATCH] =?UTF-8?q?WAF=E5=A2=9E=E5=8A=A0=E2=80=9C=E5=9C=A8IP?=
 =?UTF-8?q?=E5=88=97=E8=A1=A8=E5=86=85=E2=80=9D=E6=93=8D=E4=BD=9C=E7=AC=A6?=
 =?UTF-8?q?/=E4=BC=98=E5=8C=96=E9=83=A8=E5=88=86=E6=93=8D=E4=BD=9C?=
 =?UTF-8?q?=E7=AC=A6=E4=BB=A3=E5=8F=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../http_firewall_rule_operator.go            | 33 +++++++++++--------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
index c39efe4..bb0a2c4 100644
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
@@ -18,8 +18,8 @@ const (
 	HTTPFirewallRuleOperatorNotContains  HTTPFirewallRuleOperator = "not contains"
 	HTTPFirewallRuleOperatorPrefix       HTTPFirewallRuleOperator = "prefix"
 	HTTPFirewallRuleOperatorSuffix       HTTPFirewallRuleOperator = "suffix"
-	HTTPFirewallRuleOperatorContainsAny  HTTPFirewallRuleOperator = "containsAny"
-	HTTPFirewallRuleOperatorContainsAll  HTTPFirewallRuleOperator = "containsAll"
+	HTTPFirewallRuleOperatorContainsAny  HTTPFirewallRuleOperator = "contains any"
+	HTTPFirewallRuleOperatorContainsAll  HTTPFirewallRuleOperator = "contains all"
 	HTTPFirewallRuleOperatorHasKey       HTTPFirewallRuleOperator = "has key" // has key in slice or map
 	HTTPFirewallRuleOperatorVersionGt    HTTPFirewallRuleOperator = "version gt"
 	HTTPFirewallRuleOperatorVersionLt    HTTPFirewallRuleOperator = "version lt"
@@ -30,6 +30,7 @@ const (
 
 	// ip
 	HTTPFirewallRuleOperatorEqIP       HTTPFirewallRuleOperator = "eq ip"
+	HTTPFirewallRuleOperatorInIPList   HTTPFirewallRuleOperator = "in ip list"
 	HTTPFirewallRuleOperatorGtIP       HTTPFirewallRuleOperator = "gt ip"
 	HTTPFirewallRuleOperatorGteIP      HTTPFirewallRuleOperator = "gte ip"
 	HTTPFirewallRuleOperatorLtIP       HTTPFirewallRuleOperator = "lt ip"
@@ -188,62 +189,68 @@ var AllRuleOperators = []*RuleOperatorDefinition{
 	{
 		Name:            "IP等于",
 		Code:            HTTPFirewallRuleOperatorEqIP,
-		Description:     "将参数转换为IP进行对比",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		Description:     "将参数转换为IP进行对比，只能对比单个IP",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "在一组IP中",
+		Code:            HTTPFirewallRuleOperatorInIPList,
+		Description:     "判断参数IP在一组IP内，每行一个IP",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 	{
 		Name:            "IP大于",
 		Code:            HTTPFirewallRuleOperatorGtIP,
 		Description:     "将参数转换为IP进行对比",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 	{
 		Name:            "IP大于等于",
 		Code:            HTTPFirewallRuleOperatorGteIP,
 		Description:     "将参数转换为IP进行对比",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 	{
 		Name:            "IP小于",
 		Code:            HTTPFirewallRuleOperatorLtIP,
 		Description:     "将参数转换为IP进行对比",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 	{
 		Name:            "IP小于等于",
 		Code:            HTTPFirewallRuleOperatorLteIP,
 		Description:     "将参数转换为IP进行对比",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 	{
 		Name:            "IP范围",
 		Code:            HTTPFirewallRuleOperatorIPRange,
 		Description:     "IP在某个范围之内，范围格式可以是英文逗号分隔的<code-label>开始IP,结束IP</code-label>，比如<code-label>192.168.1.100,192.168.2.200</code-label>；或者CIDR格式的ip/bits，比如<code-label>192.168.2.1/24</code-label>；或者单个IP。可以填写多行，每行一个IP范围。",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 	{
 		Name:            "不在IP范围",
 		Code:            HTTPFirewallRuleOperatorNotIPRange,
 		Description:     "IP不在某个范围之内，范围格式可以是英文逗号分隔的<code-label>开始IP,结束IP</code-label>，比如<code-label>192.168.1.100,192.168.2.200</code-label>；或者CIDR格式的ip/bits，比如<code-label>192.168.2.1/24</code-label>；或者单个IP。可以填写多行，每行一个IP范围。",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 	{
 		Name:            "IP取模10",
 		Code:            HTTPFirewallRuleOperatorIPMod10,
 		Description:     "对IP参数值取模，除数为10，对比值为余数",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 	{
 		Name:            "IP取模100",
 		Code:            HTTPFirewallRuleOperatorIPMod100,
 		Description:     "对IP参数值取模，除数为100，对比值为余数",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 	{
 		Name:            "IP取模",
 		Code:            HTTPFirewallRuleOperatorIPMod,
 		Description:     "对IP参数值取模，对比值格式为：除数,余数，比如10,1",
-		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
 	},
 }