优化WAF

* 信息加密使用struct代替map，以缩短加密后内容长度 * 拦截动作、人机识别动作增加是否尝试全局封禁选项 * JSCookie识别动作增加默认设置选项 * 人机识别中传入info参数异常时，尝试跳转到来源地址，避免直接提示invalid request
2026-01-04 22:55:48 +08:00 · 2024-04-07 14:31:22 +08:00
parent e87ea9d802
commit 1fe15d4e3c
18 changed files with 441 additions and 129 deletions
--- a/internal/waf/ip_list.go
+++ b/internal/waf/ip_list.go
@@ -89,7 +89,7 @@ func (this *IPList) Add(ipType string, scope firewallconfigs.FirewallScope, serv
 	switch scope {
 	case firewallconfigs.FirewallScopeGlobal:
 		ip = "*@" + ip + "@" + ipType
-	case firewallconfigs.FirewallScopeService:
+	case firewallconfigs.FirewallScopeServer:
 		ip = types.String(serverId) + "@" + ip + "@" + ipType
 	default:
 		ip = "*@" + ip + "@" + ipType
@@ -127,7 +127,7 @@ func (this *IPList) RecordIP(ipType string,
 	if this.listType == IPListTypeDeny {
 		// 作用域
 		var scopeServerId int64
-		if scope == firewallconfigs.FirewallScopeService {
+		if scope == firewallconfigs.FirewallScopeServer {
 			scopeServerId = serverId
 		}

@@ -167,7 +167,7 @@ func (this *IPList) Contains(ipType string, scope firewallconfigs.FirewallScope,
 	switch scope {
 	case firewallconfigs.FirewallScopeGlobal:
 		ip = "*@" + ip + "@" + ipType
-	case firewallconfigs.FirewallScopeService:
+	case firewallconfigs.FirewallScopeServer:
 		ip = types.String(serverId) + "@" + ip + "@" + ipType
 	default:
 		ip = "*@" + ip + "@" + ipType
@@ -184,7 +184,7 @@ func (this *IPList) ContainsExpires(ipType string, scope firewallconfigs.Firewal
 	switch scope {
 	case firewallconfigs.FirewallScopeGlobal:
 		ip = "*@" + ip + "@" + ipType
-	case firewallconfigs.FirewallScopeService:
+	case firewallconfigs.FirewallScopeServer:
 		ip = types.String(serverId) + "@" + ip + "@" + ipType
 	default:
 		ip = "*@" + ip + "@" + ipType