From d3c9c0a55224de7edfe3762ea66da393e7c242b9 Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Mon, 21 Jun 2021 15:29:07 +0800
Subject: [PATCH] =?UTF-8?q?=E5=BA=94=E7=94=A8=E7=BD=91=E7=AB=99=E8=87=AA?=
 =?UTF-8?q?=E5=AE=9A=E4=B9=89=E7=9A=84WAF=E5=87=BA=E7=AB=99=E8=A7=84?=
 =?UTF-8?q?=E5=88=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/nodes/http_request_waf.go | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/internal/nodes/http_request_waf.go b/internal/nodes/http_request_waf.go
index d8b5324..e71d0dd 100644
--- a/internal/nodes/http_request_waf.go
+++ b/internal/nodes/http_request_waf.go
@@ -169,7 +169,25 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
 
 // call response waf
 func (this *HTTPRequest) doWAFResponse(resp *http.Response) (blocked bool) {
-	firewallPolicy := sharedNodeConfig.HTTPFirewallPolicy
+	// 当前服务的独立设置
+	if this.web.FirewallPolicy != nil && this.web.FirewallPolicy.IsOn {
+		blocked := this.checkWAFResponse(this.web.FirewallPolicy, resp)
+		if blocked {
+			return true
+		}
+	}
+
+	// 公用的防火墙设置
+	if sharedNodeConfig.HTTPFirewallPolicy != nil {
+		blocked := this.checkWAFResponse(sharedNodeConfig.HTTPFirewallPolicy, resp)
+		if blocked {
+			return true
+		}
+	}
+	return
+}
+
+func (this *HTTPRequest) checkWAFResponse(firewallPolicy *firewallconfigs.HTTPFirewallPolicy, resp *http.Response) (blocked bool) {
 	if firewallPolicy == nil || !firewallPolicy.IsOn || !firewallPolicy.Outbound.IsOn {
 		return
 	}