TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-12-01 21:30:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF国家/地区封禁、省份封禁增加例外URL、限制URL

Browse Source
This commit is contained in:
刘祥超
2023-05-25 12:02:40 +08:00
parent 47f5cbeac9
commit c43387bf6a
1 changed files with 34 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
internal/nodes/http_request_waf.go
View File

@@ -163,47 +163,52 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
// 检查地区封禁 // 检查地区封禁
if firewallPolicy.Mode == firewallconfigs.FirewallModeDefend { if firewallPolicy.Mode == firewallconfigs.FirewallModeDefend {
if firewallPolicy.Inbound.Region != nil && firewallPolicy.Inbound.Region.IsOn { if firewallPolicy.Inbound.Region != nil && firewallPolicy.Inbound.Region.IsOn {
regionConfig := firewallPolicy.Inbound.Region var regionConfig = firewallPolicy.Inbound.Region
if regionConfig.IsNotEmpty() { if regionConfig.IsNotEmpty() {
for _, remoteAddr := range remoteAddrs { for _, remoteAddr := range remoteAddrs {
var result = iplib.LookupIP(remoteAddr) var result = iplib.LookupIP(remoteAddr)
if result != nil && result.IsOk() { if result != nil && result.IsOk() {
// 检查国家/地区级别封禁 var currentURL = this.URL()
var countryId = result.CountryId() if regionConfig.MatchCountryURL(currentURL) {
if countryId > 0 && lists.ContainsInt64(regionConfig.DenyCountryIds, countryId) { // 检查国家/地区级别封禁
this.firewallPolicyId = firewallPolicy.Id var countryId = result.CountryId()
if countryId > 0 && lists.ContainsInt64(regionConfig.DenyCountryIds, countryId) {
this.firewallPolicyId = firewallPolicy.Id
this.writeCode(http.StatusForbidden, "", "") this.writeCode(http.StatusForbidden, "", "")
this.writer.Flush() this.writer.Flush()
this.writer.Close() this.writer.Close()
// 停止日志 // 停止日志
if !logDenying { if !logDenying {
this.disableLog = true this.disableLog = true
} else { } else {
this.tags = append(this.tags, "denyCountry") this.tags = append(this.tags, "denyCountry")
}
return true, false
} }
return true, false
} }
// 检查省份封禁 if regionConfig.MatchProvinceURL(currentURL) {
var provinceId = result.ProvinceId() // 检查省份封禁
if provinceId > 0 && lists.ContainsInt64(regionConfig.DenyProvinceIds, provinceId) { var provinceId = result.ProvinceId()
this.firewallPolicyId = firewallPolicy.Id if provinceId > 0 && lists.ContainsInt64(regionConfig.DenyProvinceIds, provinceId) {
this.firewallPolicyId = firewallPolicy.Id
this.writeCode(http.StatusForbidden, "", "") this.writeCode(http.StatusForbidden, "", "")
this.writer.Flush() this.writer.Flush()
this.writer.Close() this.writer.Close()
// 停止日志 // 停止日志
if !logDenying { if !logDenying {
this.disableLog = true this.disableLog = true
} else { } else {
this.tags = append(this.tags, "denyProvince") this.tags = append(this.tags, "denyProvince")
}
return true, false
} }
return true, false
} }
} }
} }