mirror of
https://github.com/TeaOSLab/EdgeNode.git
synced 2025-11-11 05:00:25 +08:00
WAF策略增加“最多检查内容尺寸“选项
This commit is contained in:
GoEdgeLab
@@ -441,6 +441,14 @@ func (this *HTTPRequest) WAFFingerprint() []byte {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (this *HTTPRequest) WAFMaxRequestSize() int64 {
|
||||||
|
var maxRequestSize = firewallconfigs.DefaultMaxRequestBodySize
|
||||||
|
if this.ReqServer.HTTPFirewallPolicy != nil && this.ReqServer.HTTPFirewallPolicy.MaxRequestBodySize > 0 {
|
||||||
|
maxRequestSize = this.ReqServer.HTTPFirewallPolicy.MaxRequestBodySize
|
||||||
|
}
|
||||||
|
return maxRequestSize
|
||||||
|
}
|
||||||
|
|
||||||
// DisableAccessLog 在当前请求中不使用访问日志
|
// DisableAccessLog 在当前请求中不使用访问日志
|
||||||
func (this *HTTPRequest) DisableAccessLog() {
|
func (this *HTTPRequest) DisableAccessLog() {
|
||||||
this.disableLog = true
|
this.disableLog = true
|
||||||
|
|||||||
@@ -2,7 +2,6 @@ package checkpoints
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
|
|
||||||
"github.com/iwind/TeaGo/maps"
|
"github.com/iwind/TeaGo/maps"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -12,7 +11,7 @@ type RequestAllCheckpoint struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (this *RequestAllCheckpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value interface{}, hasRequestBody bool, sysErr error, userErr error) {
|
func (this *RequestAllCheckpoint) RequestValue(req requests.Request, param string, options maps.Map, ruleId int64) (value interface{}, hasRequestBody bool, sysErr error, userErr error) {
|
||||||
valueBytes := []byte{}
|
var valueBytes = []byte{}
|
||||||
if len(req.WAFRaw().RequestURI) > 0 {
|
if len(req.WAFRaw().RequestURI) > 0 {
|
||||||
valueBytes = append(valueBytes, req.WAFRaw().RequestURI...)
|
valueBytes = append(valueBytes, req.WAFRaw().RequestURI...)
|
||||||
} else if req.WAFRaw().URL != nil {
|
} else if req.WAFRaw().URL != nil {
|
||||||
@@ -30,7 +29,7 @@ func (this *RequestAllCheckpoint) RequestValue(req requests.Request, param strin
|
|||||||
var bodyData = req.WAFGetCacheBody()
|
var bodyData = req.WAFGetCacheBody()
|
||||||
hasRequestBody = true
|
hasRequestBody = true
|
||||||
if len(bodyData) == 0 {
|
if len(bodyData) == 0 {
|
||||||
data, err := req.WAFReadBody(utils.MaxBodySize) // read body
|
data, err := req.WAFReadBody(req.WAFMaxRequestSize()) // read body
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", hasRequestBody, err, nil
|
return "", hasRequestBody, err, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,7 +2,6 @@ package checkpoints
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
|
|
||||||
"github.com/iwind/TeaGo/maps"
|
"github.com/iwind/TeaGo/maps"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -25,7 +24,7 @@ func (this *RequestBodyCheckpoint) RequestValue(req requests.Request, param stri
|
|||||||
var bodyData = req.WAFGetCacheBody()
|
var bodyData = req.WAFGetCacheBody()
|
||||||
hasRequestBody = true
|
hasRequestBody = true
|
||||||
if len(bodyData) == 0 {
|
if len(bodyData) == 0 {
|
||||||
data, err := req.WAFReadBody(utils.MaxBodySize) // read body
|
data, err := req.WAFReadBody(req.WAFMaxRequestSize()) // read body
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", hasRequestBody, err, nil
|
return "", hasRequestBody, err, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,7 +2,6 @@ package checkpoints
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
|
|
||||||
"github.com/iwind/TeaGo/maps"
|
"github.com/iwind/TeaGo/maps"
|
||||||
"net/url"
|
"net/url"
|
||||||
)
|
)
|
||||||
@@ -27,7 +26,7 @@ func (this *RequestFormArgCheckpoint) RequestValue(req requests.Request, param s
|
|||||||
|
|
||||||
var bodyData = req.WAFGetCacheBody()
|
var bodyData = req.WAFGetCacheBody()
|
||||||
if len(bodyData) == 0 {
|
if len(bodyData) == 0 {
|
||||||
data, err := req.WAFReadBody(utils.MaxBodySize) // read body
|
data, err := req.WAFReadBody(req.WAFMaxRequestSize()) // read body
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", hasRequestBody, err, nil
|
return "", hasRequestBody, err, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,7 +4,6 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
wafutils "github.com/TeaOSLab/EdgeNode/internal/waf/utils"
|
|
||||||
"github.com/iwind/TeaGo/maps"
|
"github.com/iwind/TeaGo/maps"
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
@@ -18,7 +17,7 @@ func (this *RequestJSONArgCheckpoint) RequestValue(req requests.Request, param s
|
|||||||
var bodyData = req.WAFGetCacheBody()
|
var bodyData = req.WAFGetCacheBody()
|
||||||
hasRequestBody = true
|
hasRequestBody = true
|
||||||
if len(bodyData) == 0 {
|
if len(bodyData) == 0 {
|
||||||
data, err := req.WAFReadBody(wafutils.MaxBodySize) // read body
|
data, err := req.WAFReadBody(req.WAFMaxRequestSize()) // read body
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", hasRequestBody, err, nil
|
return "", hasRequestBody, err, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,7 +3,6 @@ package checkpoints
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||||
"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
|
|
||||||
"github.com/iwind/TeaGo/lists"
|
"github.com/iwind/TeaGo/lists"
|
||||||
"github.com/iwind/TeaGo/maps"
|
"github.com/iwind/TeaGo/maps"
|
||||||
"io"
|
"io"
|
||||||
@@ -40,7 +39,7 @@ func (this *RequestUploadCheckpoint) RequestValue(req requests.Request, param st
|
|||||||
if req.WAFRaw().MultipartForm == nil {
|
if req.WAFRaw().MultipartForm == nil {
|
||||||
var bodyData = req.WAFGetCacheBody()
|
var bodyData = req.WAFGetCacheBody()
|
||||||
if len(bodyData) == 0 {
|
if len(bodyData) == 0 {
|
||||||
data, err := req.WAFReadBody(utils.MaxBodySize)
|
data, err := req.WAFReadBody(req.WAFMaxRequestSize())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
sysErr = err
|
sysErr = err
|
||||||
return
|
return
|
||||||
@@ -53,7 +52,7 @@ func (this *RequestUploadCheckpoint) RequestValue(req requests.Request, param st
|
|||||||
oldBody := req.WAFRaw().Body
|
oldBody := req.WAFRaw().Body
|
||||||
req.WAFRaw().Body = io.NopCloser(bytes.NewBuffer(bodyData))
|
req.WAFRaw().Body = io.NopCloser(bytes.NewBuffer(bodyData))
|
||||||
|
|
||||||
err := req.WAFRaw().ParseMultipartForm(utils.MaxBodySize)
|
err := req.WAFRaw().ParseMultipartForm(req.WAFMaxRequestSize())
|
||||||
|
|
||||||
// 还原
|
// 还原
|
||||||
req.WAFRaw().Body = oldBody
|
req.WAFRaw().Body = oldBody
|
||||||
|
|||||||
@@ -35,6 +35,9 @@ type Request interface {
|
|||||||
// WAFFingerprint 读取连接指纹
|
// WAFFingerprint 读取连接指纹
|
||||||
WAFFingerprint() []byte
|
WAFFingerprint() []byte
|
||||||
|
|
||||||
|
// WAFMaxRequestSize 可以检查的最大内容尺寸
|
||||||
|
WAFMaxRequestSize() int64
|
||||||
|
|
||||||
// Format 格式化变量
|
// Format 格式化变量
|
||||||
Format(string) string
|
Format(string) string
|
||||||
|
|
||||||
|
|||||||
@@ -1,9 +0,0 @@
|
|||||||
// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
|
||||||
|
|
||||||
package utils
|
|
||||||
|
|
||||||
import "github.com/TeaOSLab/EdgeNode/internal/utils/sizes"
|
|
||||||
|
|
||||||
const (
|
|
||||||
MaxBodySize = 2 * sizes.M
|
|
||||||
)
|
|
||||||
Reference in New Issue
Block a user