TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-08 03:00:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

强制记录攻击日志

Browse Source
This commit is contained in:
刘祥超
2022-04-21 09:40:05 +08:00
parent 553deda20b
commit adfdd5f1b6
3 changed files with 55 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/nodes/http_request.go
View File

@@ -93,7 +93,8 @@ type HTTPRequest struct {
logAttrs map[string]string logAttrs map[string]string
disableLog bool // 请求中关闭Log disableLog bool // 是否在当前请求中关闭Log
forceLog bool // 是否强制记录日志
// script相关操作 // script相关操作
isDone bool isDone bool

90
internal/nodes/http_request_log.go
View File

@@ -14,83 +14,86 @@ const (
// 日志 // 日志
func (this *HTTPRequest) log() { func (this *HTTPRequest) log() {
if this.disableLog { var ref *serverconfigs.HTTPAccessLogRef
return if !this.forceLog {
if this.disableLog {
return
}
// 计算请求时间
this.requestCost = time.Since(this.requestFromTime).Seconds()
ref = this.web.AccessLogRef
if ref == nil {
ref = serverconfigs.DefaultHTTPAccessLogRef
}
if !ref.IsOn {
return
}
if !ref.Match(this.writer.StatusCode()) {
return
}
if ref.FirewallOnly && this.firewallPolicyId == 0 {
return
}
// 是否记录499
if !ref.EnableClientClosed && this.writer.StatusCode() == 499 {
return
}
} }
// 计算请求时间 var addr = this.RawReq.RemoteAddr
this.requestCost = time.Since(this.requestFromTime).Seconds() var index = strings.LastIndex(addr, ":")
ref := this.web.AccessLogRef
if ref == nil {
ref = serverconfigs.DefaultHTTPAccessLogRef
}
if !ref.IsOn {
return
}
if !ref.Match(this.writer.StatusCode()) {
return
}
if ref.FirewallOnly && this.firewallPolicyId == 0 {
return
}
// 是否记录499
if !ref.EnableClientClosed && this.writer.StatusCode() == 499 {
return
}
addr := this.RawReq.RemoteAddr
index := strings.LastIndex(addr, ":")
if index > 0 { if index > 0 {
addr = addr[:index] addr = addr[:index]
} }
// 请求Cookie // 请求Cookie
cookies := map[string]string{} var cookies = map[string]string{}
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldCookie) { if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldCookie) {
for _, cookie := range this.RawReq.Cookies() { for _, cookie := range this.RawReq.Cookies() {
cookies[cookie.Name] = cookie.Value cookies[cookie.Name] = cookie.Value
} }
} }
// 请求Header // 请求Header
pbReqHeader := map[string]*pb.Strings{} var pbReqHeader = map[string]*pb.Strings{}
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldHeader) { if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldHeader) {
for k, v := range this.RawReq.Header { for k, v := range this.RawReq.Header {
pbReqHeader[k] = &pb.Strings{Values: v} pbReqHeader[k] = &pb.Strings{Values: v}
} }
} }
// 响应Header // 响应Header
pbResHeader := map[string]*pb.Strings{} var pbResHeader = map[string]*pb.Strings{}
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldSentHeader) { if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldSentHeader) {
for k, v := range this.writer.Header() { for k, v := range this.writer.Header() {
pbResHeader[k] = &pb.Strings{Values: v} pbResHeader[k] = &pb.Strings{Values: v}
} }
} }
// 参数列表 // 参数列表
queryString := "" var queryString = ""
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldArg) { if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldArg) {
queryString = this.requestQueryString() queryString = this.requestQueryString()
} }
// 浏览器 // 浏览器
userAgent := "" var userAgent = ""
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldUserAgent) || ref.ContainsField(serverconfigs.HTTPAccessLogFieldExtend) { if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldUserAgent) || ref.ContainsField(serverconfigs.HTTPAccessLogFieldExtend) {
userAgent = this.RawReq.UserAgent() userAgent = this.RawReq.UserAgent()
} }
// 请求来源 // 请求来源
referer := "" var referer = ""
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldReferer) { if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldReferer) {
referer = this.RawReq.Referer() referer = this.RawReq.Referer()
} }
accessLog := &pb.HTTPAccessLog{ var accessLog = &pb.HTTPAccessLog{
RequestId: this.requestId, RequestId: this.requestId,
NodeId: this.nodeConfig.Id, NodeId: this.nodeConfig.Id,
ServerId: this.ReqServer.Id, ServerId: this.ReqServer.Id,
@@ -146,7 +149,8 @@ func (this *HTTPRequest) log() {
} }
// 请求Body // 请求Body
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldRequestBody) { // TODO 考虑在被攻击时记录攻击的requestBody如果requestBody匹配规则的话但要考虑请求尺寸、数据库容量避免因为日志而导致服务不稳定
if ref != nil && ref.ContainsField(serverconfigs.HTTPAccessLogFieldRequestBody) {
accessLog.RequestBody = this.requestBodyData accessLog.RequestBody = this.requestBodyData
if len(accessLog.RequestBody) > AccessLogMaxRequestBodySize { if len(accessLog.RequestBody) > AccessLogMaxRequestBodySize {
@@ -154,7 +158,7 @@ func (this *HTTPRequest) log() {
} }
} }
// TODO 记录匹配的 locationId和rewriteId // TODO 记录匹配的 locationId和rewriteId,非必要需求
sharedHTTPAccessLogQueue.Push(accessLog) sharedHTTPAccessLogQueue.Push(accessLog)
} }

6
internal/nodes/http_request_waf.go
View File

@@ -213,6 +213,9 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
if ruleSet.HasAttackActions() { if ruleSet.HasAttackActions() {
this.isAttack = true this.isAttack = true
if firewallPolicy.Log != nil && firewallPolicy.Log.IsOn {
this.forceLog = true
}
} }
// 添加统计 // 添加统计
@@ -275,6 +278,9 @@ func (this *HTTPRequest) checkWAFResponse(firewallPolicy *firewallconfigs.HTTPFi
if ruleSet.HasAttackActions() { if ruleSet.HasAttackActions() {
this.isAttack = true this.isAttack = true
if firewallPolicy.Log != nil && firewallPolicy.Log.IsOn {
this.forceLog = true
}
} }
// 添加统计 // 添加统计