优化WAF

* 信息加密使用struct代替map，以缩短加密后内容长度
* 拦截动作、人机识别动作增加是否尝试全局封禁选项
* JSCookie识别动作增加默认设置选项
* 人机识别中传入info参数异常时，尝试跳转到来源地址，避免直接提示invalid request

internal/waf/action_block.go

@@ -1,6 +1,7 @@
 package waf
 
 import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	teaconst "github.com/TeaOSLab/EdgeNode/internal/const"
 	"github.com/TeaOSLab/EdgeNode/internal/utils"
 	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
@@ -28,6 +29,8 @@ type BlockAction struct {
 	Timeout    int32  `yaml:"timeout" json:"timeout"`
 	TimeoutMax int32  `yaml:"timeoutMax" json:"timeoutMax"`
 	Scope      string `yaml:"scope" json:"scope"`
+
+	FailBlockScopeAll bool `yaml:"failBlockScopeAll" json:"failBlockScopeAll"`
 }
 
 func (this *BlockAction) Init(waf *WAF) error {
@@ -45,7 +48,10 @@ func (this *BlockAction) Init(waf *WAF) error {
 			this.Timeout = waf.DefaultBlockAction.Timeout
 			this.TimeoutMax = waf.DefaultBlockAction.TimeoutMax // 只有没有填写封锁时长的时候才会使用默认的封锁时长最大值
 		}
+
+		this.FailBlockScopeAll = waf.DefaultBlockAction.FailBlockScopeAll
 	}
+
 	return nil
 }
 
@@ -74,7 +80,7 @@ func (this *BlockAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, reque
 		timeout = timeout + int32(rands.Int64()%int64(timeoutMax-timeout+1))
 	}
 
-	SharedIPBlackList.RecordIP(IPTypeAll, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), time.Now().Unix()+int64(timeout), waf.Id, waf.UseLocalFirewall, group.Id, set.Id, "")
+	SharedIPBlackList.RecordIP(IPTypeAll, this.Scope, request.WAFServerId(), request.WAFRemoteIP(), time.Now().Unix()+int64(timeout), waf.Id, waf.UseLocalFirewall && (this.FailBlockScopeAll || this.Scope == firewallconfigs.FirewallScopeGlobal), group.Id, set.Id, "")
 
 	if writer != nil {
 		// close the connection