TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-09 03:50:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

增加防盗链规则参数

Browse Source
This commit is contained in:
刘祥超
2021-10-19 11:38:46 +08:00
parent 82a7971718
commit 2793e0de89
3 changed files with 74 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
internal/waf/checkpoints/request_referer_block.go Normal file
View File

@@ -0,0 +1,66 @@
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
package checkpoints
import (
"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
"github.com/iwind/TeaGo/maps"
"github.com/iwind/TeaGo/types"
"net/url"
)
// RequestRefererBlockCheckpoint 防盗链
type RequestRefererBlockCheckpoint struct {
Checkpoint
}
// RequestValue 计算checkpoint值
// 选项allowEmpty, allowSameDomain, allowDomains
func (this *RequestRefererBlockCheckpoint) RequestValue(req requests.Request, param string, options maps.Map) (value interface{}, sysErr error, userErr error) {
var referer = req.WAFRaw().Referer()
if len(referer) == 0 {
if options.GetBool("allowEmpty") {
value = 1
return
}
value = 0
return
}
u, err := url.Parse(referer)
if err != nil {
value = 0
return
}
var host = u.Host
if options.GetBool("allowSameDomain") && host == req.WAFRaw().Host {
value = 1
return
}
var domains = options.GetSlice("allowDomains")
var domainStrings = []string{}
for _, domain := range domains {
domainStrings = append(domainStrings, types.String(domain))
}
if len(domainStrings) == 0 {
value = 0
return
}
if configutils.MatchDomains(domainStrings, host) {
value = 1
} else {
value = 0
}
return
}
func (this *RequestRefererBlockCheckpoint) ResponseValue(req requests.Request, resp *requests.Response, param string, options maps.Map) (value interface{}, sysErr error, userErr error) {
return
}

7
internal/waf/checkpoints/utils.go
View File

@@ -198,6 +198,13 @@ var AllCheckpoints = []*CheckpointDefinition{
HasParams: true, HasParams: true,
Instance: new(CC2Checkpoint), Instance: new(CC2Checkpoint),
}, },
{
Name: "防盗链",
Prefix: "refererBlock",
Description: "阻止一些域名访问引用本站资源",
HasParams: true,
Instance: new(RequestRefererBlockCheckpoint),
},
{ {
Name: "通用响应Header长度限制", Name: "通用响应Header长度限制",
Prefix: "responseGeneralHeaderLength", Prefix: "responseGeneralHeaderLength",

2
internal/waf/rule.go
View File

@@ -23,7 +23,7 @@ import (
var singleParamRegexp = regexp.MustCompile("^\\${[\\w.-]+}$") var singleParamRegexp = regexp.MustCompile("^\\${[\\w.-]+}$")
// rule // Rule
type Rule struct { type Rule struct {
Description string `yaml:"description" json:"description"` Description string `yaml:"description" json:"description"`
Param string `yaml:"param" json:"param"` // such as ${arg.name} or ${args}, can be composite as ${arg.firstName}${arg.lastName} Param string `yaml:"param" json:"param"` // such as ${arg.name} or ${args}, can be composite as ${arg.firstName}${arg.lastName}