Block动作增加默认时间60秒

2026-01-01 02:56:35 +08:00 · 2021-09-29 09:19:45 +08:00
parent 8d28ba3426
commit a1aa2b9224
7 changed files with 34 additions and 7 deletions
--- a/internal/nodes/http_request_waf.go
+++ b/internal/nodes/http_request_waf.go
@@ -16,6 +16,15 @@ import (

 // 调用WAF
 func (this *HTTPRequest) doWAFRequest() (blocked bool) {
+	// 当前连接是否已关闭
+	var conn = this.RawReq.Context().Value(HTTPConnContextKey)
+	if conn != nil {
+		trafficConn, ok := conn.(*TrafficConn)
+		if ok && trafficConn.IsClosed() {
+			return true
+		}
+	}
+
 	// 当前服务的独立设置
 	if this.web.FirewallPolicy != nil && this.web.FirewallPolicy.IsOn {
 		blocked, breakChecking := this.checkWAFRequest(this.web.FirewallPolicy)
--- a/internal/nodes/listener_http.go
+++ b/internal/nodes/listener_http.go
@@ -1,6 +1,7 @@
 package nodes

 import (
+	"context"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
 	"golang.org/x/net/http2"
@@ -18,6 +19,12 @@ var httpErrorLogger = log.New(io.Discard, "", 0)
 var metricNewConnMap = map[string]bool{} // remoteAddr => bool
 var metricNewConnMapLocker = &sync.Mutex{}

+type contextKey struct {
+	key string
+}
+
+var HTTPConnContextKey = &contextKey{key: "http-conn"}
+
 type HTTPListener struct {
 	BaseListener

@@ -65,6 +72,9 @@ func (this *HTTPListener) Serve() error {
 				metricNewConnMapLocker.Unlock()
 			}
 		},
+		ConnContext: func(ctx context.Context, c net.Conn) context.Context {
+			return context.WithValue(ctx, HTTPConnContextKey, c)
+		},
 	}
 	this.httpServer.SetKeepAlivesEnabled(true)

--- a/internal/nodes/traffic_conn.go
+++ b/internal/nodes/traffic_conn.go
@@ -44,7 +44,8 @@ func init() {

 // TrafficConn 用于统计流量的连接
 type TrafficConn struct {
-	rawConn net.Conn
+	rawConn  net.Conn
+	isClosed bool
 }

 func NewTrafficConn(conn net.Conn) net.Conn {
@@ -68,6 +69,7 @@ func (this *TrafficConn) Write(b []byte) (n int, err error) {
 }

 func (this *TrafficConn) Close() error {
+	this.isClosed = true
 	return this.rawConn.Close()
 }

@@ -90,3 +92,7 @@ func (this *TrafficConn) SetReadDeadline(t time.Time) error {
 func (this *TrafficConn) SetWriteDeadline(t time.Time) error {
 	return this.rawConn.SetWriteDeadline(t)
 }
+
+func (this *TrafficConn) IsClosed() bool {
+	return this.isClosed
+}
--- a/internal/nodes/traffic_listener.go
+++ b/internal/nodes/traffic_listener.go
@@ -24,7 +24,7 @@ func (this *TrafficListener) Accept() (net.Conn, error) {
 	// 是否在WAF名单中
 	ip, _, err := net.SplitHostPort(conn.RemoteAddr().String())
 	if err == nil {
-		if !waf.SharedIPWhiteList.Contains(waf.IPTypeAll, ip) && waf.SharedIPBlackLIst.Contains(waf.IPTypeAll, ip) {
+		if !waf.SharedIPWhiteList.Contains(waf.IPTypeAll, ip) && waf.SharedIPBlackList.Contains(waf.IPTypeAll, ip) {
 			defer func() {
 				_ = conn.Close()
 			}()