From adfdd5f1b62ecd7b8b594e446725e93fb2f938bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Thu, 21 Apr 2022 09:40:05 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BC=BA=E5=88=B6=E8=AE=B0=E5=BD=95=E6=94=BB?= =?UTF-8?q?=E5=87=BB=E6=97=A5=E5=BF=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/nodes/http_request.go | 3 +- internal/nodes/http_request_log.go | 90 ++++++++++++++++-------------- internal/nodes/http_request_waf.go | 6 ++ 3 files changed, 55 insertions(+), 44 deletions(-) diff --git a/internal/nodes/http_request.go b/internal/nodes/http_request.go index ea1624d..71ea7d4 100644 --- a/internal/nodes/http_request.go +++ b/internal/nodes/http_request.go @@ -93,7 +93,8 @@ type HTTPRequest struct { logAttrs map[string]string - disableLog bool // 此请求中关闭Log + disableLog bool // 是否在当前请求中关闭Log + forceLog bool // 是否强制记录日志 // script相关操作 isDone bool diff --git a/internal/nodes/http_request_log.go b/internal/nodes/http_request_log.go index a3cadd4..c6d74ac 100644 --- a/internal/nodes/http_request_log.go +++ b/internal/nodes/http_request_log.go @@ -14,83 +14,86 @@ const ( // 日志 func (this *HTTPRequest) log() { - if this.disableLog { - return + var ref *serverconfigs.HTTPAccessLogRef + if !this.forceLog { + if this.disableLog { + return + } + + // 计算请求时间 + this.requestCost = time.Since(this.requestFromTime).Seconds() + + ref = this.web.AccessLogRef + if ref == nil { + ref = serverconfigs.DefaultHTTPAccessLogRef + } + if !ref.IsOn { + return + } + + if !ref.Match(this.writer.StatusCode()) { + return + } + + if ref.FirewallOnly && this.firewallPolicyId == 0 { + return + } + + // 是否记录499 + if !ref.EnableClientClosed && this.writer.StatusCode() == 499 { + return + } } - // 计算请求时间 - this.requestCost = time.Since(this.requestFromTime).Seconds() - - ref := this.web.AccessLogRef - if ref == nil { - ref = serverconfigs.DefaultHTTPAccessLogRef - } - if !ref.IsOn { - return - } - - if !ref.Match(this.writer.StatusCode()) { - return - } - - if ref.FirewallOnly && this.firewallPolicyId == 0 { - return - } - - // 是否记录499 - if !ref.EnableClientClosed && this.writer.StatusCode() == 499 { - return - } - - addr := this.RawReq.RemoteAddr - index := strings.LastIndex(addr, ":") + var addr = this.RawReq.RemoteAddr + var index = strings.LastIndex(addr, ":") if index > 0 { addr = addr[:index] } // 请求Cookie - cookies := map[string]string{} - if ref.ContainsField(serverconfigs.HTTPAccessLogFieldCookie) { + var cookies = map[string]string{} + if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldCookie) { for _, cookie := range this.RawReq.Cookies() { cookies[cookie.Name] = cookie.Value } } // 请求Header - pbReqHeader := map[string]*pb.Strings{} - if ref.ContainsField(serverconfigs.HTTPAccessLogFieldHeader) { + var pbReqHeader = map[string]*pb.Strings{} + if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldHeader) { for k, v := range this.RawReq.Header { pbReqHeader[k] = &pb.Strings{Values: v} } } // 响应Header - pbResHeader := map[string]*pb.Strings{} - if ref.ContainsField(serverconfigs.HTTPAccessLogFieldSentHeader) { + var pbResHeader = map[string]*pb.Strings{} + if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldSentHeader) { for k, v := range this.writer.Header() { pbResHeader[k] = &pb.Strings{Values: v} } } // 参数列表 - queryString := "" - if ref.ContainsField(serverconfigs.HTTPAccessLogFieldArg) { + var queryString = "" + if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldArg) { queryString = this.requestQueryString() } // 浏览器 - userAgent := "" - if ref.ContainsField(serverconfigs.HTTPAccessLogFieldUserAgent) || ref.ContainsField(serverconfigs.HTTPAccessLogFieldExtend) { + var userAgent = "" + if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldUserAgent) || ref.ContainsField(serverconfigs.HTTPAccessLogFieldExtend) { userAgent = this.RawReq.UserAgent() } // 请求来源 - referer := "" - if ref.ContainsField(serverconfigs.HTTPAccessLogFieldReferer) { + var referer = "" + if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldReferer) { referer = this.RawReq.Referer() } - accessLog := &pb.HTTPAccessLog{ + var accessLog = &pb.HTTPAccessLog{ RequestId: this.requestId, NodeId: this.nodeConfig.Id, ServerId: this.ReqServer.Id, @@ -146,7 +149,8 @@ func (this *HTTPRequest) log() { } // 请求Body - if ref.ContainsField(serverconfigs.HTTPAccessLogFieldRequestBody) { + // TODO 考虑在被攻击时记录攻击的requestBody(如果requestBody匹配规则的话),但要考虑请求尺寸、数据库容量,避免因为日志而导致服务不稳定 + if ref != nil && ref.ContainsField(serverconfigs.HTTPAccessLogFieldRequestBody) { accessLog.RequestBody = this.requestBodyData if len(accessLog.RequestBody) > AccessLogMaxRequestBodySize { @@ -154,7 +158,7 @@ func (this *HTTPRequest) log() { } } - // TODO 记录匹配的 locationId和rewriteId + // TODO 记录匹配的 locationId和rewriteId,非必要需求 sharedHTTPAccessLogQueue.Push(accessLog) } diff --git a/internal/nodes/http_request_waf.go b/internal/nodes/http_request_waf.go index 6837b31..a1e3eb1 100644 --- a/internal/nodes/http_request_waf.go +++ b/internal/nodes/http_request_waf.go @@ -213,6 +213,9 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir if ruleSet.HasAttackActions() { this.isAttack = true + if firewallPolicy.Log != nil && firewallPolicy.Log.IsOn { + this.forceLog = true + } } // 添加统计 @@ -275,6 +278,9 @@ func (this *HTTPRequest) checkWAFResponse(firewallPolicy *firewallconfigs.HTTPFi if ruleSet.HasAttackActions() { this.isAttack = true + if firewallPolicy.Log != nil && firewallPolicy.Log.IsOn { + this.forceLog = true + } } // 添加统计