1.4.5.2
This commit is contained in:
unknown
86
EdgeNode/internal/waf/action_get_302.go
Normal file
86
EdgeNode/internal/waf/action_get_302.go
Normal file
@@ -0,0 +1,86 @@
|
||||
package waf
|
||||
|
||||
import (
|
||||
"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
|
||||
"github.com/TeaOSLab/EdgeNode/internal/utils"
|
||||
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
|
||||
"github.com/iwind/TeaGo/types"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
Get302Path = "/WAF/VERIFY/GET"
|
||||
)
|
||||
|
||||
// Get302Action
|
||||
// 原理: origin url --> 302 verify url --> origin url
|
||||
// TODO 将来支持meta refresh验证
|
||||
type Get302Action struct {
|
||||
BaseAction
|
||||
|
||||
Life int32 `yaml:"life" json:"life"`
|
||||
Scope string `yaml:"scope" json:"scope"`
|
||||
}
|
||||
|
||||
func (this *Get302Action) Init(waf *WAF) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (this *Get302Action) Code() string {
|
||||
return ActionGet302
|
||||
}
|
||||
|
||||
func (this *Get302Action) IsAttack() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (this *Get302Action) WillChange() bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func (this *Get302Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult {
|
||||
// 仅限于Get
|
||||
if request.WAFRaw().Method != http.MethodGet {
|
||||
return PerformResult{
|
||||
ContinueRequest: true,
|
||||
}
|
||||
}
|
||||
|
||||
// 是否已经在白名单中
|
||||
if SharedIPWhiteList.Contains("set:"+types.String(set.Id), this.Scope, request.WAFServerId(), request.WAFRemoteIP()) {
|
||||
return PerformResult{
|
||||
ContinueRequest: true,
|
||||
}
|
||||
}
|
||||
|
||||
var m = InfoArg{
|
||||
URL: request.WAFRaw().URL.String(),
|
||||
Timestamp: time.Now().Unix(),
|
||||
Life: this.Life,
|
||||
Scope: this.Scope,
|
||||
PolicyId: waf.Id,
|
||||
GroupId: group.Id,
|
||||
SetId: set.Id,
|
||||
UseLocalFirewall: false,
|
||||
}
|
||||
info, err := utils.SimpleEncryptObject(m)
|
||||
if err != nil {
|
||||
remotelogs.Error("WAF_GET_302_ACTION", "encode info failed: "+err.Error())
|
||||
return PerformResult{
|
||||
ContinueRequest: true,
|
||||
}
|
||||
}
|
||||
|
||||
request.DisableStat()
|
||||
request.ProcessResponseHeaders(writer.Header(), http.StatusFound)
|
||||
http.Redirect(writer, request.WAFRaw(), Get302Path+"?info="+url.QueryEscape(info), http.StatusFound)
|
||||
|
||||
flusher, ok := writer.(http.Flusher)
|
||||
if ok {
|
||||
flusher.Flush()
|
||||
}
|
||||
|
||||
return PerformResult{}
|
||||
}
|
||||
Reference in New Issue
Block a user