WAF规则集中增加“允许搜索引擎”选项，可以快速允许搜索引擎访问

2026-01-06 15:55:48 +08:00 · 2024-05-08 16:45:28 +08:00
parent 77ba4c7fe9
commit 608f102fb5
4 changed files with 78 additions and 27 deletions
--- a/internal/waf/rule_set.go
+++ b/internal/waf/rule_set.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeNode/internal/utils"
 	"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
+	wafutils "github.com/TeaOSLab/EdgeNode/internal/waf/utils"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
@@ -21,15 +22,16 @@ const (
 )

 type RuleSet struct {
-	Id          int64           `yaml:"id" json:"id"`
-	Code        string          `yaml:"code" json:"code"`
-	IsOn        bool            `yaml:"isOn" json:"isOn"`
-	Name        string          `yaml:"name" json:"name"`
-	Description string          `yaml:"description" json:"description"`
-	Rules       []*Rule         `yaml:"rules" json:"rules"`
-	Connector   RuleConnector   `yaml:"connector" json:"connector"` // rules connector
-	Actions     []*ActionConfig `yaml:"actions" json:"actions"`
-	IgnoreLocal bool            `yaml:"ignoreLocal" json:"ignoreLocal"`
+	Id                 int64           `yaml:"id" json:"id"`
+	Code               string          `yaml:"code" json:"code"`
+	IsOn               bool            `yaml:"isOn" json:"isOn"`
+	Name               string          `yaml:"name" json:"name"`
+	Description        string          `yaml:"description" json:"description"`
+	Rules              []*Rule         `yaml:"rules" json:"rules"`
+	Connector          RuleConnector   `yaml:"connector" json:"connector"` // rules connector
+	Actions            []*ActionConfig `yaml:"actions" json:"actions"`
+	IgnoreLocal        bool            `yaml:"ignoreLocal" json:"ignoreLocal"`
+	IgnoreSearchEngine bool            `yaml:"ignoreSearchEngine" json:"ignoreSearchEngine"`

 	actionCodes     []string
 	actionInstances []ActionInterface
@@ -225,7 +227,12 @@ func (this *RuleSet) PerformActions(waf *WAF, group *RuleGroup, req requests.Req
 func (this *RuleSet) MatchRequest(req requests.Request) (b bool, hasRequestBody bool, err error) {
 	// 是否忽略局域网IP
 	if this.IgnoreLocal && utils.IsLocalIP(req.WAFRemoteIP()) {
-		return false, hasRequestBody, nil
+		return
+	}
+
+	// 检查是否为搜索引擎
+	if this.IgnoreSearchEngine && wafutils.CheckSearchEngine(req.WAFRemoteIP()) {
+		return
 	}

 	if !this.hasRules {
@@ -278,6 +285,16 @@ func (this *RuleSet) MatchRequest(req requests.Request) (b bool, hasRequestBody
 }

 func (this *RuleSet) MatchResponse(req requests.Request, resp *requests.Response) (b bool, hasRequestBody bool, err error) {
+	// 是否忽略局域网IP
+	if this.IgnoreLocal && utils.IsLocalIP(req.WAFRemoteIP()) {
+		return
+	}
+
+	// 检查是否为搜索引擎
+	if this.IgnoreSearchEngine && wafutils.CheckSearchEngine(req.WAFRemoteIP()) {
+		return
+	}
+
 	if !this.hasRules {
 		return false, hasRequestBody, nil
 	}