WAF动作block和record_ip同时存在时，优先执行record_ip

2025-12-28 08:26:35 +08:00 · 2021-10-06 08:56:38 +08:00
parent f511b4089b
commit e82171afc8
2 changed files with 15 additions and 2 deletions
--- a/internal/waf/rule_set.go
+++ b/internal/waf/rule_set.go
@@ -8,6 +8,7 @@ import (
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/utils/string"
 	"net/http"
+	"sort"
 )

 type RuleConnector = string
@@ -122,6 +123,18 @@ func (this *RuleSet) PerformActions(waf *WAF, group *RuleGroup, req requests.Req
 		return true
 	}

+	// 排序
+	sort.Slice(this.actionInstances, func(i, j int) bool {
+		var instance1 = this.actionInstances[i]
+		if !instance1.WillChange() {
+			return true
+		}
+		if instance1.Code() == ActionRecordIP {
+			return true
+		}
+		return false
+	})
+
 	// 先执行allow
 	for _, instance := range this.actionInstances {
 		if !instance.WillChange() {