部分WAF动作输出内容时增加自定义报头

2025-11-03 15:00:26 +08:00 · 2023-06-12 18:07:07 +08:00
parent a73b9f2674
commit c0909a2cd0
6 changed files with 22 additions and 3 deletions
--- a/internal/waf/action_captcha.go
+++ b/internal/waf/action_captcha.go
@@ -134,6 +134,7 @@ func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req
 	// 占用一次失败次数
 	CaptchaIncreaseFails(req, this, waf.Id, group.Id, set.Id, CaptchaPageCodeInit)

+	req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
 	http.Redirect(writer, req.WAFRaw(), CaptchaPath+"?info="+url.QueryEscape(info), http.StatusTemporaryRedirect)

 	return false, false
--- a/internal/waf/action_get_302.go
+++ b/internal/waf/action_get_302.go
@@ -67,6 +67,7 @@ func (this *Get302Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, requ
 		return true, false
 	}

+	request.ProcessResponseHeaders(writer.Header(), http.StatusFound)
 	http.Redirect(writer, request.WAFRaw(), Get302Path+"?info="+url.QueryEscape(info), http.StatusFound)

 	flusher, ok := writer.(http.Flusher)
--- a/internal/waf/action_js_cookie.go
+++ b/internal/waf/action_js_cookie.go
@@ -75,14 +75,15 @@ func (this *JSCookieAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re
 		}
 	}

+	req.ProcessResponseHeaders(writer.Header(), http.StatusOK)
+
 	writer.Header().Set("Content-Type", "text/html; charset=utf-8")
 	writer.Header().Set("Cache-Control", "no-cache")

 	var timestamp = types.String(time.Now().Unix())

 	var cookieValue = timestamp + "@" + types.String(set.Id) + "@" + fmt.Sprintf("%x", md5.Sum([]byte(timestamp+"@"+types.String(set.Id)+"@"+nodeConfig.NodeId)))
-
-	_, _ = writer.Write([]byte(`<!DOCTYPE html>
+	var respHTML = `<!DOCTYPE html>
 <html>
 <head>
 <title></title>
@@ -94,7 +95,10 @@ window.location.reload();
 </head>
 <body>
 </body>
-</html>`))
+</html>`
+	writer.Header().Set("Content-Length", types.String(len(respHTML)))
+	writer.WriteHeader(http.StatusOK)
+	_, _ = writer.Write([]byte(respHTML))

 	// 记录失败次数
 	this.increaseFails(req, waf.Id, group.Id, set.Id)
--- a/internal/waf/action_post_307.go
+++ b/internal/waf/action_post_307.go
@@ -92,6 +92,7 @@ func (this *Post307Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req
 		Value:  info,
 	})

+	request.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
 	http.Redirect(writer, request.WAFRaw(), request.WAFRaw().URL.String(), http.StatusTemporaryRedirect)

 	flusher, ok := writer.(http.Flusher)
--- a/internal/waf/captcha_validator.go
+++ b/internal/waf/captcha_validator.go
@@ -33,12 +33,15 @@ func (this *CaptchaValidator) Run(req requests.Request, writer http.ResponseWrit
 	}
 	m, err := utils.SimpleDecryptMap(info)
 	if err != nil {
+		req.ProcessResponseHeaders(writer.Header(), http.StatusBadRequest)
+		writer.WriteHeader(http.StatusBadRequest)
 		_, _ = writer.Write([]byte("invalid request"))
 		return
 	}

 	var timestamp = m.GetInt64("timestamp")
 	if timestamp < time.Now().Unix()-600 { // 10分钟之后信息过期
+		req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
 		http.Redirect(writer, req.WAFRaw(), m.GetString("url"), http.StatusTemporaryRedirect)
 		return
 	}
@@ -51,16 +54,19 @@ func (this *CaptchaValidator) Run(req requests.Request, writer http.ResponseWrit

 	var waf = SharedWAFManager.FindWAF(policyId)
 	if waf == nil {
+		req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
 		http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect)
 		return
 	}
 	var actionConfig = waf.FindAction(actionId)
 	if actionConfig == nil {
+		req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
 		http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect)
 		return
 	}
 	captchaActionConfig, ok := actionConfig.(*CaptchaAction)
 	if !ok {
+		req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
 		http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect)
 		return
 	}
@@ -232,6 +238,7 @@ func (this *CaptchaValidator) validate(actionConfig *CaptchaAction, policyId int
 			// 加入到白名单
 			SharedIPWhiteList.RecordIP("set:"+strconv.FormatInt(setId, 10), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "")

+			req.ProcessResponseHeaders(writer.Header(), http.StatusSeeOther)
 			http.Redirect(writer, req.WAFRaw(), originURL, http.StatusSeeOther)

 			return false
@@ -241,6 +248,7 @@ func (this *CaptchaValidator) validate(actionConfig *CaptchaAction, policyId int
 				return false
 			}

+			req.ProcessResponseHeaders(writer.Header(), http.StatusSeeOther)
 			http.Redirect(writer, req.WAFRaw(), req.WAFRaw().URL.String(), http.StatusSeeOther)
 		}
 	}
--- a/internal/waf/get302_validator.go
+++ b/internal/waf/get302_validator.go
@@ -29,6 +29,8 @@ func (this *Get302Validator) Run(request requests.Request, writer http.ResponseW
 	}
 	m, err := utils.SimpleDecryptMap(info)
 	if err != nil {
+		request.ProcessResponseHeaders(writer.Header(), http.StatusBadRequest)
+		writer.WriteHeader(http.StatusBadRequest)
 		_, _ = writer.Write([]byte("invalid request"))
 		return
 	}
@@ -51,5 +53,7 @@ func (this *Get302Validator) Run(request requests.Request, writer http.ResponseW

 	// 返回原始URL
 	var url = m.GetString("url")
+
+	request.ProcessResponseHeaders(writer.Header(), http.StatusFound)
 	http.Redirect(writer, request.WAFRaw(), url, http.StatusFound)
 }