From 7c442fc43d2a4528dce72cd53e8dbb5a94e8ffde Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Mon, 5 Jun 2023 19:28:01 +0800 Subject: [PATCH] =?UTF-8?q?=E5=85=81=E8=AE=B8=E5=9C=A8=E9=9B=86=E7=BE=A4?= =?UTF-8?q?=E8=AE=BE=E7=BD=AE=20--=20=E2=80=9C=E7=BD=91=E7=AB=99=E8=AE=BE?= =?UTF-8?q?=E7=BD=AE=E2=80=9D=20=E4=B8=AD=E8=AE=BE=E7=BD=AE=E8=8A=82?= =?UTF-8?q?=E7=82=B9IP=E8=AE=BF=E9=97=AE=E6=98=BE=E7=A4=BA=E7=9A=84?= =?UTF-8?q?=E5=86=85=E5=AE=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/nodes/http_request_mismatch.go | 12 +++++++++-- internal/nodes/listener_base.go | 27 ++++++++++++++++--------- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/internal/nodes/http_request_mismatch.go b/internal/nodes/http_request_mismatch.go index 5761431..5cd376f 100644 --- a/internal/nodes/http_request_mismatch.go +++ b/internal/nodes/http_request_mismatch.go @@ -8,6 +8,7 @@ import ( "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs" "github.com/TeaOSLab/EdgeNode/internal/ttlcache" "github.com/TeaOSLab/EdgeNode/internal/waf" + "net" "net/http" "time" ) @@ -32,7 +33,14 @@ func (this *HTTPRequest) doMismatch() { } // 根据配置进行相应的处理 - if sharedNodeConfig.GlobalServerConfig != nil && sharedNodeConfig.GlobalServerConfig.HTTPAll.MatchDomainStrictly { + var globalServerConfig = sharedNodeConfig.GlobalServerConfig + if globalServerConfig != nil && globalServerConfig.HTTPAll.MatchDomainStrictly { + // 是否正在访问IP + if globalServerConfig.HTTPAll.NodeIPShowPage && net.ParseIP(this.ReqHost) != nil { + _, _ = this.writer.WriteString(globalServerConfig.HTTPAll.NodeIPPageHTML) + return + } + // 检查cc // TODO 可以在管理端配置是否开启以及最多尝试次数 // 要考虑到服务在切换集群时,域名未生效状态时,用户访问的仍然是老集群中的节点,就会产生找不到域名的情况 @@ -47,7 +55,7 @@ func (this *HTTPRequest) doMismatch() { } // 处理当前连接 - var httpAllConfig = sharedNodeConfig.GlobalServerConfig.HTTPAll + var httpAllConfig = globalServerConfig.HTTPAll var mismatchAction = httpAllConfig.DomainMismatchAction if mismatchAction != nil && mismatchAction.Code == "page" { if mismatchAction.Options != nil { diff --git a/internal/nodes/listener_base.go b/internal/nodes/listener_base.go index cc6b2a2..6ca4392 100644 --- a/internal/nodes/listener_base.go +++ b/internal/nodes/listener_base.go @@ -116,7 +116,7 @@ func (this *BaseListener) matchSSL(domain string) (*sslconfigs.SSLPolicy, *tls.C return nil, nil, errors.New("no tls server name found") } - // 通过代理服务域名配置匹配 + // 通过网站域名配置匹配 server, _ := this.findNamedServer(domain) if server == nil { // 找不到或者此时的服务没有配置证书,需要搜索所有的Server,通过SSL证书内容中的DNSName匹配 @@ -138,7 +138,7 @@ func (this *BaseListener) matchSSL(domain string) (*sslconfigs.SSLPolicy, *tls.C if server.SSLPolicy() == nil || !server.SSLPolicy().IsOn { // 找不到或者此时的服务没有配置证书,需要搜索所有的Server,通过SSL证书内容中的DNSName匹配 // 此功能仅为了兼容以往版本(v1.0.4),不应该作为常态启用 - if globalServerConfig != nil && globalServerConfig.HTTPAll.MatchCertFromAllServers { + if globalServerConfig != nil && globalServerConfig.HTTPAll.MatchCertFromAllServers { for _, searchingServer := range group.Servers() { if searchingServer.SSLPolicy() == nil || !searchingServer.SSLPolicy().IsOn { continue @@ -174,19 +174,26 @@ func (this *BaseListener) findNamedServer(name string) (serverConfig *serverconf return } - var matchDomainStrictly = sharedNodeConfig.GlobalServerConfig != nil && sharedNodeConfig.GlobalServerConfig.HTTPAll.MatchDomainStrictly + var globalServerConfig = sharedNodeConfig.GlobalServerConfig + var matchDomainStrictly = globalServerConfig != nil && globalServerConfig.HTTPAll.MatchDomainStrictly - if sharedNodeConfig.GlobalServerConfig != nil && - len(sharedNodeConfig.GlobalServerConfig.HTTPAll.DefaultDomain) > 0 && - (!matchDomainStrictly || configutils.MatchDomains(sharedNodeConfig.GlobalServerConfig.HTTPAll.AllowMismatchDomains, name) || (sharedNodeConfig.GlobalServerConfig.HTTPAll.AllowNodeIP && net.ParseIP(name) != nil)) { - var defaultDomain = sharedNodeConfig.GlobalServerConfig.HTTPAll.DefaultDomain - serverConfig, serverName = this.findNamedServerMatched(defaultDomain) - if serverConfig != nil { + if globalServerConfig != nil && + len(globalServerConfig.HTTPAll.DefaultDomain) > 0 && + (!matchDomainStrictly || configutils.MatchDomains(globalServerConfig.HTTPAll.AllowMismatchDomains, name) || (globalServerConfig.HTTPAll.AllowNodeIP && net.ParseIP(name) != nil)) { + if globalServerConfig.HTTPAll.AllowNodeIP && + globalServerConfig.HTTPAll.NodeIPShowPage && + net.ParseIP(name) != nil { return + } else { + var defaultDomain = globalServerConfig.HTTPAll.DefaultDomain + serverConfig, serverName = this.findNamedServerMatched(defaultDomain) + if serverConfig != nil { + return + } } } - if matchDomainStrictly && !configutils.MatchDomains(sharedNodeConfig.GlobalServerConfig.HTTPAll.AllowMismatchDomains, name) && (!sharedNodeConfig.GlobalServerConfig.HTTPAll.AllowNodeIP || net.ParseIP(name) == nil) { + if matchDomainStrictly && !configutils.MatchDomains(globalServerConfig.HTTPAll.AllowMismatchDomains, name) && (!globalServerConfig.HTTPAll.AllowNodeIP || net.ParseIP(name) == nil) { return }