TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-05 00:14:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

部分WAF动作输出内容时增加自定义报头

Browse Source
This commit is contained in:
刘祥超
2023-06-12 18:07:07 +08:00
parent a73b9f2674
commit c0909a2cd0
6 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/waf/action_captcha.go
View File

@@ -134,6 +134,7 @@ func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req
// 占用一次失败次数 // 占用一次失败次数
CaptchaIncreaseFails(req, this, waf.Id, group.Id, set.Id, CaptchaPageCodeInit) CaptchaIncreaseFails(req, this, waf.Id, group.Id, set.Id, CaptchaPageCodeInit)
req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
http.Redirect(writer, req.WAFRaw(), CaptchaPath+"?info="+url.QueryEscape(info), http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), CaptchaPath+"?info="+url.QueryEscape(info), http.StatusTemporaryRedirect)
return false, false return false, false

1
internal/waf/action_get_302.go
View File

@@ -67,6 +67,7 @@ func (this *Get302Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, requ
return true, false return true, false
} }
request.ProcessResponseHeaders(writer.Header(), http.StatusFound)
http.Redirect(writer, request.WAFRaw(), Get302Path+"?info="+url.QueryEscape(info), http.StatusFound) http.Redirect(writer, request.WAFRaw(), Get302Path+"?info="+url.QueryEscape(info), http.StatusFound)
flusher, ok := writer.(http.Flusher) flusher, ok := writer.(http.Flusher)

10
internal/waf/action_js_cookie.go
View File

@@ -75,14 +75,15 @@ func (this *JSCookieAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, re
} }
} }
req.ProcessResponseHeaders(writer.Header(), http.StatusOK)
writer.Header().Set("Content-Type", "text/html; charset=utf-8") writer.Header().Set("Content-Type", "text/html; charset=utf-8")
writer.Header().Set("Cache-Control", "no-cache") writer.Header().Set("Cache-Control", "no-cache")
var timestamp = types.String(time.Now().Unix()) var timestamp = types.String(time.Now().Unix())
var cookieValue = timestamp + "@" + types.String(set.Id) + "@" + fmt.Sprintf("%x", md5.Sum([]byte(timestamp+"@"+types.String(set.Id)+"@"+nodeConfig.NodeId))) var cookieValue = timestamp + "@" + types.String(set.Id) + "@" + fmt.Sprintf("%x", md5.Sum([]byte(timestamp+"@"+types.String(set.Id)+"@"+nodeConfig.NodeId)))
var respHTML = `<!DOCTYPE html>
_, _ = writer.Write([]byte(`<!DOCTYPE html>
<html> <html>
<head> <head>
<title></title> <title></title>
@@ -94,7 +95,10 @@ window.location.reload();
</head> </head>
<body> <body>
</body> </body>
</html>`)) </html>`
writer.Header().Set("Content-Length", types.String(len(respHTML)))
writer.WriteHeader(http.StatusOK)
_, _ = writer.Write([]byte(respHTML))
// 记录失败次数 // 记录失败次数
this.increaseFails(req, waf.Id, group.Id, set.Id) this.increaseFails(req, waf.Id, group.Id, set.Id)

1
internal/waf/action_post_307.go
View File

@@ -92,6 +92,7 @@ func (this *Post307Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req
Value: info, Value: info,
}) })
request.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
http.Redirect(writer, request.WAFRaw(), request.WAFRaw().URL.String(), http.StatusTemporaryRedirect) http.Redirect(writer, request.WAFRaw(), request.WAFRaw().URL.String(), http.StatusTemporaryRedirect)
flusher, ok := writer.(http.Flusher) flusher, ok := writer.(http.Flusher)

8
internal/waf/captcha_validator.go
View File

@@ -33,12 +33,15 @@ func (this *CaptchaValidator) Run(req requests.Request, writer http.ResponseWrit
} }
m, err := utils.SimpleDecryptMap(info) m, err := utils.SimpleDecryptMap(info)
if err != nil { if err != nil {
req.ProcessResponseHeaders(writer.Header(), http.StatusBadRequest)
writer.WriteHeader(http.StatusBadRequest)
_, _ = writer.Write([]byte("invalid request")) _, _ = writer.Write([]byte("invalid request"))
return return
} }
var timestamp = m.GetInt64("timestamp") var timestamp = m.GetInt64("timestamp")
if timestamp < time.Now().Unix()-600 { // 10分钟之后信息过期 if timestamp < time.Now().Unix()-600 { // 10分钟之后信息过期
req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
http.Redirect(writer, req.WAFRaw(), m.GetString("url"), http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), m.GetString("url"), http.StatusTemporaryRedirect)
return return
} }
@@ -51,16 +54,19 @@ func (this *CaptchaValidator) Run(req requests.Request, writer http.ResponseWrit
var waf = SharedWAFManager.FindWAF(policyId) var waf = SharedWAFManager.FindWAF(policyId)
if waf == nil { if waf == nil {
req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect)
return return
} }
var actionConfig = waf.FindAction(actionId) var actionConfig = waf.FindAction(actionId)
if actionConfig == nil { if actionConfig == nil {
req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect)
return return
} }
captchaActionConfig, ok := actionConfig.(*CaptchaAction) captchaActionConfig, ok := actionConfig.(*CaptchaAction)
if !ok { if !ok {
req.ProcessResponseHeaders(writer.Header(), http.StatusTemporaryRedirect)
http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusTemporaryRedirect)
return return
} }
@@ -232,6 +238,7 @@ func (this *CaptchaValidator) validate(actionConfig *CaptchaAction, policyId int
// 加入到白名单 // 加入到白名单
SharedIPWhiteList.RecordIP("set:"+strconv.FormatInt(setId, 10), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "") SharedIPWhiteList.RecordIP("set:"+strconv.FormatInt(setId, 10), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "")
req.ProcessResponseHeaders(writer.Header(), http.StatusSeeOther)
http.Redirect(writer, req.WAFRaw(), originURL, http.StatusSeeOther) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusSeeOther)
return false return false
@@ -241,6 +248,7 @@ func (this *CaptchaValidator) validate(actionConfig *CaptchaAction, policyId int
return false return false
} }
req.ProcessResponseHeaders(writer.Header(), http.StatusSeeOther)
http.Redirect(writer, req.WAFRaw(), req.WAFRaw().URL.String(), http.StatusSeeOther) http.Redirect(writer, req.WAFRaw(), req.WAFRaw().URL.String(), http.StatusSeeOther)
} }
} }

4
internal/waf/get302_validator.go
View File

@@ -29,6 +29,8 @@ func (this *Get302Validator) Run(request requests.Request, writer http.ResponseW
} }
m, err := utils.SimpleDecryptMap(info) m, err := utils.SimpleDecryptMap(info)
if err != nil { if err != nil {
request.ProcessResponseHeaders(writer.Header(), http.StatusBadRequest)
writer.WriteHeader(http.StatusBadRequest)
_, _ = writer.Write([]byte("invalid request")) _, _ = writer.Write([]byte("invalid request"))
return return
} }
@@ -51,5 +53,7 @@ func (this *Get302Validator) Run(request requests.Request, writer http.ResponseW
// 返回原始URL // 返回原始URL
var url = m.GetString("url") var url = m.GetString("url")
request.ProcessResponseHeaders(writer.Header(), http.StatusFound)
http.Redirect(writer, request.WAFRaw(), url, http.StatusFound) http.Redirect(writer, request.WAFRaw(), url, http.StatusFound)
} }