TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-12-13 14:10:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

区域封禁支持观察者模式

Browse Source
This commit is contained in:
刘祥超
2023-11-18 15:02:58 +08:00
parent ecd2e6955e
commit 7fea67a2b5
1 changed files with 38 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/nodes/http_request_waf.go
View File

@@ -96,6 +96,8 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
return return
} }
var isDefendMode = firewallPolicy.Mode == firewallconfigs.FirewallModeDefend
// 检查IP白名单 // 检查IP白名单
var remoteAddrs []string var remoteAddrs []string
if len(this.remoteAddr) > 0 { if len(this.remoteAddr) > 0 {
@@ -122,7 +124,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
} }
// 检查IP黑名单 // 检查IP黑名单
if firewallPolicy.Mode == firewallconfigs.FirewallModeDefend { if isDefendMode {
for _, ref := range inbound.AllDenyListRefs() { for _, ref := range inbound.AllDenyListRefs() {
if ref.IsOn && ref.ListId > 0 { if ref.IsOn && ref.ListId > 0 {
list := iplibrary.SharedIPListManager.FindList(ref.ListId) list := iplibrary.SharedIPListManager.FindList(ref.ListId)
@@ -161,7 +163,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
} }
// 检查地区封禁 // 检查地区封禁
if firewallPolicy.Mode == firewallconfigs.FirewallModeDefend {
if firewallPolicy.Inbound.Region != nil && firewallPolicy.Inbound.Region.IsOn { if firewallPolicy.Inbound.Region != nil && firewallPolicy.Inbound.Region.IsOn {
var regionConfig = firewallPolicy.Inbound.Region var regionConfig = firewallPolicy.Inbound.Region
if regionConfig.IsNotEmpty() { if regionConfig.IsNotEmpty() {
@@ -174,6 +176,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
if !regionConfig.IsAllowedCountry(result.CountryId(), result.ProvinceId()) { if !regionConfig.IsAllowedCountry(result.CountryId(), result.ProvinceId()) {
this.firewallPolicyId = firewallPolicy.Id this.firewallPolicyId = firewallPolicy.Id
if isDefendMode {
var promptHTML string var promptHTML string
if len(regionConfig.CountryHTML) > 0 { if len(regionConfig.CountryHTML) > 0 {
promptHTML = regionConfig.CountryHTML promptHTML = regionConfig.CountryHTML
@@ -193,6 +196,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
// 延时返回,避免攻击 // 延时返回,避免攻击
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
}
// 停止日志 // 停止日志
if !logDenying { if !logDenying {
@@ -201,15 +205,18 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
this.tags = append(this.tags, "denyCountry") this.tags = append(this.tags, "denyCountry")
} }
if isDefendMode {
return true, false return true, false
} }
} }
}
if regionConfig.MatchProvinceURL(currentURL) { if regionConfig.MatchProvinceURL(currentURL) {
// 检查省份封禁 // 检查省份封禁
if !regionConfig.IsAllowedProvince(result.CountryId(), result.ProvinceId()) { if !regionConfig.IsAllowedProvince(result.CountryId(), result.ProvinceId()) {
this.firewallPolicyId = firewallPolicy.Id this.firewallPolicyId = firewallPolicy.Id
if isDefendMode {
var promptHTML string var promptHTML string
if len(regionConfig.ProvinceHTML) > 0 { if len(regionConfig.ProvinceHTML) > 0 {
promptHTML = regionConfig.ProvinceHTML promptHTML = regionConfig.ProvinceHTML
@@ -229,6 +236,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
// 延时返回,避免攻击 // 延时返回,避免攻击
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
}
// 停止日志 // 停止日志
if !logDenying { if !logDenying {
@@ -237,6 +245,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
this.tags = append(this.tags, "denyProvince") this.tags = append(this.tags, "denyProvince")
} }
if isDefendMode {
return true, false return true, false
} }
} }