From b6432cb6a91dfdbd6fbac78b2237286e9ff02af9 Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Thu, 25 Aug 2022 17:06:52 +0800 Subject: [PATCH] =?UTF-8?q?WAF=E4=BC=98=E5=8C=96captcha=E5=92=8Cjs=5Fcooki?= =?UTF-8?q?e=E7=9A=84=E5=A4=B1=E8=B4=A5=E8=AE=A1=E6=95=B0=E5=99=A8/?= =?UTF-8?q?=E5=A2=9E=E5=BC=BAjs=5Fcookie=E7=9A=84=E5=AE=89=E5=85=A8?= =?UTF-8?q?=E6=80=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/waf/action_js_cookie.go | 15 ++++++++++----- internal/waf/captcha_counter.go | 2 +- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/internal/waf/action_js_cookie.go b/internal/waf/action_js_cookie.go index 71fbd51..32d6124 100644 --- a/internal/waf/action_js_cookie.go +++ b/internal/waf/action_js_cookie.go @@ -11,6 +11,7 @@ import ( "github.com/TeaOSLab/EdgeNode/internal/waf/requests" "github.com/iwind/TeaGo/types" "net/http" + "strings" "time" ) @@ -63,9 +64,13 @@ func (this *JSCookieAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re if err == nil && cookie != nil { var cookieValue = cookie.Value if len(cookieValue) > 10 { - var timestamp = cookieValue[:10] - if types.Int64(timestamp) >= time.Now().Unix()-int64(life) && fmt.Sprintf("%x", md5.Sum([]byte(timestamp+"@"+nodeConfig.NodeId))) == cookieValue[10:] { - return true, false + var pieces = strings.Split(cookieValue, "@") + if len(pieces) == 3 { + var timestamp = pieces[0] + var sum = pieces[2] + if types.Int64(timestamp) >= time.Now().Unix()-int64(life) && fmt.Sprintf("%x", md5.Sum([]byte(timestamp+"@"+types.String(set.Id)+"@"+nodeConfig.NodeId))) == sum { + return true, false + } } } } @@ -75,7 +80,7 @@ func (this *JSCookieAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re var timestamp = types.String(time.Now().Unix()) - var cookieValue = timestamp + fmt.Sprintf("%x", md5.Sum([]byte(timestamp+"@"+nodeConfig.NodeId))) + var cookieValue = timestamp + "@" + types.String(set.Id) + "@" + fmt.Sprintf("%x", md5.Sum([]byte(timestamp+"@"+types.String(set.Id)+"@"+nodeConfig.NodeId))) _, _ = writer.Write([]byte(` @@ -110,7 +115,7 @@ func (this *JSCookieAction) increaseFails(req requests.Request, policyId int64, failBlockTimeout = 1800 // 默认1800s } - var key = "JS_COOKIE:FAILS:" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId()) + var key = "JS_COOKIE:FAILS:" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId()) + ":" + req.WAFRaw().URL.String() var countFails = ttlcache.SharedCache.IncreaseInt64(key, 1, time.Now().Unix()+300, true) if int(countFails) >= maxFails { diff --git a/internal/waf/captcha_counter.go b/internal/waf/captcha_counter.go index 8a974d1..a812575 100644 --- a/internal/waf/captcha_counter.go +++ b/internal/waf/captcha_counter.go @@ -50,5 +50,5 @@ func CaptchaDeleteCacheKey(req requests.Request) { // CaptchaCacheKey 获取Captcha缓存Key func CaptchaCacheKey(req requests.Request, pageCode CaptchaPageCode) string { - return "CAPTCHA:FAILS:" + pageCode + ":" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId()) + return "CAPTCHA:FAILS:" + pageCode + ":" + req.WAFRemoteIP() + ":" + types.String(req.WAFServerId()) + ":" + req.WAFRaw().URL.String() }