[waf]规则集动作支持跳转到下一个规则分组或者下一个规则集

Author: iwind

teaproxy/request_waf.go

@@ -1,7 +1,7 @@
 package teaproxy
 
 import (
-	"github.com/TeaWeb/code/teawaf/actions"
+	"github.com/TeaWeb/code/teawaf"
 	"github.com/iwind/TeaGo/logs"
 	"net/http"
 )
@@ -18,7 +18,7 @@ func (this *Request) callWAFRequest(writer *ResponseWriter) (blocked bool) {
 	}
 
 	if ruleSet != nil {
-		if ruleSet.Action != actions.ActionAllow {
+		if ruleSet.Action != teawaf.ActionAllow {
 			this.SetAttr("waf_action", ruleSet.Action)
 			this.SetAttr("waf_group", group.Id)
 			this.SetAttr("waf_ruleset", ruleSet.Id)
@@ -43,7 +43,7 @@ func (this *Request) callWAFResponse(resp *http.Response, writer *ResponseWriter
 	}
 
 	if ruleSet != nil {
-		if ruleSet.Action != actions.ActionAllow {
+		if ruleSet.Action != teawaf.ActionAllow {
 			this.SetAttr("waf_action", ruleSet.Action)
 			this.SetAttr("waf_group", group.Id)
 			this.SetAttr("waf_ruleset", ruleSet.Id)

teastats/waf_block_all_period.go

@@ -2,7 +2,7 @@ package teastats
 
 import (
 	"github.com/TeaWeb/code/tealogs/accesslogs"
-	"github.com/TeaWeb/code/teawaf/actions"
+	"github.com/TeaWeb/code/teawaf"
 	"github.com/iwind/TeaGo/logs"
 	"github.com/iwind/TeaGo/maps"
 	"strings"
@@ -72,7 +72,7 @@ func (this *WAFBlockAllPeriodFilter) Filter(accessLog *accesslogs.AccessLog) {
 	if !ok {
 		return
 	}
-	if wafAction != actions.ActionBlock {
+	if wafAction != teawaf.ActionBlock {
 		return
 	}
 

teawaf/action_allow.go

@@ -0,0 +1,14 @@
+package teawaf
+
+import (
+	"github.com/TeaWeb/code/teawaf/requests"
+	"net/http"
+)
+
+type AllowAction struct {
+}
+
+func (this *AllowAction) Perform(waf *WAF, request *requests.Request, writer http.ResponseWriter) (allow bool) {
+	// do nothing
+	return true
+}

teawaf/actions/action_block.go renamed to teawaf/action_block.go

@@ -1,7 +1,8 @@
-package actions
+package teawaf
 
 import (
 	"github.com/TeaWeb/code/teautils"
+	"github.com/TeaWeb/code/teawaf/requests"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/logs"
 	"io"
@@ -23,7 +24,7 @@ type BlockAction struct {
 	URL        string `yaml:"url" json:"url"`
 }
 
-func (this *BlockAction) Perform(request *http.Request, writer http.ResponseWriter) (allow bool) {
+func (this *BlockAction) Perform(waf *WAF, request *requests.Request, writer http.ResponseWriter) (allow bool) {
 	if writer != nil {
 		if this.StatusCode > 0 {
 			writer.WriteHeader(this.StatusCode)

teawaf/actions/action_captcha.go renamed to teawaf/action_captcha.go

@@ -1,9 +1,10 @@
-package actions
+package teawaf
 
 import (
 	"bytes"
 	"encoding/base64"
 	"fmt"
+	"github.com/TeaWeb/code/teawaf/requests"
 	"github.com/dchest/captcha"
 	"github.com/iwind/TeaGo/logs"
 	"github.com/iwind/TeaGo/types"
@@ -21,7 +22,7 @@ const (
 type CaptchaAction struct {
 }
 
-func (this *CaptchaAction) Perform(request *http.Request, writer http.ResponseWriter) (allow bool) {
+func (this *CaptchaAction) Perform(waf *WAF, request *requests.Request, writer http.ResponseWriter) (allow bool) {
 	// TEAWEB_CAPTCHA:
 	cookie, err := request.Cookie("TEAWEB_WAF_CAPTCHA")
 	if err == nil && cookie != nil && len(cookie.Value) > 32 {
@@ -48,7 +49,7 @@ func (this *CaptchaAction) Perform(request *http.Request, writer http.ResponseWr
 					Path:   "/", // all of dirs
 				})
 
-				http.Redirect(writer, request, request.URL.String(), http.StatusTemporaryRedirect)
+				http.Redirect(writer, request.Raw(), request.URL.String(), http.StatusTemporaryRedirect)
 
 				return false
 			}

teawaf/actions/action_definition.go renamed to teawaf/action_definition.go

@@ -1,9 +1,12 @@
-package actions
+package teawaf
+
+import "reflect"
 
 // action definition
 type ActionDefinition struct {
 	Name        string
 	Code        ActionString
 	Description string
 	Instance    ActionInterface
+	Type        reflect.Type
 }

teawaf/action_go_group.go

@@ -0,0 +1,34 @@
+package teawaf
+
+import (
+	"github.com/TeaWeb/code/teawaf/requests"
+	"github.com/iwind/TeaGo/logs"
+	"net/http"
+)
+
+type GoGroupAction struct {
+	GroupId string `yaml:"groupId" json:"groupId"`
+}
+
+func (this *GoGroupAction) Perform(waf *WAF, request *requests.Request, writer http.ResponseWriter) (allow bool) {
+	group := waf.FindRuleGroup(this.GroupId)
+	if group == nil || !group.On {
+		return true
+	}
+
+	b, set, err := group.MatchRequest(request)
+	if err != nil {
+		logs.Error(err)
+		return true
+	}
+
+	if !b {
+		return true
+	}
+
+	actionObject := FindActionInstance(set.Action, set.ActionOptions)
+	if actionObject == nil {
+		return true
+	}
+	return actionObject.Perform(waf, request, writer)
+}

teawaf/action_go_set.go

@@ -0,0 +1,37 @@
+package teawaf
+
+import (
+	"github.com/TeaWeb/code/teawaf/requests"
+	"github.com/iwind/TeaGo/logs"
+	"net/http"
+)
+
+type GoSetAction struct {
+	GroupId string `yaml:"groupId" json:"groupId"`
+	SetId   string `yaml:"setId" json:"setId"`
+}
+
+func (this *GoSetAction) Perform(waf *WAF, request *requests.Request, writer http.ResponseWriter) (allow bool) {
+	group := waf.FindRuleGroup(this.GroupId)
+	if group == nil || !group.On {
+		return true
+	}
+	set := group.FindRuleSet(this.SetId)
+	if set == nil || !set.On {
+		return true
+	}
+
+	b, err := set.MatchRequest(request)
+	if err != nil {
+		logs.Error(err)
+		return true
+	}
+	if !b {
+		return true
+	}
+	actionObject := FindActionInstance(set.Action, set.ActionOptions)
+	if actionObject == nil {
+		return true
+	}
+	return actionObject.Perform(waf, request, writer)
+}

teawaf/actions/action_instance.go renamed to teawaf/action_instance.go

@@ -1,4 +1,4 @@
-package actions
+package teawaf
 
 type Action struct {
 

teawaf/action_log.go

@@ -0,0 +1,13 @@
+package teawaf
+
+import (
+	"github.com/TeaWeb/code/teawaf/requests"
+	"net/http"
+)
+
+type LogAction struct {
+}
+
+func (this *LogAction) Perform(waf *WAF, request *requests.Request, writer http.ResponseWriter) (allow bool) {
+	return true
+}