2021-07-18 15:51:49 +08:00
|
|
|
package waf
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
|
|
|
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
|
|
|
|
"github.com/iwind/TeaGo/maps"
|
2021-11-16 16:11:05 +08:00
|
|
|
"github.com/iwind/TeaGo/types"
|
2021-07-18 15:51:49 +08:00
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Post307Action struct {
|
2021-10-18 20:08:43 +08:00
|
|
|
Life int32 `yaml:"life" json:"life"`
|
|
|
|
|
Scope string `yaml:"scope" json:"scope"`
|
2021-07-18 15:51:49 +08:00
|
|
|
|
|
|
|
|
BaseAction
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (this *Post307Action) Init(waf *WAF) error {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (this *Post307Action) Code() string {
|
|
|
|
|
return ActionPost307
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (this *Post307Action) IsAttack() bool {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (this *Post307Action) WillChange() bool {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-25 16:44:44 +08:00
|
|
|
func (this *Post307Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (continueRequest bool, goNextSet bool) {
|
2021-07-18 15:51:49 +08:00
|
|
|
var cookieName = "WAF_VALIDATOR_ID"
|
|
|
|
|
|
|
|
|
|
// 仅限于POST
|
|
|
|
|
if request.WAFRaw().Method != http.MethodPost {
|
2022-08-25 16:44:44 +08:00
|
|
|
return true, false
|
2021-07-18 15:51:49 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 是否已经在白名单中
|
2021-11-16 16:11:05 +08:00
|
|
|
if SharedIPWhiteList.Contains("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
2022-08-25 16:44:44 +08:00
|
|
|
return true, false
|
2021-07-18 15:51:49 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 判断是否有Cookie
|
|
|
|
|
cookie, err := request.WAFRaw().Cookie(cookieName)
|
|
|
|
|
if err == nil && cookie != nil {
|
|
|
|
|
m, err := utils.SimpleDecryptMap(cookie.Value)
|
|
|
|
|
if err == nil && m.GetString("remoteIP") == request.WAFRemoteIP() && time.Now().Unix() < m.GetInt64("timestamp")+10 {
|
|
|
|
|
var life = m.GetInt64("life")
|
|
|
|
|
if life <= 0 {
|
|
|
|
|
life = 600 // 默认10分钟
|
|
|
|
|
}
|
|
|
|
|
var setId = m.GetString("setId")
|
2022-01-10 19:54:10 +08:00
|
|
|
SharedIPWhiteList.RecordIP("set:"+setId, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), time.Now().Unix()+life, m.GetInt64("policyId"), false, m.GetInt64("groupId"), m.GetInt64("setId"), "")
|
2022-08-25 16:44:44 +08:00
|
|
|
return true, false
|
2021-07-18 15:51:49 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var m = maps.Map{
|
|
|
|
|
"timestamp": time.Now().Unix(),
|
|
|
|
|
"life": this.Life,
|
2021-10-18 20:08:43 +08:00
|
|
|
"scope": this.Scope,
|
2021-11-17 16:16:09 +08:00
|
|
|
"policyId": waf.Id,
|
|
|
|
|
"groupId": group.Id,
|
2021-07-18 15:51:49 +08:00
|
|
|
"setId": set.Id,
|
|
|
|
|
"remoteIP": request.WAFRemoteIP(),
|
|
|
|
|
}
|
|
|
|
|
info, err := utils.SimpleEncryptMap(m)
|
|
|
|
|
if err != nil {
|
|
|
|
|
remotelogs.Error("WAF_POST_302_ACTION", "encode info failed: "+err.Error())
|
2022-08-25 16:44:44 +08:00
|
|
|
return true, false
|
2021-07-18 15:51:49 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 设置Cookie
|
|
|
|
|
http.SetCookie(writer, &http.Cookie{
|
|
|
|
|
Name: cookieName,
|
|
|
|
|
Path: "/",
|
|
|
|
|
MaxAge: 10,
|
|
|
|
|
Value: info,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
http.Redirect(writer, request.WAFRaw(), request.WAFRaw().URL.String(), http.StatusTemporaryRedirect)
|
|
|
|
|
|
2021-07-26 14:33:06 +08:00
|
|
|
if request.WAFRaw().ProtoMajor == 1 {
|
2023-01-09 15:56:59 +08:00
|
|
|
flusher, ok := writer.(http.Flusher)
|
|
|
|
|
if ok {
|
|
|
|
|
flusher.Flush()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
request.WAFClose()
|
2021-07-26 14:33:06 +08:00
|
|
|
}
|
2021-07-18 15:51:49 +08:00
|
|
|
|
2022-08-25 16:44:44 +08:00
|
|
|
return false, false
|
2021-07-18 15:51:49 +08:00
|
|
|
}
|
