From 035f813f8a66ab078cda72631aeae1b5d992a0d7 Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Thu, 21 Apr 2022 19:44:19 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96WAF=E6=97=A5=E5=BF=97?= =?UTF-8?q?=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/nodes/http_request_waf.go | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/internal/nodes/http_request_waf.go b/internal/nodes/http_request_waf.go index b994c89..eabd4ce 100644 --- a/internal/nodes/http_request_waf.go +++ b/internal/nodes/http_request_waf.go @@ -53,9 +53,11 @@ func (this *HTTPRequest) doWAFRequest() (blocked bool) { return true } + var forceLog = this.ReqServer.HTTPFirewallPolicy != nil && this.ReqServer.HTTPFirewallPolicy.IsOn && this.ReqServer.HTTPFirewallPolicy.Log != nil && this.ReqServer.HTTPFirewallPolicy.Log.IsOn + // 当前服务的独立设置 if this.web.FirewallPolicy != nil && this.web.FirewallPolicy.IsOn { - blocked, breakChecking := this.checkWAFRequest(this.web.FirewallPolicy) + blocked, breakChecking := this.checkWAFRequest(this.web.FirewallPolicy, forceLog) if blocked { return true } @@ -66,7 +68,7 @@ func (this *HTTPRequest) doWAFRequest() (blocked bool) { // 公用的防火墙设置 if this.ReqServer.HTTPFirewallPolicy != nil && this.ReqServer.HTTPFirewallPolicy.IsOn { - blocked, breakChecking := this.checkWAFRequest(this.ReqServer.HTTPFirewallPolicy) + blocked, breakChecking := this.checkWAFRequest(this.ReqServer.HTTPFirewallPolicy, forceLog) if blocked { return true } @@ -78,7 +80,7 @@ func (this *HTTPRequest) doWAFRequest() (blocked bool) { return } -func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFirewallPolicy) (blocked bool, breakChecking bool) { +func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFirewallPolicy, forceLog bool) (blocked bool, breakChecking bool) { // 检查配置是否为空 if firewallPolicy == nil || !firewallPolicy.IsOn || firewallPolicy.Inbound == nil || !firewallPolicy.Inbound.IsOn || firewallPolicy.Mode == firewallconfigs.FirewallModeBypass { return @@ -206,7 +208,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir } if ruleSet != nil { - if firewallPolicy.Log != nil && firewallPolicy.Log.IsOn { + if forceLog { this.forceLog = true } @@ -236,8 +238,9 @@ func (this *HTTPRequest) doWAFResponse(resp *http.Response) (blocked bool) { } // 当前服务的独立设置 + var forceLog = this.ReqServer.HTTPFirewallPolicy != nil && this.ReqServer.HTTPFirewallPolicy.IsOn && this.ReqServer.HTTPFirewallPolicy.Log != nil && this.ReqServer.HTTPFirewallPolicy.Log.IsOn if this.web.FirewallPolicy != nil && this.web.FirewallPolicy.IsOn { - blocked := this.checkWAFResponse(this.web.FirewallPolicy, resp) + blocked := this.checkWAFResponse(this.web.FirewallPolicy, resp, forceLog) if blocked { return true } @@ -245,7 +248,7 @@ func (this *HTTPRequest) doWAFResponse(resp *http.Response) (blocked bool) { // 公用的防火墙设置 if this.ReqServer.HTTPFirewallPolicy != nil && this.ReqServer.HTTPFirewallPolicy.IsOn { - blocked := this.checkWAFResponse(this.ReqServer.HTTPFirewallPolicy, resp) + blocked := this.checkWAFResponse(this.ReqServer.HTTPFirewallPolicy, resp, forceLog) if blocked { return true } @@ -253,7 +256,7 @@ func (this *HTTPRequest) doWAFResponse(resp *http.Response) (blocked bool) { return } -func (this *HTTPRequest) checkWAFResponse(firewallPolicy *firewallconfigs.HTTPFirewallPolicy, resp *http.Response) (blocked bool) { +func (this *HTTPRequest) checkWAFResponse(firewallPolicy *firewallconfigs.HTTPFirewallPolicy, resp *http.Response, forceLog bool) (blocked bool) { if firewallPolicy == nil || !firewallPolicy.IsOn || !firewallPolicy.Outbound.IsOn || firewallPolicy.Mode == firewallconfigs.FirewallModeBypass { return } @@ -272,7 +275,7 @@ func (this *HTTPRequest) checkWAFResponse(firewallPolicy *firewallconfigs.HTTPFi } if ruleSet != nil { - if firewallPolicy.Log != nil && firewallPolicy.Log.IsOn { + if forceLog { this.forceLog = true }