README
¶
WAF
A basic WAF for TeaWeb.
Config Constructions
WAF
Inbound
Rule Groups
Rule Sets
Rules
Checkpoint Param <Operator> Value
Outbound
Rule Groups
...
Apply WAF
Request --> WAF --> Backends
/
Response <-- WAF <----
Coding
waf := teawaf.NewWAF()
// add rule groups here
err := waf.Init()
if err != nil {
return
}
waf.Start()
// match http request
// (req *http.Request, responseWriter http.ResponseWriter)
goNext, ruleSet, _ := waf.MatchRequest(req, responseWriter)
if ruleSet != nil {
log.Println("meet rule set:", ruleSet.Name, "action:", ruleSet.Action)
}
if !goNext {
return
}
// stop the waf
// waf.Stop()
Documentation
¶
Index ¶
- Constants
- Variables
- func AddDeletedIPList(ipListId int64)
- func CaptchaCacheKey(req requests.Request, pageCode CaptchaPageCode) string
- func CaptchaDeleteCacheKey(req requests.Request)
- func CaptchaIncreaseFails(req requests.Request, actionConfig *CaptchaAction, policyId int64, ...) (goNext bool)
- func ExistDeletedIPList(ipListId int64) bool
- func FindActionName(action ActionString) string
- type Action
- type ActionCategory
- type ActionConfig
- type ActionDefinition
- type ActionInterface
- type ActionString
- type AllowAction
- type AllowCookieInfo
- type AllowScope
- type BaseAction
- type BlockAction
- type CaptchaAction
- type CaptchaGenerator
- type CaptchaPageCode
- type CaptchaValidator
- type Get302Action
- type Get302Validator
- type GoGroupAction
- type GoSetAction
- type IPList
- func (this *IPList) Add(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string, ...)
- func (this *IPList) Contains(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string) bool
- func (this *IPList) ContainsExpires(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string) (expiresAt int64, ok bool)
- func (this *IPList) IPMap() map[string]uint64
- func (this *IPList) IdMap() map[uint64]string
- func (this *IPList) Load(path string) error
- func (this *IPList) RecordIP(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string, ...)
- func (this *IPList) RemoveIP(ip string, serverId int64, shouldExecute bool)
- func (this *IPList) Save(path string) error
- type IPListType
- type InfoArg
- type JSCookieAction
- type LogAction
- type MatchResult
- type NotifyAction
- type PageAction
- type ParamFilter
- type PerformResult
- type Post307Action
- type RecordIPAction
- func (this *RecordIPAction) Code() string
- func (this *RecordIPAction) Init(waf *WAF) error
- func (this *RecordIPAction) IsAttack() bool
- func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, ...) PerformResult
- func (this *RecordIPAction) WillChange() bool
- type RedirectAction
- func (this *RedirectAction) Code() string
- func (this *RedirectAction) Init(waf *WAF) error
- func (this *RedirectAction) IsAttack() bool
- func (this *RedirectAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, ...) PerformResult
- func (this *RedirectAction) WillChange() bool
- type Rule
- func (this *Rule) Init() error
- func (this *Rule) IsSingleCheckpoint() bool
- func (this *Rule) MatchRequest(req requests.Request) (b bool, hasRequestBody bool, err error)
- func (this *Rule) MatchResponse(req requests.Request, resp *requests.Response) (b bool, hasRequestBody bool, err error)
- func (this *Rule) SetCheckpointFinder(finder func(prefix string) checkpoints.CheckpointInterface)
- func (this *Rule) Test(value any) bool
- type RuleCaseInsensitive
- type RuleConnector
- type RuleGroup
- func (this *RuleGroup) AddRuleSet(ruleSet *RuleSet)
- func (this *RuleGroup) FindRuleSet(id int64) *RuleSet
- func (this *RuleGroup) FindRuleSetWithCode(code string) *RuleSet
- func (this *RuleGroup) Init(waf *WAF) error
- func (this *RuleGroup) MatchRequest(req requests.Request) (b bool, hasRequestBody bool, resultSet *RuleSet, err error)
- func (this *RuleGroup) MatchResponse(req requests.Request, resp *requests.Response) (b bool, hasRequestBody bool, resultSet *RuleSet, err error)
- func (this *RuleGroup) MoveRuleSet(fromIndex int, toIndex int)
- func (this *RuleGroup) RemoveRuleSet(id int64)
- type RuleOperator
- type RuleOperatorDefinition
- type RuleSet
- func (this *RuleSet) ActionCodes() []string
- func (this *RuleSet) AddAction(code string, options maps.Map)
- func (this *RuleSet) AddRule(rule ...*Rule)
- func (this *RuleSet) HasAttackActions() bool
- func (this *RuleSet) HasSpecialActions() bool
- func (this *RuleSet) Init(waf *WAF) error
- func (this *RuleSet) MatchRequest(req requests.Request) (b bool, hasRequestBody bool, err error)
- func (this *RuleSet) MatchResponse(req requests.Request, resp *requests.Response) (b bool, hasRequestBody bool, err error)
- func (this *RuleSet) PerformActions(waf *WAF, group *RuleGroup, req requests.Request, writer http.ResponseWriter) PerformResult
- type TagAction
- type WAF
- func (this *WAF) AddAction(action ActionInterface)
- func (this *WAF) AddRuleGroup(ruleGroup *RuleGroup)
- func (this *WAF) ContainsGroupCode(code string) bool
- func (this *WAF) Copy() *WAF
- func (this *WAF) CountInboundRuleSets() int
- func (this *WAF) CountOutboundRuleSets() int
- func (this *WAF) FindAction(actionId int64) ActionInterface
- func (this *WAF) FindCheckpointInstance(prefix string) checkpoints.CheckpointInterface
- func (this *WAF) FindRuleGroup(ruleGroupId int64) *RuleGroup
- func (this *WAF) FindRuleGroupWithCode(ruleGroupCode string) *RuleGroup
- func (this *WAF) Init() (resultErrors []error)
- func (this *WAF) MatchRequest(req requests.Request, writer http.ResponseWriter, ...) (result MatchResult, err error)
- func (this *WAF) MatchResponse(req requests.Request, rawResp *http.Response, writer http.ResponseWriter) (result MatchResult, err error)
- func (this *WAF) MergeTemplate() (changedItems []string, err error)
- func (this *WAF) MoveInboundRuleGroup(fromIndex int, toIndex int)
- func (this *WAF) MoveOutboundRuleGroup(fromIndex int, toIndex int)
- func (this *WAF) RemoveRuleGroup(ruleGroupId int64)
- func (this *WAF) Save(path string) error
- func (this *WAF) Start()
- func (this *WAF) Stop()
- type WAFManager
Constants ¶
View Source
const ( CaptchaSeconds = 600 // 10 minutes CaptchaPath = "/WAF/VERIFY/CAPTCHA" )
View Source
const ( RuleConnectorAnd = "and" RuleConnectorOr = "or" )
View Source
const (
Get302Path = "/WAF/VERIFY/GET"
)
View Source
const IPTypeAll = "*"
Variables ¶
View Source
var AllActions = []*ActionDefinition{ { Name: "阻止", Code: ActionBlock, Instance: new(BlockAction), Type: reflect.TypeOf(new(BlockAction)).Elem(), }, { Name: "允许通过", Code: ActionAllow, Instance: new(AllowAction), Type: reflect.TypeOf(new(AllowAction)).Elem(), }, { Name: "允许并记录日志", Code: ActionLog, Instance: new(LogAction), Type: reflect.TypeOf(new(LogAction)).Elem(), }, { Name: "Captcha验证码", Code: ActionCaptcha, Instance: new(CaptchaAction), Type: reflect.TypeOf(new(CaptchaAction)).Elem(), }, { Name: "JS Cookie验证", Code: ActionJavascriptCookie, Instance: new(JSCookieAction), Type: reflect.TypeOf(new(JSCookieAction)).Elem(), }, { Name: "告警", Code: ActionNotify, Instance: new(NotifyAction), Type: reflect.TypeOf(new(NotifyAction)).Elem(), }, { Name: "GET 302", Code: ActionGet302, Instance: new(Get302Action), Type: reflect.TypeOf(new(Get302Action)).Elem(), }, { Name: "POST 307", Code: ActionPost307, Instance: new(Post307Action), Type: reflect.TypeOf(new(Post307Action)).Elem(), }, { Name: "记录IP", Code: ActionRecordIP, Instance: new(RecordIPAction), Type: reflect.TypeOf(new(RecordIPAction)).Elem(), }, { Name: "标签", Code: ActionTag, Instance: new(TagAction), Type: reflect.TypeOf(new(TagAction)).Elem(), }, { Name: "显示页面", Code: ActionPage, Instance: new(PageAction), Type: reflect.TypeOf(new(PageAction)).Elem(), }, { Name: "跳转", Code: ActionRedirect, Instance: new(RedirectAction), Type: reflect.TypeOf(new(RedirectAction)).Elem(), }, { Name: "跳到下一个规则分组", Code: ActionGoGroup, Instance: new(GoGroupAction), Type: reflect.TypeOf(new(GoGroupAction)).Elem(), }, { Name: "跳到下一个规则集", Code: ActionGoSet, Instance: new(GoSetAction), Type: reflect.TypeOf(new(GoSetAction)).Elem(), }, }
Functions ¶
func AddDeletedIPList ¶ added in v1.2.9
func AddDeletedIPList(ipListId int64)
AddDeletedIPList add deleted ip list
func CaptchaCacheKey ¶
func CaptchaCacheKey(req requests.Request, pageCode CaptchaPageCode) string
CaptchaCacheKey 获取Captcha缓存Key
func CaptchaDeleteCacheKey ¶
CaptchaDeleteCacheKey 清除计数
func CaptchaIncreaseFails ¶
func CaptchaIncreaseFails(req requests.Request, actionConfig *CaptchaAction, policyId int64, groupId int64, setId int64, pageCode CaptchaPageCode, useLocalFirewall bool) (goNext bool)
CaptchaIncreaseFails 增加Captcha失败次数,以便后续操作
func ExistDeletedIPList ¶ added in v1.2.9
ExistDeletedIPList check if ip list has been deleted
func FindActionName ¶
func FindActionName(action ActionString) string
Types ¶
type ActionCategory ¶
type ActionCategory = string
const ( ActionCategoryAllow ActionCategory = firewallconfigs.HTTPFirewallActionCategoryAllow ActionCategoryBlock ActionCategory = firewallconfigs.HTTPFirewallActionCategoryBlock ActionCategoryVerify ActionCategory = firewallconfigs.HTTPFirewallActionCategoryVerify )
type ActionConfig ¶
type ActionDefinition ¶
type ActionDefinition struct {
Name string
Code ActionString
Description string
Category string // category: block, verify, allow
Instance ActionInterface
Type reflect.Type
}
ActionDefinition action definition
type ActionInterface ¶
type ActionInterface interface {
// Init 初始化
Init(waf *WAF) error
// ActionId 读取ActionId
ActionId() int64
// SetActionId 设置ID
SetActionId(id int64)
// Code 代号
Code() string
// IsAttack 是否为拦截攻击动作
IsAttack() bool
// WillChange determine if the action will change the request
WillChange() bool
// Perform the action
Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
}
func FindActionInstance ¶
func FindActionInstance(action ActionString, options maps.Map) ActionInterface
type ActionString ¶
type ActionString = string
const ( ActionLog ActionString = "log" // allow and log ActionBlock ActionString = "block" // block ActionCaptcha ActionString = "captcha" // block and show captcha ActionJavascriptCookie ActionString = "js_cookie" // js cookie ActionNotify ActionString = "notify" // 告警 ActionGet302 ActionString = "get_302" // 针对GET的302重定向认证 ActionPost307 ActionString = "post_307" // 针对POST的307重定向认证 ActionRecordIP ActionString = "record_ip" // 记录IP ActionTag ActionString = "tag" // 标签 ActionPage ActionString = "page" // 显示网页 ActionRedirect ActionString = "redirect" // 跳转 ActionAllow ActionString = "allow" // allow ActionGoGroup ActionString = "go_group" // go to next rule group ActionGoSet ActionString = "go_set" // go to next rule set )
type AllowAction ¶
type AllowAction struct {
BaseAction
Scope AllowScope `yaml:"scope" json:"scope"`
}
func (*AllowAction) Code ¶
func (this *AllowAction) Code() string
func (*AllowAction) Init ¶
func (this *AllowAction) Init(waf *WAF) error
func (*AllowAction) IsAttack ¶
func (this *AllowAction) IsAttack() bool
func (*AllowAction) Perform ¶
func (this *AllowAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
func (*AllowAction) WillChange ¶
func (this *AllowAction) WillChange() bool
type AllowCookieInfo ¶ added in v1.3.5
func (*AllowCookieInfo) Decode ¶ added in v1.3.5
func (this *AllowCookieInfo) Decode(encodedString string) error
func (*AllowCookieInfo) Encode ¶ added in v1.3.5
func (this *AllowCookieInfo) Encode() (string, error)
type AllowScope ¶ added in v1.3.3
type AllowScope = string
const ( AllowScopeGroup AllowScope = "group" AllowScopeServer AllowScope = "server" AllowScopeGlobal AllowScope = "global" )
type BaseAction ¶
type BaseAction struct {
// contains filtered or unexported fields
}
func (*BaseAction) SetActionId ¶
func (this *BaseAction) SetActionId(actionId int64)
SetActionId 设置Id
type BlockAction ¶
type BlockAction struct {
BaseAction
StatusCode int `yaml:"statusCode" json:"statusCode"`
Body string `yaml:"body" json:"body"` // supports HTML
URL string `yaml:"url" json:"url"`
Timeout int32 `yaml:"timeout" json:"timeout"`
TimeoutMax int32 `yaml:"timeoutMax" json:"timeoutMax"`
Scope string `yaml:"scope" json:"scope"`
FailBlockScopeAll bool `yaml:"failBlockScopeAll" json:"failBlockScopeAll"`
}
func (*BlockAction) Code ¶
func (this *BlockAction) Code() string
func (*BlockAction) Init ¶
func (this *BlockAction) Init(waf *WAF) error
func (*BlockAction) IsAttack ¶
func (this *BlockAction) IsAttack() bool
func (*BlockAction) Perform ¶
func (this *BlockAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
func (*BlockAction) WillChange ¶
func (this *BlockAction) WillChange() bool
type CaptchaAction ¶
type CaptchaAction struct {
BaseAction
Life int32 `yaml:"life" json:"life"`
MaxFails int `yaml:"maxFails" json:"maxFails"` // 最大失败次数
FailBlockTimeout int `yaml:"failBlockTimeout" json:"failBlockTimeout"` // 失败拦截时间
FailBlockScopeAll bool `yaml:"failBlockScopeAll" json:"failBlockScopeAll"` // 是否全局有效
CountLetters int8 `yaml:"countLetters" json:"countLetters"`
CaptchaType firewallconfigs.CaptchaType `yaml:"captchaType" json:"captchaType"`
UIIsOn bool `yaml:"uiIsOn" json:"uiIsOn"` // 是否使用自定义UI
UITitle string `yaml:"uiTitle" json:"uiTitle"` // 消息标题
UIPrompt string `yaml:"uiPrompt" json:"uiPrompt"` // 消息提示
UIButtonTitle string `yaml:"uiButtonTitle" json:"uiButtonTitle"` // 按钮标题
UIShowRequestId bool `yaml:"uiShowRequestId" json:"uiShowRequestId"` // 是否显示请求ID
UICss string `yaml:"uiCss" json:"uiCss"` // CSS样式
UIBody string `yaml:"uiBody" json:"uiBody"` // 内容轮廓
OneClickUIIsOn bool `yaml:"oneClickUIIsOn" json:"oneClickUIIsOn"` // 是否使用自定义UI
OneClickUITitle string `yaml:"oneClickUITitle" json:"oneClickUITitle"` // 消息标题
OneClickUIPrompt string `yaml:"oneClickUIPrompt" json:"oneClickUIPrompt"` // 消息提示
OneClickUIShowRequestId bool `yaml:"oneClickUIShowRequestId" json:"oneClickUIShowRequestId"` // 是否显示请求ID
OneClickUICss string `yaml:"oneClickUICss" json:"oneClickUICss"` // CSS样式
OneClickUIBody string `yaml:"oneClickUIBody" json:"oneClickUIBody"` // 内容轮廓
SlideUIIsOn bool `yaml:"sliceUIIsOn" json:"sliceUIIsOn"` // 是否使用自定义UI
SlideUITitle string `yaml:"slideUITitle" json:"slideUITitle"` // 消息标题
SlideUIPrompt string `yaml:"slideUIPrompt" json:"slideUIPrompt"` // 消息提示
SlideUIShowRequestId bool `yaml:"SlideUIShowRequestId" json:"SlideUIShowRequestId"` // 是否显示请求ID
SlideUICss string `yaml:"slideUICss" json:"slideUICss"` // CSS样式
SlideUIBody string `yaml:"slideUIBody" json:"slideUIBody"` // 内容轮廓
GeeTestConfig *firewallconfigs.GeeTestConfig `yaml:"geeTestConfig" json:"geeTestConfig"` // 极验设置 MUST be struct
Lang string `yaml:"lang" json:"lang"` // 语言,zh-CN, en-US ...
AddToWhiteList bool `yaml:"addToWhiteList" json:"addToWhiteList"` // 是否加入到白名单
Scope string `yaml:"scope" json:"scope"`
}
func (*CaptchaAction) Code ¶
func (this *CaptchaAction) Code() string
func (*CaptchaAction) Init ¶
func (this *CaptchaAction) Init(waf *WAF) error
func (*CaptchaAction) IsAttack ¶
func (this *CaptchaAction) IsAttack() bool
func (*CaptchaAction) Perform ¶
func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req requests.Request, writer http.ResponseWriter) PerformResult
func (*CaptchaAction) WillChange ¶
func (this *CaptchaAction) WillChange() bool
type CaptchaGenerator ¶ added in v1.3.2
type CaptchaGenerator struct {
// contains filtered or unexported fields
}
CaptchaGenerator captcha generator
func NewCaptchaGenerator ¶ added in v1.3.2
func NewCaptchaGenerator() *CaptchaGenerator
func (*CaptchaGenerator) Get ¶ added in v1.3.2
func (this *CaptchaGenerator) Get(id string) []byte
Get captcha data
func (*CaptchaGenerator) NewCaptcha ¶ added in v1.3.2
func (this *CaptchaGenerator) NewCaptcha(length int) (captchaId string)
NewCaptcha create new captcha
func (*CaptchaGenerator) Verify ¶ added in v1.3.2
func (this *CaptchaGenerator) Verify(id string, digits string) bool
Verify user input
func (*CaptchaGenerator) WriteImage ¶ added in v1.3.2
WriteImage write image to front writer
type CaptchaPageCode ¶
type CaptchaPageCode = string
const ( CaptchaPageCodeInit CaptchaPageCode = "init" CaptchaPageCodeShow CaptchaPageCode = "show" CaptchaPageCodeImage CaptchaPageCode = "image" CaptchaPageCodeSubmit CaptchaPageCode = "submit" )
type CaptchaValidator ¶
type CaptchaValidator struct {
}
func NewCaptchaValidator ¶
func NewCaptchaValidator() *CaptchaValidator
func (*CaptchaValidator) Run ¶
func (this *CaptchaValidator) Run(req requests.Request, writer http.ResponseWriter, defaultCaptchaType firewallconfigs.ServerCaptchaType)
type Get302Action ¶
type Get302Action struct {
BaseAction
Life int32 `yaml:"life" json:"life"`
Scope string `yaml:"scope" json:"scope"`
}
Get302Action 原理: origin url --> 302 verify url --> origin url TODO 将来支持meta refresh验证
func (*Get302Action) Code ¶
func (this *Get302Action) Code() string
func (*Get302Action) Init ¶
func (this *Get302Action) Init(waf *WAF) error
func (*Get302Action) IsAttack ¶
func (this *Get302Action) IsAttack() bool
func (*Get302Action) Perform ¶
func (this *Get302Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
func (*Get302Action) WillChange ¶
func (this *Get302Action) WillChange() bool
type Get302Validator ¶
type Get302Validator struct {
}
func NewGet302Validator ¶
func NewGet302Validator() *Get302Validator
func (*Get302Validator) Run ¶
func (this *Get302Validator) Run(request requests.Request, writer http.ResponseWriter)
type GoGroupAction ¶
type GoGroupAction struct {
BaseAction
GroupId string `yaml:"groupId" json:"groupId"`
}
func (*GoGroupAction) Code ¶
func (this *GoGroupAction) Code() string
func (*GoGroupAction) Init ¶
func (this *GoGroupAction) Init(waf *WAF) error
func (*GoGroupAction) IsAttack ¶
func (this *GoGroupAction) IsAttack() bool
func (*GoGroupAction) Perform ¶
func (this *GoGroupAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
func (*GoGroupAction) WillChange ¶
func (this *GoGroupAction) WillChange() bool
type GoSetAction ¶
type GoSetAction struct {
BaseAction
GroupId string `yaml:"groupId" json:"groupId"`
SetId string `yaml:"setId" json:"setId"`
}
func (*GoSetAction) Code ¶
func (this *GoSetAction) Code() string
func (*GoSetAction) Init ¶
func (this *GoSetAction) Init(waf *WAF) error
func (*GoSetAction) IsAttack ¶
func (this *GoSetAction) IsAttack() bool
func (*GoSetAction) Perform ¶
func (this *GoSetAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
func (*GoSetAction) WillChange ¶
func (this *GoSetAction) WillChange() bool
type IPList ¶
type IPList struct {
// contains filtered or unexported fields
}
IPList IP列表管理
func (*IPList) Add ¶
func (this *IPList) Add(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string, expiresAt int64)
Add 添加IP
func (*IPList) Contains ¶
func (this *IPList) Contains(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string) bool
Contains 判断是否有某个IP
func (*IPList) ContainsExpires ¶ added in v0.5.2
func (this *IPList) ContainsExpires(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string) (expiresAt int64, ok bool)
ContainsExpires 判断是否有某个IP,并返回过期时间
func (*IPList) RecordIP ¶
func (this *IPList) RecordIP(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string, expiresAt int64, policyId int64, useLocalFirewall bool, groupId int64, setId int64, reason string)
RecordIP 记录IP
type IPListType ¶
type IPListType = string
const ( IPListTypeAllow IPListType = "allow" IPListTypeDeny IPListType = "deny" )
type InfoArg ¶ added in v1.3.5
type InfoArg struct {
ActionId int64 `json:"1,omitempty"`
Timestamp int64 `json:"2,omitempty"`
URL string `json:"3,omitempty"`
PolicyId int64 `json:"4,omitempty"`
GroupId int64 `json:"5,omitempty"`
SetId int64 `json:"6,omitempty"`
UseLocalFirewall bool `json:"7,omitempty"`
Life int32 `json:"8,omitempty"`
Scope string `json:"9,omitempty"`
RemoteIP string `json:"10,omitempty"`
}
func (*InfoArg) URLEncoded ¶ added in v1.3.5
type JSCookieAction ¶ added in v0.5.2
type JSCookieAction struct {
BaseAction
Life int32 `yaml:"life" json:"life"`
MaxFails int `yaml:"maxFails" json:"maxFails"` // 最大失败次数
FailBlockTimeout int `yaml:"failBlockTimeout" json:"failBlockTimeout"` // 失败拦截时间
Scope string `yaml:"scope" json:"scope"`
FailBlockScopeAll bool `yaml:"failBlockScopeAll" json:"failBlockScopeAll"`
}
func (*JSCookieAction) Code ¶ added in v0.5.2
func (this *JSCookieAction) Code() string
func (*JSCookieAction) Init ¶ added in v0.5.2
func (this *JSCookieAction) Init(waf *WAF) error
func (*JSCookieAction) IsAttack ¶ added in v0.5.2
func (this *JSCookieAction) IsAttack() bool
func (*JSCookieAction) Perform ¶ added in v0.5.2
func (this *JSCookieAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req requests.Request, writer http.ResponseWriter) PerformResult
func (*JSCookieAction) WillChange ¶ added in v0.5.2
func (this *JSCookieAction) WillChange() bool
type LogAction ¶
type LogAction struct {
BaseAction
}
func (*LogAction) Perform ¶
func (this *LogAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
func (*LogAction) WillChange ¶
type MatchResult ¶ added in v1.3.3
type MatchResult struct {
GoNext bool
HasRequestBody bool
Group *RuleGroup
Set *RuleSet
IsAllowed bool
AllowScope AllowScope
}
MatchResult request match result
type NotifyAction ¶
type NotifyAction struct {
BaseAction
}
func (*NotifyAction) Code ¶
func (this *NotifyAction) Code() string
func (*NotifyAction) Init ¶
func (this *NotifyAction) Init(waf *WAF) error
func (*NotifyAction) IsAttack ¶
func (this *NotifyAction) IsAttack() bool
func (*NotifyAction) Perform ¶
func (this *NotifyAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
Perform the action
func (*NotifyAction) WillChange ¶
func (this *NotifyAction) WillChange() bool
WillChange determine if the action will change the request
type PageAction ¶
type PageAction struct {
BaseAction
UseDefault bool `yaml:"useDefault" json:"useDefault"`
Status int `yaml:"status" json:"status"`
Body string `yaml:"body" json:"body"`
}
func (*PageAction) Code ¶
func (this *PageAction) Code() string
func (*PageAction) Init ¶
func (this *PageAction) Init(waf *WAF) error
func (*PageAction) IsAttack ¶
func (this *PageAction) IsAttack() bool
func (*PageAction) Perform ¶
func (this *PageAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
Perform the action
func (*PageAction) WillChange ¶
func (this *PageAction) WillChange() bool
WillChange determine if the action will change the request
type ParamFilter ¶
type PerformResult ¶ added in v1.3.3
type PerformResult struct {
ContinueRequest bool
GoNextGroup bool
GoNextSet bool
IsAllowed bool
AllowScope AllowScope
}
PerformResult action performing result
type Post307Action ¶
type Post307Action struct {
Life int32 `yaml:"life" json:"life"`
Scope string `yaml:"scope" json:"scope"`
BaseAction
}
func (*Post307Action) Code ¶
func (this *Post307Action) Code() string
func (*Post307Action) Init ¶
func (this *Post307Action) Init(waf *WAF) error
func (*Post307Action) IsAttack ¶
func (this *Post307Action) IsAttack() bool
func (*Post307Action) Perform ¶
func (this *Post307Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
func (*Post307Action) WillChange ¶
func (this *Post307Action) WillChange() bool
type RecordIPAction ¶
type RecordIPAction struct {
BaseAction
Type string `yaml:"type" json:"type"`
IPListId int64 `yaml:"ipListId" json:"ipListId"`
IPListIsDeleted bool `yaml:"ipListIsDeleted" json:"ipListIsDeleted"`
Level string `yaml:"level" json:"level"`
Timeout int32 `yaml:"timeout" json:"timeout"`
Scope string `yaml:"scope" json:"scope"`
}
func (*RecordIPAction) Code ¶
func (this *RecordIPAction) Code() string
func (*RecordIPAction) Init ¶
func (this *RecordIPAction) Init(waf *WAF) error
func (*RecordIPAction) IsAttack ¶
func (this *RecordIPAction) IsAttack() bool
func (*RecordIPAction) Perform ¶
func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
func (*RecordIPAction) WillChange ¶
func (this *RecordIPAction) WillChange() bool
type RedirectAction ¶ added in v1.1.0
type RedirectAction struct {
BaseAction
Status int `yaml:"status" json:"status"`
URL string `yaml:"url" json:"url"`
}
func (*RedirectAction) Code ¶ added in v1.1.0
func (this *RedirectAction) Code() string
func (*RedirectAction) Init ¶ added in v1.1.0
func (this *RedirectAction) Init(waf *WAF) error
func (*RedirectAction) IsAttack ¶ added in v1.1.0
func (this *RedirectAction) IsAttack() bool
func (*RedirectAction) Perform ¶ added in v1.1.0
func (this *RedirectAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
Perform the action
func (*RedirectAction) WillChange ¶ added in v1.1.0
func (this *RedirectAction) WillChange() bool
WillChange determine if the action will change the request
type Rule ¶
type Rule struct {
Id int64
Description string `yaml:"description" json:"description"`
Param string `yaml:"param" json:"param"` // such as ${arg.name} or ${args}, can be composite as ${arg.firstName}${arg.lastName}
ParamFilters []*ParamFilter `yaml:"paramFilters" json:"paramFilters"`
Operator RuleOperator `yaml:"operator" json:"operator"` // such as contains, gt, ...
Value string `yaml:"value" json:"value"` // compared value
IsCaseInsensitive bool `yaml:"isCaseInsensitive" json:"isCaseInsensitive"`
CheckpointOptions map[string]any `yaml:"checkpointOptions" json:"checkpointOptions"`
Priority int `yaml:"priority" json:"priority"`
// contains filtered or unexported fields
}
Rule waf rule under rule set
func (*Rule) IsSingleCheckpoint ¶
func (*Rule) MatchRequest ¶
func (*Rule) MatchResponse ¶
func (*Rule) SetCheckpointFinder ¶
func (this *Rule) SetCheckpointFinder(finder func(prefix string) checkpoints.CheckpointInterface)
type RuleCaseInsensitive ¶
type RuleCaseInsensitive = string
type RuleConnector ¶
type RuleConnector = string
type RuleGroup ¶
type RuleGroup struct {
Id int64 `yaml:"id" json:"id"`
IsOn bool `yaml:"isOn" json:"isOn"`
Name string `yaml:"name" json:"name"` // such as SQL Injection
Description string `yaml:"description" json:"description"`
Code string `yaml:"code" json:"code"` // identify the group
RuleSets []*RuleSet `yaml:"ruleSets" json:"ruleSets"`
IsInbound bool `yaml:"isInbound" json:"isInbound"`
// contains filtered or unexported fields
}
rule group
func NewRuleGroup ¶
func NewRuleGroup() *RuleGroup
func (*RuleGroup) AddRuleSet ¶
func (*RuleGroup) FindRuleSet ¶
func (*RuleGroup) FindRuleSetWithCode ¶
func (*RuleGroup) MatchRequest ¶
func (*RuleGroup) MatchResponse ¶
func (*RuleGroup) MoveRuleSet ¶
func (*RuleGroup) RemoveRuleSet ¶
type RuleOperator ¶
type RuleOperator = string
const ( RuleOperatorGt RuleOperator = "gt" RuleOperatorGte RuleOperator = "gte" RuleOperatorLt RuleOperator = "lt" RuleOperatorLte RuleOperator = "lte" RuleOperatorEq RuleOperator = "eq" RuleOperatorNeq RuleOperator = "neq" RuleOperatorEqString RuleOperator = "eq string" RuleOperatorNeqString RuleOperator = "neq string" RuleOperatorMatch RuleOperator = "match" RuleOperatorNotMatch RuleOperator = "not match" RuleOperatorWildcardMatch RuleOperator = "wildcard match" RuleOperatorWildcardNotMatch RuleOperator = "wildcard not match" RuleOperatorContains RuleOperator = "contains" RuleOperatorNotContains RuleOperator = "not contains" RuleOperatorPrefix RuleOperator = "prefix" RuleOperatorSuffix RuleOperator = "suffix" RuleOperatorContainsAny RuleOperator = "contains any" RuleOperatorContainsAll RuleOperator = "contains all" RuleOperatorContainsAnyWord RuleOperator = "contains any word" RuleOperatorContainsAllWords RuleOperator = "contains all words" RuleOperatorNotContainsAnyWord RuleOperator = "not contains any word" RuleOperatorContainsSQLInjection RuleOperator = "contains sql injection" RuleOperatorContainsSQLInjectionStrictly RuleOperator = "contains sql injection strictly" RuleOperatorContainsXSS RuleOperator = "contains xss" RuleOperatorContainsXSSStrictly RuleOperator = "contains xss strictly" RuleOperatorInIPList RuleOperator = "in ip list" RuleOperatorHasKey RuleOperator = "has key" // has key in slice or map RuleOperatorVersionGt RuleOperator = "version gt" RuleOperatorVersionLt RuleOperator = "version lt" RuleOperatorVersionRange RuleOperator = "version range" RuleOperatorContainsBinary RuleOperator = "contains binary" // contains binary RuleOperatorNotContainsBinary RuleOperator = "not contains binary" // not contains binary RuleOperatorEqIP RuleOperator = "eq ip" RuleOperatorGtIP RuleOperator = "gt ip" RuleOperatorGteIP RuleOperator = "gte ip" RuleOperatorLtIP RuleOperator = "lt ip" RuleOperatorLteIP RuleOperator = "lte ip" RuleOperatorIPRange RuleOperator = "ip range" RuleOperatorNotIPRange RuleOperator = "not ip range" RuleOperatorIPMod10 RuleOperator = "ip mod 10" RuleOperatorIPMod100 RuleOperator = "ip mod 100" RuleOperatorIPMod RuleOperator = "ip mod" )
type RuleOperatorDefinition ¶
type RuleOperatorDefinition struct {
Name string
Code string
Description string
CaseInsensitive RuleCaseInsensitive // default caseInsensitive setting
}
type RuleSet ¶
type RuleSet struct {
Id int64 `yaml:"id" json:"id"`
Code string `yaml:"code" json:"code"`
IsOn bool `yaml:"isOn" json:"isOn"`
Name string `yaml:"name" json:"name"`
Description string `yaml:"description" json:"description"`
Rules []*Rule `yaml:"rules" json:"rules"`
Connector RuleConnector `yaml:"connector" json:"connector"` // rules connector
Actions []*ActionConfig `yaml:"actions" json:"actions"`
IgnoreLocal bool `yaml:"ignoreLocal" json:"ignoreLocal"`
IgnoreSearchEngine bool `yaml:"ignoreSearchEngine" json:"ignoreSearchEngine"`
// contains filtered or unexported fields
}
func NewRuleSet ¶
func NewRuleSet() *RuleSet
func (*RuleSet) ActionCodes ¶
func (*RuleSet) HasAttackActions ¶
HasAttackActions 检查是否含有攻击防御动作
func (*RuleSet) HasSpecialActions ¶
HasSpecialActions 除了Allow之外是否还有别的动作
func (*RuleSet) MatchRequest ¶
func (*RuleSet) MatchResponse ¶
func (*RuleSet) PerformActions ¶
func (this *RuleSet) PerformActions(waf *WAF, group *RuleGroup, req requests.Request, writer http.ResponseWriter) PerformResult
type TagAction ¶
type TagAction struct {
BaseAction
Tags []string `yaml:"tags" json:"tags"`
}
func (*TagAction) Perform ¶
func (this *TagAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) PerformResult
func (*TagAction) WillChange ¶
type WAF ¶
type WAF struct {
Id int64 `yaml:"id" json:"id"`
IsOn bool `yaml:"isOn" json:"isOn"`
Name string `yaml:"name" json:"name"`
Inbound []*RuleGroup `yaml:"inbound" json:"inbound"`
Outbound []*RuleGroup `yaml:"outbound" json:"outbound"`
CreatedVersion string `yaml:"createdVersion" json:"createdVersion"`
Mode firewallconfigs.FirewallMode `yaml:"mode" json:"mode"`
UseLocalFirewall bool `yaml:"useLocalFirewall" json:"useLocalFirewall"`
SYNFlood *firewallconfigs.SYNFloodConfig `yaml:"synFlood" json:"synFlood"`
AllowListId int64 `yaml:"allowListId" json:"allowListId"`
DenyListId int64 `yaml:"denyListId" json:"denyListId"`
GreyListId int64 `yaml:"greyListId" json:"greyListId"`
DefaultBlockAction *BlockAction
DefaultPageAction *PageAction
DefaultCaptchaAction *CaptchaAction
DefaultJSCookieAction *JSCookieAction
DefaultPost307Action *Post307Action
DefaultGet302Action *Get302Action
// contains filtered or unexported fields
}
func NewWAFFromFile ¶
func (*WAF) AddAction ¶
func (this *WAF) AddAction(action ActionInterface)
func (*WAF) AddRuleGroup ¶
func (*WAF) ContainsGroupCode ¶
func (*WAF) CountInboundRuleSets ¶
func (*WAF) CountOutboundRuleSets ¶
func (*WAF) FindAction ¶
func (this *WAF) FindAction(actionId int64) ActionInterface
func (*WAF) FindCheckpointInstance ¶
func (this *WAF) FindCheckpointInstance(prefix string) checkpoints.CheckpointInterface
func (*WAF) FindRuleGroup ¶
func (*WAF) FindRuleGroupWithCode ¶
func (*WAF) MatchRequest ¶
func (this *WAF) MatchRequest(req requests.Request, writer http.ResponseWriter, defaultCaptchaType firewallconfigs.ServerCaptchaType) (result MatchResult, err error)
func (*WAF) MatchResponse ¶
func (this *WAF) MatchResponse(req requests.Request, rawResp *http.Response, writer http.ResponseWriter) (result MatchResult, err error)
func (*WAF) MergeTemplate ¶
MergeTemplate merge with template
func (*WAF) MoveInboundRuleGroup ¶
func (*WAF) MoveOutboundRuleGroup ¶
func (*WAF) RemoveRuleGroup ¶
type WAFManager ¶
type WAFManager struct {
// contains filtered or unexported fields
}
WAFManager WAF管理器
func (*WAFManager) ConvertWAF ¶
func (this *WAFManager) ConvertWAF(policy *firewallconfigs.HTTPFirewallPolicy) (*WAF, error)
ConvertWAF 将Policy转换为WAF
func (*WAFManager) UpdatePolicies ¶
func (this *WAFManager) UpdatePolicies(policies []*firewallconfigs.HTTPFirewallPolicy)
UpdatePolicies 更新策略
Source Files
¶
- action_allow.go
- action_base.go
- action_block.go
- action_captcha.go
- action_category.go
- action_config.go
- action_definition.go
- action_get_302.go
- action_go_group.go
- action_go_set.go
- action_instance.go
- action_interface.go
- action_js_cookie.go
- action_log.go
- action_notify.go
- action_page.go
- action_post_307.go
- action_record_ip.go
- action_redirect.go
- action_tag.go
- action_types.go
- action_utils.go
- allow_cookie_info.go
- captcha_counter.go
- captcha_generator.go
- captcha_validator.go
- get302_validator.go
- info_arg.go
- ip_list.go
- ip_lists_deleted.go
- param_filter.go
- results.go
- rule.go
- rule_group.go
- rule_operator.go
- rule_set.go
- template.go
- waf.go
- waf_manager.go
Directories
Click to show internal directories.
Click to hide internal directories.