diff --git a/internal/nodes/http_request.go b/internal/nodes/http_request.go index bea8cbb..9094601 100644 --- a/internal/nodes/http_request.go +++ b/internal/nodes/http_request.go @@ -229,6 +229,14 @@ func (this *HTTPRequest) Do() { } } + // 防盗链 + if !this.isSubRequest && this.web.Referers != nil && this.web.Referers.IsOn { + if this.doCheckReferers() { + this.doEnd() + return + } + } + // 访问控制 if !this.isSubRequest && this.web.Auth != nil && this.web.Auth.IsOn { if this.doAuth() { @@ -513,6 +521,11 @@ func (this *HTTPRequest) configureWeb(web *serverconfigs.HTTPWebConfig, isTop bo this.web.Auth = web.Auth } + // referers + if web.Referers != nil && (web.Referers.IsPrior || isTop) { + this.web.Referers = web.Referers + } + // request limit if web.RequestLimit != nil && (web.RequestLimit.IsPrior || isTop) { this.web.RequestLimit = web.RequestLimit diff --git a/internal/nodes/http_request_referers.go b/internal/nodes/http_request_referers.go new file mode 100644 index 0000000..143312e --- /dev/null +++ b/internal/nodes/http_request_referers.go @@ -0,0 +1,45 @@ +// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn . + +package nodes + +import ( + "net/http" + "net/url" +) + +func (this *HTTPRequest) doCheckReferers() (shouldStop bool) { + if this.web.Referers == nil { + return + } + + var refererURL = this.RawReq.Header.Get("Referer") + if len(refererURL) == 0 { + if this.web.Referers.MatchDomain(this.ReqHost, "") { + return + } + + this.tags = append(this.tags, "refererCheck") + this.writer.WriteHeader(http.StatusForbidden) + + return true + } + + u, err := url.Parse(refererURL) + if err != nil { + if this.web.Referers.MatchDomain(this.ReqHost, "") { + return + } + + this.tags = append(this.tags, "refererCheck") + this.writer.WriteHeader(http.StatusForbidden) + + return true + } + + if !this.web.Referers.MatchDomain(this.ReqHost, u.Host) { + this.tags = append(this.tags, "refererCheck") + this.writer.WriteHeader(http.StatusForbidden) + return true + } + return +}