WAF模板中增加空Agent和随机字符拦截规则

2026-02-06 20:45:39 +08:00 · 2021-10-25 11:57:25 +08:00
parent 3a30a65264
commit f5c3affc5f
4 changed files with 255 additions and 61 deletions
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go
@@ -1,6 +1,6 @@
 package firewallconfigs

-// 规则组
+// HTTPFirewallRuleGroup 规则组
 type HTTPFirewallRuleGroup struct {
 	Id          int64                     `yaml:"id" json:"id"`
 	IsOn        bool                      `yaml:"isOn" json:"isOn"`
@@ -11,7 +11,7 @@ type HTTPFirewallRuleGroup struct {
 	Sets        []*HTTPFirewallRuleSet    `yaml:"sets" json:"sets"`
 }

-// 初始化
+// Init 初始化
 func (this *HTTPFirewallRuleGroup) Init() error {
 	for _, set := range this.Sets {
 		err := set.Init()
@@ -22,12 +22,12 @@ func (this *HTTPFirewallRuleGroup) Init() error {
 	return nil
 }

-// 添加规则集
+// AddRuleSet 添加规则集
 func (this *HTTPFirewallRuleGroup) AddRuleSet(ruleSet *HTTPFirewallRuleSet) {
 	this.Sets = append(this.Sets, ruleSet)
 }

-// 根据ID查找规则集
+// FindRuleSet 根据ID查找规则集
 func (this *HTTPFirewallRuleGroup) FindRuleSet(ruleSetId int64) *HTTPFirewallRuleSet {
 	for _, set := range this.Sets {
 		if set.Id == ruleSetId {
@@ -36,3 +36,13 @@ func (this *HTTPFirewallRuleGroup) FindRuleSet(ruleSetId int64) *HTTPFirewallRul
 	}
 	return nil
 }
+
+// FindRuleSetWithCode 根据Code查找规则集
+func (this *HTTPFirewallRuleGroup) FindRuleSetWithCode(code string) *HTTPFirewallRuleSet {
+	for _, set := range this.Sets {
+		if set.Code == code {
+			return set
+		}
+	}
+	return nil
+}
--- a/pkg/serverconfigs/firewallconfigs/http_firewall_template.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_template.go
@@ -433,6 +433,30 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 			group.AddRuleSet(set)
 		}

+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "空Agent"
+			set.Code = "20002"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Actions = []*HTTPFirewallActionConfig{
+				{
+					Code: HTTPFirewallActionBlock,
+				},
+			}
+
+			// 空Agent
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${userAgent}",
+				Operator:          HTTPFirewallRuleOperatorEqString,
+				Value:             "",
+				IsCaseInsensitive: false,
+			})
+
+			group.AddRuleSet(set)
+		}
+
 		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
 	}

@@ -507,7 +531,7 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 			set.IsOn = true
 			set.Name = "CC请求数"
 			set.Description = "限制单IP在一定时间内的总体请求数"
-			set.Code = "8001"
+			set.Code = "8002"
 			set.Connector = HTTPFirewallRuleConnectorAnd
 			set.Actions = []*HTTPFirewallActionConfig{
 				{
@@ -561,6 +585,33 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
 			group.AddRuleSet(set)
 		}

+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "随机URL攻击"
+			set.Description = "限制用户使用随机URL访问网站"
+			set.Code = "8003"
+			set.Connector = HTTPFirewallRuleConnectorAnd
+			set.Actions = []*HTTPFirewallActionConfig{
+				{
+					Code: HTTPFirewallActionBlock,
+					Options: maps.Map{
+						"timeout": 600,
+					},
+				},
+			}
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${args}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `^[0-9a-zA-Z_\-.]{12,}$`,
+				IsCaseInsensitive: false,
+			})
+
+			group.AddRuleSet(set)
+		}
+
 		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
 	}