EdgeNode/internal/nodes/http_request_mismatch.go

// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .

package nodes

import (
	"github.com/TeaOSLab/EdgeCommon/pkg/nodeutils"
	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
	"github.com/TeaOSLab/EdgeNode/internal/ttlcache"
	"github.com/TeaOSLab/EdgeNode/internal/waf"
	"github.com/iwind/TeaGo/types"
	"net"
	"net/http"
	"time"
)

// 域名无匹配情况处理
func (this *HTTPRequest) doMismatch() {
	// 是否为健康检查
	var healthCheckKey = this.RawReq.Header.Get(serverconfigs.HealthCheckHeaderName)
	if len(healthCheckKey) > 0 {
		_, err := nodeutils.Base64DecodeMap(healthCheckKey)
		if err == nil {
			this.writer.WriteHeader(http.StatusOK)
			return
		}
	}

	// 是否已经在黑名单
	var remoteIP = this.RemoteAddr()
	if waf.SharedIPBlackList.Contains(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, remoteIP) {
		this.Close()
		return
	}

	// 根据配置进行相应的处理
	var globalServerConfig = sharedNodeConfig.GlobalServerConfig
	if globalServerConfig != nil && globalServerConfig.HTTPAll.MatchDomainStrictly {
		var statusCode = 404
		var httpAllConfig = globalServerConfig.HTTPAll
		var mismatchAction = httpAllConfig.DomainMismatchAction

		if mismatchAction != nil && mismatchAction.Options != nil {
			var mismatchStatusCode = mismatchAction.Options.GetInt("statusCode")
			if mismatchStatusCode > 0 && mismatchStatusCode >= 100 && mismatchStatusCode < 1000 {
				statusCode = mismatchStatusCode
			}
		}

		// 是否正在访问IP
		if globalServerConfig.HTTPAll.NodeIPShowPage && net.ParseIP(this.ReqHost) != nil {
			this.writer.statusCode = statusCode
			var contentHTML = this.Format(globalServerConfig.HTTPAll.NodeIPPageHTML)
			this.writer.Header().Set("Content-Type", "text/html; charset=utf-8")
			this.writer.Header().Set("Content-Length", types.String(len(contentHTML)))
			this.writer.WriteHeader(statusCode)
			_, _ = this.writer.WriteString(contentHTML)
			return
		}

		// 检查cc
		// TODO 可以在管理端配置是否开启以及最多尝试次数
		// 要考虑到服务在切换集群时，域名未生效状态时，用户访问的仍然是老集群中的节点，就会产生找不到域名的情况
		if len(remoteIP) > 0 {
			const maxAttempts = 100
			if ttlcache.SharedCache.IncreaseInt64("MISMATCH_DOMAIN:"+remoteIP, int64(1), time.Now().Unix()+60, false) > maxAttempts {
				// 在加入之前再次检查黑名单
				if !waf.SharedIPBlackList.Contains(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, remoteIP) {
					waf.SharedIPBlackList.Add(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, remoteIP, time.Now().Unix()+3600)
				}
			}
		}

		// 处理当前连接
		if mismatchAction != nil && mismatchAction.Code == "page" {
			if mismatchAction.Options != nil {
				this.writer.statusCode = statusCode
				var contentHTML = this.Format(mismatchAction.Options.GetString("contentHTML"))
				this.writer.Header().Set("Content-Type", "text/html; charset=utf-8")
				this.writer.Header().Set("Content-Length", types.String(len(contentHTML)))
				this.writer.WriteHeader(statusCode)
				_, _ = this.writer.Write([]byte(contentHTML))
			} else {
				http.Error(this.writer, "404 page not found: '"+this.URL()+"'", http.StatusNotFound)
			}
			return
		} else {
			http.Error(this.writer, "404 page not found: '"+this.URL()+"'", http.StatusNotFound)
			this.Close()
			return
		}
	}

	http.Error(this.writer, "404 page not found: '"+this.URL()+"'", http.StatusNotFound)
}
找不到匹配的域名时自动记录日志、默认防cc攻击 2022-06-22 20:04:33 +08:00			`// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .`

			`package nodes`

			`import (`
			`"github.com/TeaOSLab/EdgeCommon/pkg/nodeutils"`
			`"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"`
			`"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"`
			`"github.com/TeaOSLab/EdgeNode/internal/ttlcache"`
			`"github.com/TeaOSLab/EdgeNode/internal/waf"`
可以修改访问未绑定域名时的状态码 2023-07-27 11:21:35 +08:00			`"github.com/iwind/TeaGo/types"`
允许在集群设置 -- “网站设置” 中设置节点IP访问显示的内容 2023-06-05 19:28:01 +08:00			`"net"`
找不到匹配的域名时自动记录日志、默认防cc攻击 2022-06-22 20:04:33 +08:00			`"net/http"`
			`"time"`
			`)`

			`// 域名无匹配情况处理`
			`func (this *HTTPRequest) doMismatch() {`
			`// 是否为健康检查`
			`var healthCheckKey = this.RawReq.Header.Get(serverconfigs.HealthCheckHeaderName)`
			`if len(healthCheckKey) > 0 {`
			`_, err := nodeutils.Base64DecodeMap(healthCheckKey)`
			`if err == nil {`
			`this.writer.WriteHeader(http.StatusOK)`
			`return`
			`}`
			`}`

			`// 是否已经在黑名单`
			`var remoteIP = this.RemoteAddr()`
			`if waf.SharedIPBlackList.Contains(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, remoteIP) {`
			`this.Close()`
			`return`
			`}`

			`// 根据配置进行相应的处理`
允许在集群设置 -- “网站设置” 中设置节点IP访问显示的内容 2023-06-05 19:28:01 +08:00			`var globalServerConfig = sharedNodeConfig.GlobalServerConfig`
			`if globalServerConfig != nil && globalServerConfig.HTTPAll.MatchDomainStrictly {`
可以修改访问未绑定域名时的状态码 2023-07-27 11:21:35 +08:00			`var statusCode = 404`
			`var httpAllConfig = globalServerConfig.HTTPAll`
			`var mismatchAction = httpAllConfig.DomainMismatchAction`

			`if mismatchAction != nil && mismatchAction.Options != nil {`
			`var mismatchStatusCode = mismatchAction.Options.GetInt("statusCode")`
			`if mismatchStatusCode > 0 && mismatchStatusCode >= 100 && mismatchStatusCode < 1000 {`
			`statusCode = mismatchStatusCode`
			`}`
			`}`

允许在集群设置 -- “网站设置” 中设置节点IP访问显示的内容 2023-06-05 19:28:01 +08:00			`// 是否正在访问IP`
			`if globalServerConfig.HTTPAll.NodeIPShowPage && net.ParseIP(this.ReqHost) != nil {`
修复状未绑定域名中${status}和${statusMessage}变量值 2023-08-27 21:38:35 +08:00			`this.writer.statusCode = statusCode`
可以修改访问未绑定域名时的状态码 2023-07-27 11:21:35 +08:00			`var contentHTML = this.Format(globalServerConfig.HTTPAll.NodeIPPageHTML)`
			`this.writer.Header().Set("Content-Type", "text/html; charset=utf-8")`
			`this.writer.Header().Set("Content-Length", types.String(len(contentHTML)))`
			`this.writer.WriteHeader(statusCode)`
			`_, _ = this.writer.WriteString(contentHTML)`
允许在集群设置 -- “网站设置” 中设置节点IP访问显示的内容 2023-06-05 19:28:01 +08:00			`return`
			`}`

找不到匹配的域名时自动记录日志、默认防cc攻击 2022-06-22 20:04:33 +08:00			`// 检查cc`
			`// TODO 可以在管理端配置是否开启以及最多尝试次数`
增加注释 2023-03-29 20:09:19 +08:00			`// 要考虑到服务在切换集群时，域名未生效状态时，用户访问的仍然是老集群中的节点，就会产生找不到域名的情况`
找不到匹配的域名时自动记录日志、默认防cc攻击 2022-06-22 20:04:33 +08:00			`if len(remoteIP) > 0 {`
			`const maxAttempts = 100`
			`if ttlcache.SharedCache.IncreaseInt64("MISMATCH_DOMAIN:"+remoteIP, int64(1), time.Now().Unix()+60, false) > maxAttempts {`
			`// 在加入之前再次检查黑名单`
			`if !waf.SharedIPBlackList.Contains(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, remoteIP) {`
访问不存在的域名加入到黑名单时，只对当前节点有效 2023-04-05 19:42:14 +08:00			`waf.SharedIPBlackList.Add(waf.IPTypeAll, firewallconfigs.FirewallScopeGlobal, 0, remoteIP, time.Now().Unix()+3600)`
找不到匹配的域名时自动记录日志、默认防cc攻击 2022-06-22 20:04:33 +08:00			`}`
			`}`
			`}`

			`// 处理当前连接`
			`if mismatchAction != nil && mismatchAction.Code == "page" {`
			`if mismatchAction.Options != nil {`
修复状未绑定域名中${status}和${statusMessage}变量值 2023-08-27 21:38:35 +08:00			`this.writer.statusCode = statusCode`
可以修改访问未绑定域名时的状态码 2023-07-27 11:21:35 +08:00			`var contentHTML = this.Format(mismatchAction.Options.GetString("contentHTML"))`
找不到匹配的域名时自动记录日志、默认防cc攻击 2022-06-22 20:04:33 +08:00			`this.writer.Header().Set("Content-Type", "text/html; charset=utf-8")`
可以修改访问未绑定域名时的状态码 2023-07-27 11:21:35 +08:00			`this.writer.Header().Set("Content-Length", types.String(len(contentHTML)))`
			`this.writer.WriteHeader(statusCode)`
			`_, _ = this.writer.Write([]byte(contentHTML))`
找不到匹配的域名时自动记录日志、默认防cc攻击 2022-06-22 20:04:33 +08:00			`} else {`
			`http.Error(this.writer, "404 page not found: '"+this.URL()+"'", http.StatusNotFound)`
			`}`
			`return`
			`} else {`
			`http.Error(this.writer, "404 page not found: '"+this.URL()+"'", http.StatusNotFound)`
			`this.Close()`
			`return`
			`}`
			`}`

			`http.Error(this.writer, "404 page not found: '"+this.URL()+"'", http.StatusNotFound)`
			`}`