diff --git a/internal/waf/action_captcha.go b/internal/waf/action_captcha.go index d9b3fc4..45f224a 100644 --- a/internal/waf/action_captcha.go +++ b/internal/waf/action_captcha.go @@ -5,8 +5,8 @@ import ( "github.com/TeaOSLab/EdgeNode/internal/remotelogs" "github.com/TeaOSLab/EdgeNode/internal/utils" "github.com/TeaOSLab/EdgeNode/internal/waf/requests" + wafutils "github.com/TeaOSLab/EdgeNode/internal/waf/utils" "github.com/iwind/TeaGo/maps" - "github.com/iwind/TeaGo/types" "net/http" "net/url" "strings" @@ -123,7 +123,7 @@ func (this *CaptchaAction) WillChange() bool { func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req requests.Request, writer http.ResponseWriter) (continueRequest bool, goNextSet bool) { // 是否在白名单中 - if SharedIPWhiteList.Contains("set:"+types.String(set.Id), this.Scope, req.WAFServerId(), req.WAFRemoteIP()) { + if SharedIPWhiteList.Contains(wafutils.ComposeIPType(set.Id, req), this.Scope, req.WAFServerId(), req.WAFRemoteIP()) { return true, false } diff --git a/internal/waf/captcha_validator.go b/internal/waf/captcha_validator.go index 7b86cef..981a492 100644 --- a/internal/waf/captcha_validator.go +++ b/internal/waf/captcha_validator.go @@ -8,13 +8,13 @@ import ( "github.com/TeaOSLab/EdgeNode/internal/utils" "github.com/TeaOSLab/EdgeNode/internal/utils/fasttime" "github.com/TeaOSLab/EdgeNode/internal/waf/requests" + wafutils "github.com/TeaOSLab/EdgeNode/internal/waf/utils" "github.com/dchest/captcha" "github.com/iwind/TeaGo/logs" "github.com/iwind/TeaGo/rands" "github.com/iwind/TeaGo/types" stringutil "github.com/iwind/TeaGo/utils/string" "net/http" - "strconv" "strings" "time" ) @@ -263,7 +263,7 @@ func (this *CaptchaValidator) validateVerifyCodeForm(actionConfig *CaptchaAction } // 加入到白名单 - SharedIPWhiteList.RecordIP("set:"+strconv.FormatInt(setId, 10), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "") + SharedIPWhiteList.RecordIP(wafutils.ComposeIPType(setId, req), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "") req.ProcessResponseHeaders(writer.Header(), http.StatusSeeOther) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusSeeOther) @@ -416,7 +416,7 @@ func (this *CaptchaValidator) validateOneClickForm(actionConfig *CaptchaAction, } // 加入到白名单 - SharedIPWhiteList.RecordIP("set:"+strconv.FormatInt(setId, 10), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "") + SharedIPWhiteList.RecordIP(wafutils.ComposeIPType(setId, req), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "") req.ProcessResponseHeaders(writer.Header(), http.StatusSeeOther) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusSeeOther) @@ -615,7 +615,7 @@ func (this *CaptchaValidator) validateSlideForm(actionConfig *CaptchaAction, pol } // 加入到白名单 - SharedIPWhiteList.RecordIP("set:"+strconv.FormatInt(setId, 10), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "") + SharedIPWhiteList.RecordIP(wafutils.ComposeIPType(setId, req), actionConfig.Scope, req.WAFServerId(), req.WAFRemoteIP(), time.Now().Unix()+int64(life), policyId, false, groupId, setId, "") req.ProcessResponseHeaders(writer.Header(), http.StatusSeeOther) http.Redirect(writer, req.WAFRaw(), originURL, http.StatusSeeOther) diff --git a/internal/waf/utils/utils.go b/internal/waf/utils/utils.go index 8bf060a..edf08e7 100644 --- a/internal/waf/utils/utils.go +++ b/internal/waf/utils/utils.go @@ -6,7 +6,10 @@ import ( "github.com/TeaOSLab/EdgeNode/internal/ttlcache" "github.com/TeaOSLab/EdgeNode/internal/utils/cachehits" "github.com/TeaOSLab/EdgeNode/internal/utils/fasttime" + "github.com/TeaOSLab/EdgeNode/internal/waf/requests" "github.com/cespare/xxhash" + "github.com/iwind/TeaGo/types" + stringutil "github.com/iwind/TeaGo/utils/string" "strconv" ) @@ -95,3 +98,8 @@ func MatchBytesCache(regex *re.Regexp, byteSlice []byte, cacheLife CacheLife) bo cacheHits.IncreaseCached(regIdString) return b } + +// ComposeIPType 组合IP类型 +func ComposeIPType(setId int64, req requests.Request) string { + return "set:" + types.String(setId) + "@" + stringutil.Md5(req.WAFRaw().UserAgent()) +}