WAF动作record_ip返回403/优化关闭连接方法

2025-11-07 02:20:25 +08:00 · 2021-10-12 09:06:28 +08:00
parent ac120a728c
commit 86db3dfc49
4 changed files with 5 additions and 18 deletions
--- a/internal/waf/action_base.go
+++ b/internal/waf/action_base.go
@@ -2,20 +2,5 @@

 package waf

-import "net/http"
-
 type BaseAction struct {
 }
-
-// CloseConn 关闭连接
-func (this *BaseAction) CloseConn(writer http.ResponseWriter) error {
-	// 断开连接
-	hijack, ok := writer.(http.Hijacker)
-	if ok {
-		conn, _, err := hijack.Hijack()
-		if err == nil {
-			return conn.Close()
-		}
-	}
-	return nil
-}
--- a/internal/waf/action_get_302.go
+++ b/internal/waf/action_get_302.go
@@ -66,7 +66,7 @@ func (this *Get302Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, requ

 	// 关闭连接
 	if request.WAFRaw().ProtoMajor == 1 {
-		_ = this.CloseConn(writer)
+		request.WAFClose()
 	}

 	return true
--- a/internal/waf/action_post_307.go
+++ b/internal/waf/action_post_307.go
@@ -82,7 +82,7 @@ func (this *Post307Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req
 	http.Redirect(writer, request.WAFRaw(), request.WAFRaw().URL.String(), http.StatusTemporaryRedirect)

 	if request.WAFRaw().ProtoMajor == 1 {
-		_ = this.CloseConn(writer)
+		request.WAFClose()
 	}

 	return true
--- a/internal/waf/action_record_ip.go
+++ b/internal/waf/action_record_ip.go
@@ -90,7 +90,9 @@ func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re
 	expiredAt := time.Now().Unix() + int64(timeout)

 	if this.Type == "black" {
-		_ = this.CloseConn(writer)
+		writer.WriteHeader(http.StatusForbidden)
+
+		request.WAFClose()

 		SharedIPBlackList.Add(IPTypeAll, request.WAFRemoteIP(), expiredAt)
 	} else {