TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-08 11:20:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

强制记录攻击日志

Browse Source
This commit is contained in:
刘祥超
2022-04-21 09:40:05 +08:00
parent 553deda20b
commit adfdd5f1b6
3 changed files with 55 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/nodes/http_request.go
View File

@@ -93,7 +93,8 @@ type HTTPRequest struct {
logAttrs map[string]string
disableLog bool // 请求中关闭Log
disableLog bool // 是否在当前请求中关闭Log
forceLog bool // 是否强制记录日志
// script相关操作
isDone bool

40
internal/nodes/http_request_log.go
View File

@@ -14,6 +14,8 @@ const (
// 日志
func (this *HTTPRequest) log() {
var ref *serverconfigs.HTTPAccessLogRef
if !this.forceLog {
if this.disableLog {
return
}
@@ -21,7 +23,7 @@ func (this *HTTPRequest) log() {
// 计算请求时间
this.requestCost = time.Since(this.requestFromTime).Seconds()
ref := this.web.AccessLogRef
ref = this.web.AccessLogRef
if ref == nil {
ref = serverconfigs.DefaultHTTPAccessLogRef
}
@@ -41,56 +43,57 @@ func (this *HTTPRequest) log() {
if !ref.EnableClientClosed && this.writer.StatusCode() == 499 {
return
}
}
addr := this.RawReq.RemoteAddr
index := strings.LastIndex(addr, ":")
var addr = this.RawReq.RemoteAddr
var index = strings.LastIndex(addr, ":")
if index > 0 {
addr = addr[:index]
}
// 请求Cookie
cookies := map[string]string{}
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldCookie) {
var cookies = map[string]string{}
if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldCookie) {
for _, cookie := range this.RawReq.Cookies() {
cookies[cookie.Name] = cookie.Value
}
}
// 请求Header
pbReqHeader := map[string]*pb.Strings{}
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldHeader) {
var pbReqHeader = map[string]*pb.Strings{}
if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldHeader) {
for k, v := range this.RawReq.Header {
pbReqHeader[k] = &pb.Strings{Values: v}
}
}
// 响应Header
pbResHeader := map[string]*pb.Strings{}
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldSentHeader) {
var pbResHeader = map[string]*pb.Strings{}
if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldSentHeader) {
for k, v := range this.writer.Header() {
pbResHeader[k] = &pb.Strings{Values: v}
}
}
// 参数列表
queryString := ""
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldArg) {
var queryString = ""
if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldArg) {
queryString = this.requestQueryString()
}
// 浏览器
userAgent := ""
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldUserAgent) || ref.ContainsField(serverconfigs.HTTPAccessLogFieldExtend) {
var userAgent = ""
if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldUserAgent) || ref.ContainsField(serverconfigs.HTTPAccessLogFieldExtend) {
userAgent = this.RawReq.UserAgent()
}
// 请求来源
referer := ""
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldReferer) {
var referer = ""
if ref == nil || ref.ContainsField(serverconfigs.HTTPAccessLogFieldReferer) {
referer = this.RawReq.Referer()
}
accessLog := &pb.HTTPAccessLog{
var accessLog = &pb.HTTPAccessLog{
RequestId: this.requestId,
NodeId: this.nodeConfig.Id,
ServerId: this.ReqServer.Id,
@@ -146,7 +149,8 @@ func (this *HTTPRequest) log() {
}
// 请求Body
if ref.ContainsField(serverconfigs.HTTPAccessLogFieldRequestBody) {
// TODO 考虑在被攻击时记录攻击的requestBody如果requestBody匹配规则的话但要考虑请求尺寸、数据库容量避免因为日志而导致服务不稳定
if ref != nil && ref.ContainsField(serverconfigs.HTTPAccessLogFieldRequestBody) {
accessLog.RequestBody = this.requestBodyData
if len(accessLog.RequestBody) > AccessLogMaxRequestBodySize {
@@ -154,7 +158,7 @@ func (this *HTTPRequest) log() {
}
}
// TODO 记录匹配的 locationId和rewriteId
// TODO 记录匹配的 locationId和rewriteId,非必要需求
sharedHTTPAccessLogQueue.Push(accessLog)
}

6
internal/nodes/http_request_waf.go
View File

@@ -213,6 +213,9 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
if ruleSet.HasAttackActions() {
this.isAttack = true
if firewallPolicy.Log != nil && firewallPolicy.Log.IsOn {
this.forceLog = true
}
}
// 添加统计
@@ -275,6 +278,9 @@ func (this *HTTPRequest) checkWAFResponse(firewallPolicy *firewallconfigs.HTTPFi
if ruleSet.HasAttackActions() {
this.isAttack = true
if firewallPolicy.Log != nil && firewallPolicy.Log.IsOn {
this.forceLog = true
}
}
// 添加统计