diff --git a/internal/waf/action_captcha.go b/internal/waf/action_captcha.go index 623e59d..cc19334 100644 --- a/internal/waf/action_captcha.go +++ b/internal/waf/action_captcha.go @@ -134,6 +134,7 @@ func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req // 占用一次失败次数 CaptchaIncreaseFails(req, this, waf.Id, group.Id, set.Id, CaptchaPageCodeInit) + req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), CaptchaPath+"?info="+url.QueryEscape(info), http.StatusTemporaryRedirect) return false, false diff --git a/internal/waf/action_get_302.go b/internal/waf/action_get_302.go index 1fa4eb1..bf4139f 100644 --- a/internal/waf/action_get_302.go +++ b/internal/waf/action_get_302.go @@ -67,6 +67,7 @@ func (this *Get302Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, requ return true, false } + request.ProcessResponseHeaders(writer.Header(), http.StatusFound) http.Redirect(writer, request.WAFRaw(), Get302Path+"?info="+url.QueryEscape(info), http.StatusFound) flusher, ok := writer.(http.Flusher) diff --git a/internal/waf/action_js_cookie.go b/internal/waf/action_js_cookie.go index caf94f3..4c7c8ea 100644 --- a/internal/waf/action_js_cookie.go +++ b/internal/waf/action_js_cookie.go @@ -75,14 +75,15 @@ func (this *JSCookieAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re } } + req.ProcessResponseHeaders(writer.Header(), http.StatusOK) + writer.Header().Set("Content-Type", "text/html; charset=utf-8") writer.Header().Set("Cache-Control", "no-cache") var timestamp = types.String(time.Now().Unix()) var cookieValue = timestamp + "@" + types.String(set.Id) + "@" + fmt.Sprintf("%x", md5.Sum([]byte(timestamp+"@"+types.String(set.Id)+"@"+nodeConfig.NodeId))) - - _, _ = writer.Write([]byte(` + var respHTML = ` @@ -94,7 +95,10 @@ window.location.reload(); -`)) +` + writer.Header().Set("Content-Length", types.String(len(respHTML))) + writer.WriteHeader(http.StatusOK) + _, _ = writer.Write([]byte(respHTML)) // 记录失败次数 this.increaseFails(req, waf.Id, group.Id, set.Id) diff --git a/internal/waf/action_post_307.go b/internal/waf/action_post_307.go index 8562f38..d2b238b 100644 --- a/internal/waf/action_post_307.go +++ b/internal/waf/action_post_307.go @@ -92,6 +92,7 @@ func (this *Post307Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req Value: info, }) + request.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect) http.Redirect(writer, request.WAFRaw(), request.WAFRaw().URL.String(), http.StatusTemporaryRedirect) flusher, ok := writer.(http.Flusher) diff --git a/internal/waf/captcha_validator.go b/internal/waf/captcha_validator.go index 6534924..f90bd92 100644 --- a/internal/waf/captcha_validator.go +++ b/internal/waf/captcha_validator.go @@ -33,12 +33,15 @@ func (this *CaptchaValidator) Run(req requests.Request, writer http.ResponseWrit } m, err := utils.SimpleDecryptMap(info) if err != nil { + req.ProcessResponseHeaders(writer.Header(), http.StatusBadRequest) + writer.WriteHeader(http.StatusBadRequest) _, _ = writer.Write([]byte("invalid request")) return } var timestamp = m.GetInt64("timestamp") if timestamp < time.Now().Unix()-600 { // 10分钟之后信息过期 + req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), m.GetString("url"), http.StatusTemporaryRedirect) return } @@ -51,16 +54,19 @@ func (this *CaptchaValidator) Run(req requests.Request, writer http.ResponseWrit var waf = SharedWAFManager.FindWAF(policyId) if waf == nil { + req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect) return } var actionConfig = waf.FindAction(actionId) if actionConfig == nil { + req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect) return } captchaActionConfig, ok := actionConfig.(*CaptchaAction) if !ok { + req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect) return } @@ -232,6 +238,7 @@ func (this *CaptchaValidator) validate(actionConfig *CaptchaAction, policyId int // 加入到白名单 SharedIPWhiteList.RecordIP("set:"+strconv.FormatInt(setId, 10), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "") + req.ProcessResponseHeaders(writer.Header(), http.StatusSeeOther) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusSeeOther) return false @@ -241,6 +248,7 @@ func (this *CaptchaValidator) validate(actionConfig *CaptchaAction, policyId int return false } + req.ProcessResponseHeaders(writer.Header(), http.StatusSeeOther) http.Redirect(writer, req.WAFRaw(), req.WAFRaw().URL.String(), http.StatusSeeOther) } } diff --git a/internal/waf/get302_validator.go b/internal/waf/get302_validator.go index 0bfc053..5afcd19 100644 --- a/internal/waf/get302_validator.go +++ b/internal/waf/get302_validator.go @@ -29,6 +29,8 @@ func (this *Get302Validator) Run(request requests.Request, writer http.ResponseW } m, err := utils.SimpleDecryptMap(info) if err != nil { + request.ProcessResponseHeaders(writer.Header(), http.StatusBadRequest) + writer.WriteHeader(http.StatusBadRequest) _, _ = writer.Write([]byte("invalid request")) return } @@ -51,5 +53,7 @@ func (this *Get302Validator) Run(request requests.Request, writer http.ResponseW // 返回原始URL var url = m.GetString("url") + + request.ProcessResponseHeaders(writer.Header(), http.StatusFound) http.Redirect(writer, request.WAFRaw(), url, http.StatusFound) }