TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-12-01 13:20:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

WAF国家/地区封禁、省份封禁增加例外URL、限制URL

Browse Source
This commit is contained in:
刘祥超
2023-05-25 12:02:40 +08:00
parent 47f5cbeac9
commit c43387bf6a
1 changed files with 34 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/nodes/http_request_waf.go
View File

@@ -163,11 +163,13 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
// 检查地区封禁
if firewallPolicy.Mode == firewallconfigs.FirewallModeDefend {
if firewallPolicy.Inbound.Region != nil && firewallPolicy.Inbound.Region.IsOn {
regionConfig := firewallPolicy.Inbound.Region
var regionConfig = firewallPolicy.Inbound.Region
if regionConfig.IsNotEmpty() {
for _, remoteAddr := range remoteAddrs {
var result = iplib.LookupIP(remoteAddr)
if result != nil && result.IsOk() {
var currentURL = this.URL()
if regionConfig.MatchCountryURL(currentURL) {
// 检查国家/地区级别封禁
var countryId = result.CountryId()
if countryId > 0 && lists.ContainsInt64(regionConfig.DenyCountryIds, countryId) {
@@ -186,7 +188,9 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
return true, false
}
}
if regionConfig.MatchProvinceURL(currentURL) {
// 检查省份封禁
var provinceId = result.ProvinceId()
if provinceId > 0 && lists.ContainsInt64(regionConfig.DenyProvinceIds, provinceId) {
@@ -210,6 +214,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
}
}
}
}
// 是否执行规则
if ignoreRules {