From f5c3affc5f009092b6cc368317c4c6a14f90e096 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Mon, 25 Oct 2021 11:57:25 +0800 Subject: [PATCH] =?UTF-8?q?WAF=E6=A8=A1=E6=9D=BF=E4=B8=AD=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E7=A9=BAAgent=E5=92=8C=E9=9A=8F=E6=9C=BA=E5=AD=97?= =?UTF-8?q?=E7=AC=A6=E6=8B=A6=E6=88=AA=E8=A7=84=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../pb/service_http_firewall_rule_group.pb.go | 236 +++++++++++++----- .../service_http_firewall_rule_group.proto | 9 + .../http_firewall_rule_group.go | 18 +- .../firewallconfigs/http_firewall_template.go | 53 +++- 4 files changed, 255 insertions(+), 61 deletions(-) diff --git a/pkg/rpc/pb/service_http_firewall_rule_group.pb.go b/pkg/rpc/pb/service_http_firewall_rule_group.pb.go index 1018438..0332f59 100644 --- a/pkg/rpc/pb/service_http_firewall_rule_group.pb.go +++ b/pkg/rpc/pb/service_http_firewall_rule_group.pb.go @@ -514,6 +514,62 @@ func (x *UpdateHTTPFirewallRuleGroupSetsRequest) GetFirewallRuleSetsJSON() []byt return nil } +// 添加规则集 +type AddHTTPFirewallRuleGroupSetRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + FirewallRuleGroupId int64 `protobuf:"varint,1,opt,name=firewallRuleGroupId,proto3" json:"firewallRuleGroupId,omitempty"` + FirewallRuleSetConfigJSON []byte `protobuf:"bytes,2,opt,name=firewallRuleSetConfigJSON,proto3" json:"firewallRuleSetConfigJSON,omitempty"` +} + +func (x *AddHTTPFirewallRuleGroupSetRequest) Reset() { + *x = AddHTTPFirewallRuleGroupSetRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_service_http_firewall_rule_group_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AddHTTPFirewallRuleGroupSetRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AddHTTPFirewallRuleGroupSetRequest) ProtoMessage() {} + +func (x *AddHTTPFirewallRuleGroupSetRequest) ProtoReflect() protoreflect.Message { + mi := &file_service_http_firewall_rule_group_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AddHTTPFirewallRuleGroupSetRequest.ProtoReflect.Descriptor instead. +func (*AddHTTPFirewallRuleGroupSetRequest) Descriptor() ([]byte, []int) { + return file_service_http_firewall_rule_group_proto_rawDescGZIP(), []int{9} +} + +func (x *AddHTTPFirewallRuleGroupSetRequest) GetFirewallRuleGroupId() int64 { + if x != nil { + return x.FirewallRuleGroupId + } + return 0 +} + +func (x *AddHTTPFirewallRuleGroupSetRequest) GetFirewallRuleSetConfigJSON() []byte { + if x != nil { + return x.FirewallRuleSetConfigJSON + } + return nil +} + var File_service_http_firewall_rule_group_proto protoreflect.FileDescriptor var file_service_http_firewall_rule_group_proto_rawDesc = []byte{ @@ -588,52 +644,67 @@ var file_service_http_firewall_rule_group_proto_rawDesc = []byte{ 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x49, 0x64, 0x12, 0x32, 0x0a, 0x14, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x53, 0x65, 0x74, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x14, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, - 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x53, 0x65, 0x74, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x32, 0xb4, - 0x05, 0x0a, 0x1c, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, - 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, - 0x5d, 0x0a, 0x1f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, - 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x49, 0x73, - 0x4f, 0x6e, 0x12, 0x2a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, - 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, - 0x6f, 0x75, 0x70, 0x49, 0x73, 0x4f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, - 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x6e, - 0x0a, 0x1b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, - 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x26, 0x2e, - 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, - 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, - 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x55, - 0x0a, 0x1b, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, - 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x26, 0x2e, - 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, - 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x8f, 0x01, 0x0a, 0x26, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, - 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, - 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x31, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, - 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, - 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, - 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7d, 0x0a, 0x20, 0x66, 0x69, 0x6e, 0x64, 0x45, - 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, - 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x2b, 0x2e, 0x70, 0x62, - 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, - 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, - 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, - 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, - 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5d, 0x0a, 0x1f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x53, 0x65, 0x74, 0x73, 0x4a, 0x53, 0x4f, 0x4e, 0x22, 0x94, + 0x01, 0x0a, 0x22, 0x41, 0x64, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, + 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x65, 0x74, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x30, 0x0a, 0x13, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, + 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x13, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x49, 0x64, 0x12, 0x3c, 0x0a, 0x19, 0x66, 0x69, 0x72, 0x65, 0x77, + 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x53, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x19, 0x66, 0x69, 0x72, 0x65, + 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x53, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x4a, 0x53, 0x4f, 0x4e, 0x32, 0x8b, 0x06, 0x0a, 0x1c, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, + 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5d, 0x0a, 0x1f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, - 0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x65, 0x74, 0x73, 0x12, 0x2a, 0x2e, 0x70, 0x62, 0x2e, 0x55, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x49, 0x73, 0x4f, 0x6e, 0x12, 0x2a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, - 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, + 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x49, 0x73, 0x4f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x6e, 0x0a, 0x1b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x48, + 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, + 0x72, 0x6f, 0x75, 0x70, 0x12, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x70, + 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, + 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x55, 0x0a, 0x1b, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, + 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, + 0x72, 0x6f, 0x75, 0x70, 0x12, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, + 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x8f, 0x01, 0x0a, + 0x26, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, + 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, + 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x31, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, + 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, + 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x70, 0x62, 0x2e, + 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, + 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7d, + 0x0a, 0x20, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, + 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, + 0x75, 0x70, 0x12, 0x2b, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, + 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, + 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x2c, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, + 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5d, 0x0a, + 0x1f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, + 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x65, 0x74, 0x73, + 0x12, 0x2a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, + 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, + 0x70, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, + 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x55, 0x0a, 0x1b, + 0x61, 0x64, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, + 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x65, 0x74, 0x12, 0x26, 0x2e, 0x70, 0x62, + 0x2e, 0x41, 0x64, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, + 0x52, 0x75, 0x6c, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( @@ -648,7 +719,7 @@ func file_service_http_firewall_rule_group_proto_rawDescGZIP() []byte { return file_service_http_firewall_rule_group_proto_rawDescData } -var file_service_http_firewall_rule_group_proto_msgTypes = make([]protoimpl.MessageInfo, 9) +var file_service_http_firewall_rule_group_proto_msgTypes = make([]protoimpl.MessageInfo, 10) var file_service_http_firewall_rule_group_proto_goTypes = []interface{}{ (*UpdateHTTPFirewallRuleGroupIsOnRequest)(nil), // 0: pb.UpdateHTTPFirewallRuleGroupIsOnRequest (*CreateHTTPFirewallRuleGroupRequest)(nil), // 1: pb.CreateHTTPFirewallRuleGroupRequest @@ -659,25 +730,28 @@ var file_service_http_firewall_rule_group_proto_goTypes = []interface{}{ (*FindEnabledHTTPFirewallRuleGroupRequest)(nil), // 6: pb.FindEnabledHTTPFirewallRuleGroupRequest (*FindEnabledHTTPFirewallRuleGroupResponse)(nil), // 7: pb.FindEnabledHTTPFirewallRuleGroupResponse (*UpdateHTTPFirewallRuleGroupSetsRequest)(nil), // 8: pb.UpdateHTTPFirewallRuleGroupSetsRequest - (*HTTPFirewallRuleGroup)(nil), // 9: pb.HTTPFirewallRuleGroup - (*RPCSuccess)(nil), // 10: pb.RPCSuccess + (*AddHTTPFirewallRuleGroupSetRequest)(nil), // 9: pb.AddHTTPFirewallRuleGroupSetRequest + (*HTTPFirewallRuleGroup)(nil), // 10: pb.HTTPFirewallRuleGroup + (*RPCSuccess)(nil), // 11: pb.RPCSuccess } var file_service_http_firewall_rule_group_proto_depIdxs = []int32{ - 9, // 0: pb.FindEnabledHTTPFirewallRuleGroupResponse.firewallRuleGroup:type_name -> pb.HTTPFirewallRuleGroup + 10, // 0: pb.FindEnabledHTTPFirewallRuleGroupResponse.firewallRuleGroup:type_name -> pb.HTTPFirewallRuleGroup 0, // 1: pb.HTTPFirewallRuleGroupService.updateHTTPFirewallRuleGroupIsOn:input_type -> pb.UpdateHTTPFirewallRuleGroupIsOnRequest 1, // 2: pb.HTTPFirewallRuleGroupService.createHTTPFirewallRuleGroup:input_type -> pb.CreateHTTPFirewallRuleGroupRequest 3, // 3: pb.HTTPFirewallRuleGroupService.updateHTTPFirewallRuleGroup:input_type -> pb.UpdateHTTPFirewallRuleGroupRequest 4, // 4: pb.HTTPFirewallRuleGroupService.findEnabledHTTPFirewallRuleGroupConfig:input_type -> pb.FindEnabledHTTPFirewallRuleGroupConfigRequest 6, // 5: pb.HTTPFirewallRuleGroupService.findEnabledHTTPFirewallRuleGroup:input_type -> pb.FindEnabledHTTPFirewallRuleGroupRequest 8, // 6: pb.HTTPFirewallRuleGroupService.updateHTTPFirewallRuleGroupSets:input_type -> pb.UpdateHTTPFirewallRuleGroupSetsRequest - 10, // 7: pb.HTTPFirewallRuleGroupService.updateHTTPFirewallRuleGroupIsOn:output_type -> pb.RPCSuccess - 2, // 8: pb.HTTPFirewallRuleGroupService.createHTTPFirewallRuleGroup:output_type -> pb.CreateHTTPFirewallRuleGroupResponse - 10, // 9: pb.HTTPFirewallRuleGroupService.updateHTTPFirewallRuleGroup:output_type -> pb.RPCSuccess - 5, // 10: pb.HTTPFirewallRuleGroupService.findEnabledHTTPFirewallRuleGroupConfig:output_type -> pb.FindEnabledHTTPFirewallRuleGroupConfigResponse - 7, // 11: pb.HTTPFirewallRuleGroupService.findEnabledHTTPFirewallRuleGroup:output_type -> pb.FindEnabledHTTPFirewallRuleGroupResponse - 10, // 12: pb.HTTPFirewallRuleGroupService.updateHTTPFirewallRuleGroupSets:output_type -> pb.RPCSuccess - 7, // [7:13] is the sub-list for method output_type - 1, // [1:7] is the sub-list for method input_type + 9, // 7: pb.HTTPFirewallRuleGroupService.addHTTPFirewallRuleGroupSet:input_type -> pb.AddHTTPFirewallRuleGroupSetRequest + 11, // 8: pb.HTTPFirewallRuleGroupService.updateHTTPFirewallRuleGroupIsOn:output_type -> pb.RPCSuccess + 2, // 9: pb.HTTPFirewallRuleGroupService.createHTTPFirewallRuleGroup:output_type -> pb.CreateHTTPFirewallRuleGroupResponse + 11, // 10: pb.HTTPFirewallRuleGroupService.updateHTTPFirewallRuleGroup:output_type -> pb.RPCSuccess + 5, // 11: pb.HTTPFirewallRuleGroupService.findEnabledHTTPFirewallRuleGroupConfig:output_type -> pb.FindEnabledHTTPFirewallRuleGroupConfigResponse + 7, // 12: pb.HTTPFirewallRuleGroupService.findEnabledHTTPFirewallRuleGroup:output_type -> pb.FindEnabledHTTPFirewallRuleGroupResponse + 11, // 13: pb.HTTPFirewallRuleGroupService.updateHTTPFirewallRuleGroupSets:output_type -> pb.RPCSuccess + 11, // 14: pb.HTTPFirewallRuleGroupService.addHTTPFirewallRuleGroupSet:output_type -> pb.RPCSuccess + 8, // [8:15] is the sub-list for method output_type + 1, // [1:8] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name 1, // [1:1] is the sub-list for extension extendee 0, // [0:1] is the sub-list for field type_name @@ -799,6 +873,18 @@ func file_service_http_firewall_rule_group_proto_init() { return nil } } + file_service_http_firewall_rule_group_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AddHTTPFirewallRuleGroupSetRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ @@ -806,7 +892,7 @@ func file_service_http_firewall_rule_group_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_service_http_firewall_rule_group_proto_rawDesc, NumEnums: 0, - NumMessages: 9, + NumMessages: 10, NumExtensions: 0, NumServices: 1, }, @@ -844,6 +930,8 @@ type HTTPFirewallRuleGroupServiceClient interface { FindEnabledHTTPFirewallRuleGroup(ctx context.Context, in *FindEnabledHTTPFirewallRuleGroupRequest, opts ...grpc.CallOption) (*FindEnabledHTTPFirewallRuleGroupResponse, error) // 修改分组的规则集 UpdateHTTPFirewallRuleGroupSets(ctx context.Context, in *UpdateHTTPFirewallRuleGroupSetsRequest, opts ...grpc.CallOption) (*RPCSuccess, error) + // 添加规则集 + AddHTTPFirewallRuleGroupSet(ctx context.Context, in *AddHTTPFirewallRuleGroupSetRequest, opts ...grpc.CallOption) (*RPCSuccess, error) } type hTTPFirewallRuleGroupServiceClient struct { @@ -908,6 +996,15 @@ func (c *hTTPFirewallRuleGroupServiceClient) UpdateHTTPFirewallRuleGroupSets(ctx return out, nil } +func (c *hTTPFirewallRuleGroupServiceClient) AddHTTPFirewallRuleGroupSet(ctx context.Context, in *AddHTTPFirewallRuleGroupSetRequest, opts ...grpc.CallOption) (*RPCSuccess, error) { + out := new(RPCSuccess) + err := c.cc.Invoke(ctx, "/pb.HTTPFirewallRuleGroupService/addHTTPFirewallRuleGroupSet", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // HTTPFirewallRuleGroupServiceServer is the server API for HTTPFirewallRuleGroupService service. type HTTPFirewallRuleGroupServiceServer interface { // 设置是否启用分组 @@ -922,6 +1019,8 @@ type HTTPFirewallRuleGroupServiceServer interface { FindEnabledHTTPFirewallRuleGroup(context.Context, *FindEnabledHTTPFirewallRuleGroupRequest) (*FindEnabledHTTPFirewallRuleGroupResponse, error) // 修改分组的规则集 UpdateHTTPFirewallRuleGroupSets(context.Context, *UpdateHTTPFirewallRuleGroupSetsRequest) (*RPCSuccess, error) + // 添加规则集 + AddHTTPFirewallRuleGroupSet(context.Context, *AddHTTPFirewallRuleGroupSetRequest) (*RPCSuccess, error) } // UnimplementedHTTPFirewallRuleGroupServiceServer can be embedded to have forward compatible implementations. @@ -946,6 +1045,9 @@ func (*UnimplementedHTTPFirewallRuleGroupServiceServer) FindEnabledHTTPFirewallR func (*UnimplementedHTTPFirewallRuleGroupServiceServer) UpdateHTTPFirewallRuleGroupSets(context.Context, *UpdateHTTPFirewallRuleGroupSetsRequest) (*RPCSuccess, error) { return nil, status.Errorf(codes.Unimplemented, "method UpdateHTTPFirewallRuleGroupSets not implemented") } +func (*UnimplementedHTTPFirewallRuleGroupServiceServer) AddHTTPFirewallRuleGroupSet(context.Context, *AddHTTPFirewallRuleGroupSetRequest) (*RPCSuccess, error) { + return nil, status.Errorf(codes.Unimplemented, "method AddHTTPFirewallRuleGroupSet not implemented") +} func RegisterHTTPFirewallRuleGroupServiceServer(s *grpc.Server, srv HTTPFirewallRuleGroupServiceServer) { s.RegisterService(&_HTTPFirewallRuleGroupService_serviceDesc, srv) @@ -1059,6 +1161,24 @@ func _HTTPFirewallRuleGroupService_UpdateHTTPFirewallRuleGroupSets_Handler(srv i return interceptor(ctx, in, info, handler) } +func _HTTPFirewallRuleGroupService_AddHTTPFirewallRuleGroupSet_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(AddHTTPFirewallRuleGroupSetRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(HTTPFirewallRuleGroupServiceServer).AddHTTPFirewallRuleGroupSet(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/pb.HTTPFirewallRuleGroupService/AddHTTPFirewallRuleGroupSet", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(HTTPFirewallRuleGroupServiceServer).AddHTTPFirewallRuleGroupSet(ctx, req.(*AddHTTPFirewallRuleGroupSetRequest)) + } + return interceptor(ctx, in, info, handler) +} + var _HTTPFirewallRuleGroupService_serviceDesc = grpc.ServiceDesc{ ServiceName: "pb.HTTPFirewallRuleGroupService", HandlerType: (*HTTPFirewallRuleGroupServiceServer)(nil), @@ -1087,6 +1207,10 @@ var _HTTPFirewallRuleGroupService_serviceDesc = grpc.ServiceDesc{ MethodName: "updateHTTPFirewallRuleGroupSets", Handler: _HTTPFirewallRuleGroupService_UpdateHTTPFirewallRuleGroupSets_Handler, }, + { + MethodName: "addHTTPFirewallRuleGroupSet", + Handler: _HTTPFirewallRuleGroupService_AddHTTPFirewallRuleGroupSet_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "service_http_firewall_rule_group.proto", diff --git a/pkg/rpc/protos/service_http_firewall_rule_group.proto b/pkg/rpc/protos/service_http_firewall_rule_group.proto index 8776093..f08f1b2 100644 --- a/pkg/rpc/protos/service_http_firewall_rule_group.proto +++ b/pkg/rpc/protos/service_http_firewall_rule_group.proto @@ -24,6 +24,9 @@ service HTTPFirewallRuleGroupService { // 修改分组的规则集 rpc updateHTTPFirewallRuleGroupSets (UpdateHTTPFirewallRuleGroupSetsRequest) returns (RPCSuccess); + + // 添加规则集 + rpc addHTTPFirewallRuleGroupSet(AddHTTPFirewallRuleGroupSetRequest) returns (RPCSuccess); } // 设置是否启用分组 @@ -73,4 +76,10 @@ message FindEnabledHTTPFirewallRuleGroupResponse { message UpdateHTTPFirewallRuleGroupSetsRequest { int64 firewallRuleGroupId = 1; bytes firewallRuleSetsJSON = 2; +} + +// 添加规则集 +message AddHTTPFirewallRuleGroupSetRequest { + int64 firewallRuleGroupId = 1; + bytes firewallRuleSetConfigJSON = 2; } \ No newline at end of file diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go index 05fcf4c..f47f323 100644 --- a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go +++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go @@ -1,6 +1,6 @@ package firewallconfigs -// 规则组 +// HTTPFirewallRuleGroup 规则组 type HTTPFirewallRuleGroup struct { Id int64 `yaml:"id" json:"id"` IsOn bool `yaml:"isOn" json:"isOn"` @@ -11,7 +11,7 @@ type HTTPFirewallRuleGroup struct { Sets []*HTTPFirewallRuleSet `yaml:"sets" json:"sets"` } -// 初始化 +// Init 初始化 func (this *HTTPFirewallRuleGroup) Init() error { for _, set := range this.Sets { err := set.Init() @@ -22,12 +22,12 @@ func (this *HTTPFirewallRuleGroup) Init() error { return nil } -// 添加规则集 +// AddRuleSet 添加规则集 func (this *HTTPFirewallRuleGroup) AddRuleSet(ruleSet *HTTPFirewallRuleSet) { this.Sets = append(this.Sets, ruleSet) } -// 根据ID查找规则集 +// FindRuleSet 根据ID查找规则集 func (this *HTTPFirewallRuleGroup) FindRuleSet(ruleSetId int64) *HTTPFirewallRuleSet { for _, set := range this.Sets { if set.Id == ruleSetId { @@ -36,3 +36,13 @@ func (this *HTTPFirewallRuleGroup) FindRuleSet(ruleSetId int64) *HTTPFirewallRul } return nil } + +// FindRuleSetWithCode 根据Code查找规则集 +func (this *HTTPFirewallRuleGroup) FindRuleSetWithCode(code string) *HTTPFirewallRuleSet { + for _, set := range this.Sets { + if set.Code == code { + return set + } + } + return nil +} diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_template.go b/pkg/serverconfigs/firewallconfigs/http_firewall_template.go index 1095997..5de0ed8 100644 --- a/pkg/serverconfigs/firewallconfigs/http_firewall_template.go +++ b/pkg/serverconfigs/firewallconfigs/http_firewall_template.go @@ -433,6 +433,30 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy { group.AddRuleSet(set) } + { + set := &HTTPFirewallRuleSet{} + set.IsOn = true + set.Name = "空Agent" + set.Code = "20002" + set.Connector = HTTPFirewallRuleConnectorOr + set.Actions = []*HTTPFirewallActionConfig{ + { + Code: HTTPFirewallActionBlock, + }, + } + + // 空Agent + set.AddRule(&HTTPFirewallRule{ + IsOn: true, + Param: "${userAgent}", + Operator: HTTPFirewallRuleOperatorEqString, + Value: "", + IsCaseInsensitive: false, + }) + + group.AddRuleSet(set) + } + policy.Inbound.Groups = append(policy.Inbound.Groups, group) } @@ -507,7 +531,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy { set.IsOn = true set.Name = "CC请求数" set.Description = "限制单IP在一定时间内的总体请求数" - set.Code = "8001" + set.Code = "8002" set.Connector = HTTPFirewallRuleConnectorAnd set.Actions = []*HTTPFirewallActionConfig{ { @@ -561,6 +585,33 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy { group.AddRuleSet(set) } + { + set := &HTTPFirewallRuleSet{} + set.IsOn = true + set.Name = "随机URL攻击" + set.Description = "限制用户使用随机URL访问网站" + set.Code = "8003" + set.Connector = HTTPFirewallRuleConnectorAnd + set.Actions = []*HTTPFirewallActionConfig{ + { + Code: HTTPFirewallActionBlock, + Options: maps.Map{ + "timeout": 600, + }, + }, + } + + set.AddRule(&HTTPFirewallRule{ + IsOn: true, + Param: "${args}", + Operator: HTTPFirewallRuleOperatorMatch, + Value: `^[0-9a-zA-Z_\-.]{12,}$`, + IsCaseInsensitive: false, + }) + + group.AddRuleSet(set) + } + policy.Inbound.Groups = append(policy.Inbound.Groups, group) }