diff --git a/internal/nodes/http_request_waf.go b/internal/nodes/http_request_waf.go index 11f1b54..5d8feba 100644 --- a/internal/nodes/http_request_waf.go +++ b/internal/nodes/http_request_waf.go @@ -441,6 +441,14 @@ func (this *HTTPRequest) WAFFingerprint() []byte { return nil } +func (this *HTTPRequest) WAFMaxRequestSize() int64 { + var maxRequestSize = firewallconfigs.DefaultMaxRequestBodySize + if this.ReqServer.HTTPFirewallPolicy != nil && this.ReqServer.HTTPFirewallPolicy.MaxRequestBodySize > 0 { + maxRequestSize = this.ReqServer.HTTPFirewallPolicy.MaxRequestBodySize + } + return maxRequestSize +} + // DisableAccessLog 在当前请求中不使用访问日志 func (this *HTTPRequest) DisableAccessLog() { this.disableLog = true diff --git a/internal/waf/checkpoints/request_all.go b/internal/waf/checkpoints/request_all.go index 9aee689..9c08c5e 100644 --- a/internal/waf/checkpoints/request_all.go +++ b/internal/waf/checkpoints/request_all.go @@ -2,7 +2,6 @@ package checkpoints import ( "github.com/TeaOSLab/EdgeNode/internal/waf/requests" - "github.com/TeaOSLab/EdgeNode/internal/waf/utils" "github.com/iwind/TeaGo/maps" ) @@ -12,7 +11,7 @@ type RequestAllCheckpoint struct { } func (this *RequestAllCheckpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value interface{}, hasRequestBody bool, sysErr error, userErr error) { - valueBytes := []byte{} + var valueBytes = []byte{} if len(req.WAFRaw().RequestURI) > 0 { valueBytes = append(valueBytes, req.WAFRaw().RequestURI...) } else if req.WAFRaw().URL != nil { @@ -30,7 +29,7 @@ func (this *RequestAllCheckpoint) RequestValue(req requests.Request, param strin var bodyData = req.WAFGetCacheBody() hasRequestBody = true if len(bodyData) == 0 { - data, err := req.WAFReadBody(utils.MaxBodySize) // read body + data, err := req.WAFReadBody(req.WAFMaxRequestSize()) // read body if err != nil { return "", hasRequestBody, err, nil } diff --git a/internal/waf/checkpoints/request_body.go b/internal/waf/checkpoints/request_body.go index d957269..c7f271b 100644 --- a/internal/waf/checkpoints/request_body.go +++ b/internal/waf/checkpoints/request_body.go @@ -2,7 +2,6 @@ package checkpoints import ( "github.com/TeaOSLab/EdgeNode/internal/waf/requests" - "github.com/TeaOSLab/EdgeNode/internal/waf/utils" "github.com/iwind/TeaGo/maps" ) @@ -25,7 +24,7 @@ func (this *RequestBodyCheckpoint) RequestValue(req requests.Request, param stri var bodyData = req.WAFGetCacheBody() hasRequestBody = true if len(bodyData) == 0 { - data, err := req.WAFReadBody(utils.MaxBodySize) // read body + data, err := req.WAFReadBody(req.WAFMaxRequestSize()) // read body if err != nil { return "", hasRequestBody, err, nil } diff --git a/internal/waf/checkpoints/request_form_arg.go b/internal/waf/checkpoints/request_form_arg.go index 041f35c..fdc4e0f 100644 --- a/internal/waf/checkpoints/request_form_arg.go +++ b/internal/waf/checkpoints/request_form_arg.go @@ -2,7 +2,6 @@ package checkpoints import ( "github.com/TeaOSLab/EdgeNode/internal/waf/requests" - "github.com/TeaOSLab/EdgeNode/internal/waf/utils" "github.com/iwind/TeaGo/maps" "net/url" ) @@ -27,7 +26,7 @@ func (this *RequestFormArgCheckpoint) RequestValue(req requests.Request, param s var bodyData = req.WAFGetCacheBody() if len(bodyData) == 0 { - data, err := req.WAFReadBody(utils.MaxBodySize) // read body + data, err := req.WAFReadBody(req.WAFMaxRequestSize()) // read body if err != nil { return "", hasRequestBody, err, nil } diff --git a/internal/waf/checkpoints/request_json_arg.go b/internal/waf/checkpoints/request_json_arg.go index e65666e..658dd61 100644 --- a/internal/waf/checkpoints/request_json_arg.go +++ b/internal/waf/checkpoints/request_json_arg.go @@ -4,7 +4,6 @@ import ( "encoding/json" "github.com/TeaOSLab/EdgeNode/internal/utils" "github.com/TeaOSLab/EdgeNode/internal/waf/requests" - wafutils "github.com/TeaOSLab/EdgeNode/internal/waf/utils" "github.com/iwind/TeaGo/maps" "strings" ) @@ -18,7 +17,7 @@ func (this *RequestJSONArgCheckpoint) RequestValue(req requests.Request, param s var bodyData = req.WAFGetCacheBody() hasRequestBody = true if len(bodyData) == 0 { - data, err := req.WAFReadBody(wafutils.MaxBodySize) // read body + data, err := req.WAFReadBody(req.WAFMaxRequestSize()) // read body if err != nil { return "", hasRequestBody, err, nil } diff --git a/internal/waf/checkpoints/request_upload.go b/internal/waf/checkpoints/request_upload.go index dce44d4..db1cd80 100644 --- a/internal/waf/checkpoints/request_upload.go +++ b/internal/waf/checkpoints/request_upload.go @@ -3,7 +3,6 @@ package checkpoints import ( "bytes" "github.com/TeaOSLab/EdgeNode/internal/waf/requests" - "github.com/TeaOSLab/EdgeNode/internal/waf/utils" "github.com/iwind/TeaGo/lists" "github.com/iwind/TeaGo/maps" "io" @@ -40,7 +39,7 @@ func (this *RequestUploadCheckpoint) RequestValue(req requests.Request, param st if req.WAFRaw().MultipartForm == nil { var bodyData = req.WAFGetCacheBody() if len(bodyData) == 0 { - data, err := req.WAFReadBody(utils.MaxBodySize) + data, err := req.WAFReadBody(req.WAFMaxRequestSize()) if err != nil { sysErr = err return @@ -53,7 +52,7 @@ func (this *RequestUploadCheckpoint) RequestValue(req requests.Request, param st oldBody := req.WAFRaw().Body req.WAFRaw().Body = io.NopCloser(bytes.NewBuffer(bodyData)) - err := req.WAFRaw().ParseMultipartForm(utils.MaxBodySize) + err := req.WAFRaw().ParseMultipartForm(req.WAFMaxRequestSize()) // 还原 req.WAFRaw().Body = oldBody diff --git a/internal/waf/requests/request.go b/internal/waf/requests/request.go index 3ce7bbc..cdb17ce 100644 --- a/internal/waf/requests/request.go +++ b/internal/waf/requests/request.go @@ -35,6 +35,9 @@ type Request interface { // WAFFingerprint 读取连接指纹 WAFFingerprint() []byte + // WAFMaxRequestSize 可以检查的最大内容尺寸 + WAFMaxRequestSize() int64 + // Format 格式化变量 Format(string) string diff --git a/internal/waf/utils/consts.go b/internal/waf/utils/consts.go deleted file mode 100644 index 08be5cb..0000000 --- a/internal/waf/utils/consts.go +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. - -package utils - -import "github.com/TeaOSLab/EdgeNode/internal/utils/sizes" - -const ( - MaxBodySize = 2 * sizes.M -)