EdgeNode/internal/nodes/http_request_waf.go

package nodes

import (
	"github.com/TeaOSLab/EdgeNode/internal/waf"
	"github.com/iwind/TeaGo/logs"
	"github.com/iwind/TeaGo/types"
	"net/http"
)

// 调用WAF
func (this *HTTPRequest) doWAFRequest() (blocked bool) {
	w := sharedWAFManager.FindWAF(this.web.FirewallPolicy.Id)
	if w == nil {
		return
	}

	goNext, ruleGroup, ruleSet, err := w.MatchRequest(this.RawReq, this.writer)
	if err != nil {
		logs.Error(err)
		return
	}

	if ruleSet != nil {
		if ruleSet.Action != waf.ActionAllow {
			this.firewallPolicyId = this.web.FirewallPolicy.Id
			this.firewallRuleGroupId = types.Int64(ruleGroup.Id)
			this.firewallRuleSetId = types.Int64(ruleSet.Id)
		}

		this.logAttrs["waf.action"] = ruleSet.Action
	}

	return !goNext
}

// call response waf
func (this *HTTPRequest) doWAFResponse(resp *http.Response) (blocked bool) {
	w := sharedWAFManager.FindWAF(this.web.FirewallPolicy.Id)
	if w == nil {
		return
	}

	goNext, ruleGroup, ruleSet, err := w.MatchResponse(this.RawReq, resp, this.writer)
	if err != nil {
		logs.Error(err)
		return
	}

	if ruleSet != nil {
		if ruleSet.Action != waf.ActionAllow {
			this.firewallPolicyId = this.web.FirewallPolicy.Id
			this.firewallRuleGroupId = types.Int64(ruleGroup.Id)
			this.firewallRuleSetId = types.Int64(ruleSet.Id)
		}

		this.logAttrs["waf.action"] = ruleSet.Action
	}

	return !goNext
}
实现WAF 2020-10-08 15:06:42 +08:00			`package nodes`

			`import (`
			`"github.com/TeaOSLab/EdgeNode/internal/waf"`
			`"github.com/iwind/TeaGo/logs"`
记录WAF日志 2020-11-02 15:49:30 +08:00			`"github.com/iwind/TeaGo/types"`
实现WAF 2020-10-08 15:06:42 +08:00			`"net/http"`
			`)`

			`// 调用WAF`
			`func (this *HTTPRequest) doWAFRequest() (blocked bool) {`
			`w := sharedWAFManager.FindWAF(this.web.FirewallPolicy.Id)`
			`if w == nil {`
			`return`
			`}`

记录WAF日志 2020-11-02 15:49:30 +08:00			`goNext, ruleGroup, ruleSet, err := w.MatchRequest(this.RawReq, this.writer)`
实现WAF 2020-10-08 15:06:42 +08:00			`if err != nil {`
			`logs.Error(err)`
			`return`
			`}`

			`if ruleSet != nil {`
			`if ruleSet.Action != waf.ActionAllow {`
记录WAF日志 2020-11-02 15:49:30 +08:00			`this.firewallPolicyId = this.web.FirewallPolicy.Id`
			`this.firewallRuleGroupId = types.Int64(ruleGroup.Id)`
			`this.firewallRuleSetId = types.Int64(ruleSet.Id)`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
记录WAF日志 2020-11-02 15:49:30 +08:00
			`this.logAttrs["waf.action"] = ruleSet.Action`
实现WAF 2020-10-08 15:06:42 +08:00			`}`

			`return !goNext`
			`}`

			`// call response waf`
			`func (this HTTPRequest) doWAFResponse(resp http.Response) (blocked bool) {`
			`w := sharedWAFManager.FindWAF(this.web.FirewallPolicy.Id)`
			`if w == nil {`
			`return`
			`}`

记录WAF日志 2020-11-02 15:49:30 +08:00			`goNext, ruleGroup, ruleSet, err := w.MatchResponse(this.RawReq, resp, this.writer)`
实现WAF 2020-10-08 15:06:42 +08:00			`if err != nil {`
			`logs.Error(err)`
			`return`
			`}`

			`if ruleSet != nil {`
			`if ruleSet.Action != waf.ActionAllow {`
记录WAF日志 2020-11-02 15:49:30 +08:00			`this.firewallPolicyId = this.web.FirewallPolicy.Id`
			`this.firewallRuleGroupId = types.Int64(ruleGroup.Id)`
			`this.firewallRuleSetId = types.Int64(ruleSet.Id)`
实现WAF 2020-10-08 15:06:42 +08:00			`}`
记录WAF日志 2020-11-02 15:49:30 +08:00
			`this.logAttrs["waf.action"] = ruleSet.Action`
实现WAF 2020-10-08 15:06:42 +08:00			`}`

			`return !goNext`
			`}`