From 95f1e614890bd26d4e79d42087b1e1f3295d14f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Wed, 6 Oct 2021 08:56:38 +0800
Subject: [PATCH] =?UTF-8?q?WAF=E5=8A=A8=E4=BD=9Cblock=E5=92=8Crecord=5Fip?=
 =?UTF-8?q?=E5=90=8C=E6=97=B6=E5=AD=98=E5=9C=A8=E6=97=B6=EF=BC=8C=E4=BC=98?=
 =?UTF-8?q?=E5=85=88=E6=89=A7=E8=A1=8Crecord=5Fip?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/nodes/http_request_waf.go |  4 ++--
 internal/waf/rule_set.go           | 13 +++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/internal/nodes/http_request_waf.go b/internal/nodes/http_request_waf.go
index c9ae1ad..fa16f3a 100644
--- a/internal/nodes/http_request_waf.go
+++ b/internal/nodes/http_request_waf.go
@@ -198,7 +198,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
 			stats.SharedHTTPRequestStatManager.AddFirewallRuleGroupId(this.Server.Id, this.firewallRuleGroupId, ruleSet.Actions)
 		}
 
-		this.firewallActions = ruleSet.ActionCodes()
+		this.firewallActions = append(ruleSet.ActionCodes(), firewallPolicy.Mode)
 	}
 
 	return !goNext, false
@@ -262,7 +262,7 @@ func (this *HTTPRequest) checkWAFResponse(firewallPolicy *firewallconfigs.HTTPFi
 			stats.SharedHTTPRequestStatManager.AddFirewallRuleGroupId(this.Server.Id, this.firewallRuleGroupId, ruleSet.Actions)
 		}
 
-		this.firewallActions = ruleSet.ActionCodes()
+		this.firewallActions = append(ruleSet.ActionCodes(), firewallPolicy.Mode)
 	}
 
 	return !goNext
diff --git a/internal/waf/rule_set.go b/internal/waf/rule_set.go
index b6ac650..b3f1b2d 100644
--- a/internal/waf/rule_set.go
+++ b/internal/waf/rule_set.go
@@ -8,6 +8,7 @@ import (
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/utils/string"
 	"net/http"
+	"sort"
 )
 
 type RuleConnector = string
@@ -122,6 +123,18 @@ func (this *RuleSet) PerformActions(waf *WAF, group *RuleGroup, req requests.Req
 		return true
 	}
 
+	// 排序
+	sort.Slice(this.actionInstances, func(i, j int) bool {
+		var instance1 = this.actionInstances[i]
+		if !instance1.WillChange() {
+			return true
+		}
+		if instance1.Code() == ActionRecordIP {
+			return true
+		}
+		return false
+	})
+
 	// 先执行allow
 	for _, instance := range this.actionInstances {
 		if !instance.WillChange() {