From 1d7c51bb265f700f8a6cfc6425446d6a3dc4f9d2 Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Mon, 6 Dec 2021 10:11:22 +0800 Subject: [PATCH] =?UTF-8?q?=E8=87=AA=E5=8A=A8=E5=B0=86API=E8=8A=82?= =?UTF-8?q?=E7=82=B9=E7=9A=84IP=E5=8A=A0=E5=85=A5=E5=88=B0=E7=99=BD?= =?UTF-8?q?=E5=90=8D=E5=8D=95=EF=BC=8C=E9=98=B2=E6=AD=A2=E8=AF=AF=E5=B0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 但要注意:在单个机器上安装API节点和边缘节点,通过局域网IP访问时就无法测试WAF规则,因为会被自动加入到白名单 --- internal/nodes/http_request_waf.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/internal/nodes/http_request_waf.go b/internal/nodes/http_request_waf.go index cec3371..a0ba70a 100644 --- a/internal/nodes/http_request_waf.go +++ b/internal/nodes/http_request_waf.go @@ -7,6 +7,7 @@ import ( "github.com/TeaOSLab/EdgeNode/internal/remotelogs" "github.com/TeaOSLab/EdgeNode/internal/stats" "github.com/TeaOSLab/EdgeNode/internal/waf" + "github.com/iwind/TeaGo/Tea" "github.com/iwind/TeaGo/lists" "github.com/iwind/TeaGo/types" "io" @@ -16,6 +17,13 @@ import ( // 调用WAF func (this *HTTPRequest) doWAFRequest() (blocked bool) { + var remoteAddr = this.requestRemoteAddr(true) + + // 检查是否为白名单直连 + if !Tea.IsTesting() && sharedNodeConfig.IPIsAutoAllowed(remoteAddr) { + return + } + // 当前连接是否已关闭 if this.isConnClosed() { this.disableLog = true @@ -23,7 +31,6 @@ func (this *HTTPRequest) doWAFRequest() (blocked bool) { } // 是否在全局名单中 - var remoteAddr = this.requestRemoteAddr(true) if !iplibrary.AllowIP(remoteAddr, this.Server.Id) { this.disableLog = true this.closeConn()