Documentation ¶
Index ¶
- Constants
- Variables
- func CheckCheckpointIsComposed(prefix string) bool
- func DefaultCaptchaType() *shared.Definition
- func FindAllCaptchaTypes() []*shared.Definition
- func FindAllFirewallModes() []*shared.Definition
- func FindCaptchaType(code CaptchaType) *shared.Definition
- func FindFirewallActionTypeName(actionType FirewallActionType) string
- func FindFirewallEventLevelName(code string) string
- func FindFirewallMode(code FirewallMode) *shared.Definition
- func FindRuleOperatorName(code string) string
- type Action
- type AllowScope
- type CaptchaType
- type FieldOption
- type FirewallActionConfig
- type FirewallActionFirewalldConfig
- type FirewallActionHTMLConfig
- type FirewallActionHTTPAPIConfig
- type FirewallActionIPSetConfig
- type FirewallActionIPTablesConfig
- type FirewallActionScriptConfig
- type FirewallActionType
- type FirewallActionTypeDefinition
- type FirewallEventLevelDefinition
- type FirewallMode
- type FirewallScope
- type GeeTestConfig
- type HTTPFirewallActionCategory
- type HTTPFirewallActionConfig
- type HTTPFirewallActionDefinition
- type HTTPFirewallActionString
- type HTTPFirewallAllowAction
- type HTTPFirewallBlockAction
- type HTTPFirewallCaptchaAction
- type HTTPFirewallCheckpointDefinition
- type HTTPFirewallGet302Action
- type HTTPFirewallGoGroupAction
- type HTTPFirewallGoSetAction
- type HTTPFirewallInboundConfig
- func (this *HTTPFirewallInboundConfig) AddPublicList(listId int64, listType string)
- func (this *HTTPFirewallInboundConfig) AllAllowListRefs() []*ipconfigs.IPListRef
- func (this *HTTPFirewallInboundConfig) AllDenyListRefs() []*ipconfigs.IPListRef
- func (this *HTTPFirewallInboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup
- func (this *HTTPFirewallInboundConfig) Init() error
- func (this *HTTPFirewallInboundConfig) RemovePublicList(listId int64, listType string)
- func (this *HTTPFirewallInboundConfig) RemoveRuleGroup(groupId int64)
- type HTTPFirewallJavascriptCookieAction
- type HTTPFirewallLogAction
- type HTTPFirewallNotifyAction
- type HTTPFirewallOutboundConfig
- type HTTPFirewallPageAction
- type HTTPFirewallPolicy
- func (this *HTTPFirewallPolicy) AllRuleGroups() []*HTTPFirewallRuleGroup
- func (this *HTTPFirewallPolicy) FindRuleGroup(groupId int64) *HTTPFirewallRuleGroup
- func (this *HTTPFirewallPolicy) FindRuleGroupWithCode(code string) *HTTPFirewallRuleGroup
- func (this *HTTPFirewallPolicy) FindRuleGroupWithName(name string) *HTTPFirewallRuleGroup
- func (this *HTTPFirewallPolicy) InboundJSON() ([]byte, error)
- func (this *HTTPFirewallPolicy) Init() error
- func (this *HTTPFirewallPolicy) OutboundJSON() ([]byte, error)
- func (this *HTTPFirewallPolicy) RemoveRuleGroup(groupId int64)
- type HTTPFirewallPolicyLogConfig
- type HTTPFirewallPost307Action
- type HTTPFirewallRecordIPAction
- type HTTPFirewallRef
- type HTTPFirewallRegionConfig
- func (this *HTTPFirewallRegionConfig) Init() error
- func (this *HTTPFirewallRegionConfig) IsAllowedCountry(countryId int64, provinceId int64) bool
- func (this *HTTPFirewallRegionConfig) IsAllowedProvince(countryId int64, provinceId int64) bool
- func (this *HTTPFirewallRegionConfig) IsNotEmpty() bool
- func (this *HTTPFirewallRegionConfig) MatchCountryURL(url string) bool
- func (this *HTTPFirewallRegionConfig) MatchProvinceURL(url string) bool
- type HTTPFirewallRule
- type HTTPFirewallRuleCaseInsensitive
- type HTTPFirewallRuleConnector
- type HTTPFirewallRuleGroup
- type HTTPFirewallRuleGroupRef
- type HTTPFirewallRuleOperator
- type HTTPFirewallRuleRef
- type HTTPFirewallRuleSet
- type HTTPFirewallRuleSetRef
- type HTTPFirewallTagAction
- type KeyValue
- type OptionInterface
- type OptionsOption
- type ParamFilter
- type RuleOperatorDefinition
- type SYNFloodConfig
- type ServerCaptchaType
Constants ¶
const ( GlobalListId int64 = 2_000_000_000 DefaultEventLevel = "critical" )
const ( HTTPFirewallRuleConnectorAnd = "and" HTTPFirewallRuleConnectorOr = "or" )
const DefaultMaxRequestBodySize int64 = 256 << 10
Variables ¶
var AllActions = []*HTTPFirewallActionDefinition{ { Name: "显示网页", Code: HTTPFirewallActionPage, Description: "显示请求被拦截的网页。", Category: HTTPFirewallActionCategoryBlock, }, { Name: "阻止", Code: HTTPFirewallActionBlock, Description: "阻止请求并中断当前连接,并自动将当前客户端IP加入到系统黑名单;使用此动作时,请先自行严格测试设置的规则是否正确,避免因错误封禁而导致用户无法正常访问的严重后果!", Category: HTTPFirewallActionCategoryBlock, }, { Name: "Captcha人机识别", Code: HTTPFirewallActionCaptcha, Description: "在浏览器使用人机识别机制(比如验证码)来验证客户端。", Category: HTTPFirewallActionCategoryVerify, }, { Name: "JS Cookie验证", Code: HTTPFirewallActionJavascriptCookie, Description: "首次访问网站时通过Javascript设置Cookie来验证请求。", Category: HTTPFirewallActionCategoryVerify, }, { Name: "记录IP", Code: HTTPFirewallActionRecordIP, Description: "将此IP记录到某个IP名单中。", Category: HTTPFirewallActionCategoryBlock, }, { Name: "跳转", Code: HTTPFirewallActionRedirect, Description: "跳转到新的URL。", Category: HTTPFirewallActionCategoryBlock, }, { Name: "允许通过", Code: HTTPFirewallActionAllow, Description: "允许跳过规则集正常通过防火墙。", Category: HTTPFirewallActionCategoryAllow, }, { Name: "允许并记录日志", Code: HTTPFirewallActionLog, Description: "允许正常通过并记录到日志。", Category: HTTPFirewallActionCategoryAllow, }, { Name: "标签", Code: HTTPFirewallActionTag, Description: "为匹配的请求打上标签。", Category: HTTPFirewallActionCategoryAllow, }, { Name: "告警", Code: HTTPFirewallActionNotify, Description: "向集群的消息接收人发送消息通知(商业版)。", Category: HTTPFirewallActionCategoryVerify, }, { Name: "GET 302", Code: HTTPFirewallActionGet302, Description: "通过302重定向GET请求验证客户端真实性。", Category: HTTPFirewallActionCategoryVerify, }, { Name: "POST 307", Code: HTTPFirewallActionPost307, Description: "通过307重定向POST请求验证客户端真实性。", Category: HTTPFirewallActionCategoryVerify, }, { Name: "跳到下一个规则分组", Code: HTTPFirewallActionGoGroup, Type: reflect.TypeOf(new(HTTPFirewallGoGroupAction)).Elem(), Category: HTTPFirewallActionCategoryVerify, }, { Name: "跳到下一个规则集", Code: HTTPFirewallActionGoSet, Type: reflect.TypeOf(new(HTTPFirewallGoSetAction)).Elem(), Category: HTTPFirewallActionCategoryVerify, }, }
var AllCheckpoints = []*HTTPFirewallCheckpointDefinition{ { Name: "通用请求报头长度限制", Prefix: "requestGeneralHeaderLength", Description: "通用报头比如Cache-Control、Accept之类的长度限制,防止缓冲区溢出攻击。", IsRequest: true, IsComposed: true, Priority: 100, }, { Name: "通用响应报头长度限制", Prefix: "responseGeneralHeaderLength", Description: "通用报头比如Cache-Control、Date之类的长度限制,防止缓冲区溢出攻击。", IsRequest: false, IsComposed: true, Priority: 100, }, { Name: "客户端地址(IP)", Prefix: "remoteAddr", Description: "试图通过分析X-Forwarded-For等报头获取的客户端地址,比如192.168.1.100,存在伪造的可能。", IsRequest: true, Priority: 100, }, { Name: "客户端源地址(IP)", Prefix: "rawRemoteAddr", Description: "直接连接的客户端地址,比如192.168.1.100。", IsRequest: true, Priority: 100, }, { Name: "客户端端口", Prefix: "remotePort", Description: "直接连接的客户端地址端口。", IsRequest: true, Priority: 100, }, { Name: "客户端用户名", Prefix: "remoteUser", Description: "通过BasicAuth登录的客户端用户名。", IsRequest: true, Priority: 100, }, { Name: "请求URI", Prefix: "requestURI", Description: "包含URL参数的请求URI,类似于 /hello/world?lang=go,不包含域名部分。", IsRequest: true, Priority: 100, }, { Name: "请求路径", Prefix: "requestPath", Description: "不包含URL参数的请求路径,类似于 /hello/world,不包含域名部分。", IsRequest: true, Priority: 100, }, { Name: "请求完整URL", Prefix: "requestURL", Description: "完整的请求URL,包含协议、域名、请求路径、参数等,类似于 https://example.com/hello?name=lily 。", IsRequest: true, Priority: 100, }, { Name: "请求内容长度", Prefix: "requestLength", Description: "请求报头中的Content-Length。", IsRequest: true, Priority: 100, }, { Name: "请求体内容", Prefix: "requestBody", Description: "通常在POST或者PUT等操作时会附带请求体,最大限制32M。", IsRequest: true, Priority: 5, }, { Name: "请求URI和请求体组合", Prefix: "requestAll", Description: "${requestURI}和${requestBody}组合。", IsRequest: true, Priority: 5, }, { Name: "请求表单参数", Prefix: "requestForm", Description: "获取POST或者其他方法发送的表单参数,最大请求体限制32M。", IsRequest: true, HasParams: true, Priority: 5, }, { Name: "上传文件", Prefix: "requestUpload", Description: "获取POST上传的文件信息,最大请求体限制32M。", Params: []*KeyValue{ NewKeyValue("最小文件尺寸", "minSize"), NewKeyValue("最大文件尺寸", "maxSize"), NewKeyValue("扩展名(如.txt)", "ext"), NewKeyValue("原始文件名", "name"), NewKeyValue("表单字段名", "field"), }, IsRequest: true, HasParams: true, Priority: 20, }, { Name: "请求JSON参数", Prefix: "requestJSON", Description: "获取POST或者其他方法发送的JSON,最大请求体限制32M,使用点(.)符号表示多级数据。", IsRequest: true, HasParams: true, Priority: 5, }, { Name: "请求方法", Prefix: "requestMethod", Description: "比如GET、POST。", IsRequest: true, Priority: 100, }, { Name: "请求协议", Prefix: "scheme", Description: "比如http或https。", IsRequest: true, Priority: 100, }, { Name: "HTTP协议版本", Prefix: "proto", Description: "比如HTTP/1.1。", IsRequest: true, Priority: 100, }, { Name: "主机名", Prefix: "host", Description: "比如example.com。", IsRequest: true, Priority: 100, }, { Name: "CNAME", Prefix: "cname", Description: "当前网站服务CNAME,比如38b48e4f.example.com。", IsRequest: true, Priority: 100, }, { Name: "是否为CNAME", Prefix: "isCNAME", Description: "是否为CNAME,值为1(是)或0(否)。", IsRequest: true, Priority: 100, DataType: "bool", }, { Name: "请求来源", Prefix: "refererOrigin", Description: "请求报头中的Referer和Origin值。", IsRequest: true, Priority: 100, Version: "1.3.2", }, { Name: "请求来源Referer", Prefix: "referer", Description: "请求报头中的Referer值。", IsRequest: true, Priority: 100, }, { Name: "客户端信息", Prefix: "userAgent", Description: "比如Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103。", IsRequest: true, Priority: 100, }, { Name: "内容类型", Prefix: "contentType", Description: "请求报头的Content-Type。", IsRequest: true, Priority: 100, }, { Name: "所有cookie组合字符串", Prefix: "cookies", Description: "比如sid=IxZVPFhE&city=beijing&uid=18237。", IsRequest: true, Priority: 100, }, { Name: "单个cookie值", Prefix: "cookie", Description: "单个cookie值。", IsRequest: true, HasParams: true, Priority: 100, }, { Name: "所有URL参数组合", Prefix: "args", Description: "比如name=lu&age=20。", IsRequest: true, Priority: 100, }, { Name: "单个URL参数值", Prefix: "arg", Description: "单个URL参数值。", IsRequest: true, HasParams: true, Priority: 100, }, { Name: "所有请求报头内容", Prefix: "headers", Description: "使用换行符(\\n)隔开的报头内容字符串,每行均为\"NAME: VALUE格式\"。", IsRequest: true, Priority: 100, }, { Name: "所有请求报头名称", Prefix: "headerNames", Description: "使用换行符(\\n)隔开的报头名称字符串,每行一个名称。", IsRequest: true, Priority: 100, Version: "1.3.2", }, { Name: "单个请求报头值", Prefix: "header", Description: "单个报头值。", IsRequest: true, HasParams: true, Priority: 100, }, { Name: "国家/地区名称", Prefix: "geoCountryName", Description: "当前客户端所处国家/地区名称。", IsRequest: true, HasParams: false, Priority: 90, }, { Name: "省份名称", Prefix: "geoProvinceName", Description: "当前客户端所处中国省份名称。", IsRequest: true, HasParams: false, Priority: 90, }, { Name: "城市名称", Prefix: "geoCityName", Description: "当前客户端所处中国城市名称。", IsRequest: true, HasParams: false, Priority: 90, }, { Name: "ISP名称", Prefix: "ispName", Description: "当前客户端所处ISP名称。", IsRequest: true, HasParams: false, Priority: 90, }, { Name: "CC统计", Prefix: "cc2", Description: "对统计对象进行统计。", HasParams: false, IsRequest: true, IsComposed: true, Priority: 10, }, { Name: "防盗链", Prefix: "refererBlock", Description: "对统计对象进行统计。", HasParams: false, IsRequest: true, IsComposed: true, Priority: 20, }, { Name: "CC统计(旧)", Prefix: "cc", Description: "统计某段时间段内的请求信息(不推荐再使用,请使用新的CC2统计代替)。", HasParams: true, Params: []*KeyValue{ NewKeyValue("请求数", "requests"), }, Options: []OptionInterface{ &FieldOption{ Type: "field", Name: "统计周期", Code: "period", Value: "60", IsRequired: false, Size: 8, Comment: "", Placeholder: "", RightLabel: "秒", MaxLength: 8, Validate: func(value string) (ok bool, message string) { if regexp.MustCompile(`^\d+$`).MatchString(value) { ok = true return } message = "周期需要是一个整数数字" return }, }, &OptionsOption{ Type: "options", Name: "用户识别读取来源", Code: "userType", Value: "", IsRequired: false, Size: 10, Comment: "", RightLabel: "", Validate: nil, Options: []maps.Map{ { "name": "IP", "value": "ip", }, { "name": "Cookie", "value": "cookie", }, { "name": "URL参数", "value": "get", }, { "name": "POST参数", "value": "post", }, { "name": "HTTP Header", "value": "header", }, }, }, &FieldOption{ Type: "field", Name: "用户识别字段", Code: "userField", Comment: "识别用户的唯一性字段,在用户读取来源不是IP时使用", }, &FieldOption{ Type: "field", Name: "字段读取位置", Code: "userIndex", Size: 5, MaxLength: 5, Comment: "读取用户识别字段的位置,从0开始,比如user12345的数字ID 12345的位置就是5,在用户读取来源不是IP时使用", }, }, IsRequest: true, Priority: 10, }, { Name: "响应状态码", Prefix: "status", Description: "响应状态码,比如200、404、500。", IsRequest: false, Priority: 100, }, { Name: "响应报头", Prefix: "responseHeader", Description: "响应报头值。", IsRequest: false, HasParams: true, Priority: 100, }, { Name: "响应内容", Prefix: "responseBody", Description: "响应内容字符串。", IsRequest: false, Priority: 5, }, { Name: "响应内容长度", Prefix: "bytesSent", Description: "响应内容长度,通过响应的报头Content-Length获取。", IsRequest: false, Priority: 100, }, }
AllCheckpoints all check points list
var AllRuleOperators = []*RuleOperatorDefinition{ { Name: "正则匹配", Code: HTTPFirewallRuleOperatorMatch, Description: "使用正则表达式匹配,在头部使用(?i)表示不区分大小写,<a href=\"https://goedge.cn/docs/Appendix/Regexp/Index.md\" target=\"_blank\">正则表达式语法 »</a>。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes, DataType: "regexp", }, { Name: "正则不匹配", Code: HTTPFirewallRuleOperatorNotMatch, Description: "使用正则表达式不匹配,在头部使用(?i)表示不区分大小写,<a href=\"https://goedge.cn/docs/Appendix/Regexp/Index.md\" target=\"_blank\">正则表达式语法 »</a>。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes, DataType: "regexp", }, { Name: "通配符匹配", Code: HTTPFirewallRuleOperatorWildcardMatch, Description: "判断是否和指定的通配符匹配,可以在对比值中使用星号通配符(*)表示任意字符。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes, DataType: "wildcard", }, { Name: "通配符不匹配", Code: HTTPFirewallRuleOperatorWildcardNotMatch, Description: "判断是否和指定的通配符不匹配,可以在对比值中使用星号通配符(*)表示任意字符。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes, DataType: "wildcard", }, { Name: "字符串等于", Code: HTTPFirewallRuleOperatorEqString, Description: "使用字符串对比等于。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "string", }, { Name: "字符串不等于", Code: HTTPFirewallRuleOperatorNeqString, Description: "使用字符串对比不等于。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "string", }, { Name: "包含字符串", Code: HTTPFirewallRuleOperatorContains, Description: "包含某个字符串,比如Hello World包含了World。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "string", }, { Name: "不包含字符串", Code: HTTPFirewallRuleOperatorNotContains, Description: "不包含某个字符串,比如Hello字符串中不包含Hi。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "string", }, { Name: "包含任一字符串", Code: HTTPFirewallRuleOperatorContainsAny, Description: "包含字符串列表中的任意一个,比如/hello/world包含/hello和/hi中的/hello,对比值中每行一个字符串。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "strings", }, { Name: "包含所有字符串", Code: HTTPFirewallRuleOperatorContainsAll, Description: "包含字符串列表中的所有字符串,比如/hello/world必须包含/hello和/world,对比值中每行一个字符串。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "strings", }, { Name: "包含前缀", Code: HTTPFirewallRuleOperatorPrefix, Description: "包含字符串前缀部分,比如/hello前缀会匹配/hello, /hello/world等。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "string", }, { Name: "包含后缀", Code: HTTPFirewallRuleOperatorSuffix, Description: "包含字符串后缀部分,比如/hello后缀会匹配/hello, /hi/hello等。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "string", }, { Name: "包含任一单词", Code: HTTPFirewallRuleOperatorContainsAnyWord, Description: "包含某个独立单词,对比值中每行一个单词,比如mozilla firefox里包含了mozilla和firefox两个单词,但是不包含fire和fox这两个单词。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "strings", }, { Name: "包含所有单词", Code: HTTPFirewallRuleOperatorContainsAllWords, Description: "包含所有的独立单词,对比值中每行一个单词,比如mozilla firefox里包含了mozilla和firefox两个单词,但是不包含fire和fox这两个单词。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "strings", }, { Name: "不包含任一单词", Code: HTTPFirewallRuleOperatorNotContainsAnyWord, Description: "不包含某个独立单词,对比值中每行一个单词,比如mozilla firefox里包含了mozilla和firefox两个单词,但是不包含fire和fox这两个单词。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "strings", }, { Name: "包含SQL注入", Code: HTTPFirewallRuleOperatorContainsSQLInjection, Description: "检测字符串内容是否包含SQL注入。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "none", }, { Name: "包含SQL注入-严格模式", Code: HTTPFirewallRuleOperatorContainsSQLInjectionStrictly, Description: "更加严格地检测字符串内容是否包含SQL注入,相对于非严格模式,有一定的误报几率。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "none", }, { Name: "包含XSS注入", Code: HTTPFirewallRuleOperatorContainsXSS, Description: "检测字符串内容是否包含XSS注入。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "none", }, { Name: "包含XSS注入-严格模式", Code: HTTPFirewallRuleOperatorContainsXSSStrictly, Description: "更加严格地检测字符串内容是否包含XSS注入,相对于非严格模式,此时xml、audio、video等标签也会被匹配。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "none", }, { Name: "包含二进制数据", Code: HTTPFirewallRuleOperatorContainsBinary, Description: "包含一组二进制数据。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "string", }, { Name: "不包含二进制数据", Code: HTTPFirewallRuleOperatorNotContainsBinary, Description: "不包含一组二进制数据。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "string", }, { Name: "数值大于", Code: HTTPFirewallRuleOperatorGt, Description: "使用数值对比大于,对比值需要是一个数字。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "number", }, { Name: "数值大于等于", Code: HTTPFirewallRuleOperatorGte, Description: "使用数值对比大于等于,对比值需要是一个数字。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "number", }, { Name: "数值小于", Code: HTTPFirewallRuleOperatorLt, Description: "使用数值对比小于,对比值需要是一个数字。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "number", }, { Name: "数值小于等于", Code: HTTPFirewallRuleOperatorLte, Description: "使用数值对比小于等于,对比值需要是一个数字。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "number", }, { Name: "数值等于", Code: HTTPFirewallRuleOperatorEq, Description: "使用数值对比等于,对比值需要是一个数字。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "number", }, { Name: "数值不等于", Code: HTTPFirewallRuleOperatorNeq, Description: "使用数值对比不等于,对比值需要是一个数字。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "number", }, { Name: "包含索引", Code: HTTPFirewallRuleOperatorHasKey, Description: "对于一组数据拥有某个键值或者索引。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo, DataType: "string|number", }, { Name: "版本号大于", Code: HTTPFirewallRuleOperatorVersionGt, Description: "对比版本号大于。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "version", }, { Name: "版本号小于", Code: HTTPFirewallRuleOperatorVersionLt, Description: "对比版本号小于。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "version", }, { Name: "版本号范围", Code: HTTPFirewallRuleOperatorVersionRange, Description: "判断版本号在某个范围内,格式为 起始version1,结束version2。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "versionRange", }, { Name: "IP等于", Code: HTTPFirewallRuleOperatorEqIP, Description: "将参数转换为IP进行对比,只能对比单个IP。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "ip", }, { Name: "在一组IP中", Code: HTTPFirewallRuleOperatorInIPList, Description: "判断参数IP在一组IP内,对比值中每行一个IP。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "ips", }, { Name: "IP大于", Code: HTTPFirewallRuleOperatorGtIP, Description: "将参数转换为IP进行对比。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "ip", }, { Name: "IP大于等于", Code: HTTPFirewallRuleOperatorGteIP, Description: "将参数转换为IP进行对比。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "ip", }, { Name: "IP小于", Code: HTTPFirewallRuleOperatorLtIP, Description: "将参数转换为IP进行对比。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "ip", }, { Name: "IP小于等于", Code: HTTPFirewallRuleOperatorLteIP, Description: "将参数转换为IP进行对比。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "ip", }, { Name: "IP范围", Code: HTTPFirewallRuleOperatorIPRange, Description: "IP在某个范围之内,范围格式可以是英文逗号分隔的<code-label>开始IP,结束IP</code-label>,比如<code-label>192.168.1.100,192.168.2.200</code-label>;或者CIDR格式的ip/bits,比如<code-label>192.168.2.1/24</code-label>;或者单个IP。可以填写多行,每行一个IP范围。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "ips", }, { Name: "不在IP范围", Code: HTTPFirewallRuleOperatorNotIPRange, Description: "IP不在某个范围之内,范围格式可以是英文逗号分隔的<code-label>开始IP,结束IP</code-label>,比如<code-label>192.168.1.100,192.168.2.200</code-label>;或者CIDR格式的ip/bits,比如<code-label>192.168.2.1/24</code-label>;或者单个IP。可以填写多行,每行一个IP范围。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "ips", }, { Name: "IP取模10", Code: HTTPFirewallRuleOperatorIPMod10, Description: "对IP参数值取模,除数为10,对比值为余数。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "number", }, { Name: "IP取模100", Code: HTTPFirewallRuleOperatorIPMod100, Description: "对IP参数值取模,除数为100,对比值为余数。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "number", }, { Name: "IP取模", Code: HTTPFirewallRuleOperatorIPMod, Description: "对IP参数值取模,对比值格式为:除数,余数,比如10,1。", CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone, DataType: "number", }, }
var DefaultHTTPFirewallPolicyLogConfig = &HTTPFirewallPolicyLogConfig{ IsOn: true, RequestBody: true, RegionDenying: false, }
Functions ¶
func CheckCheckpointIsComposed ¶
CheckCheckpointIsComposed 判断Checkpoint是否为组合的
func DefaultCaptchaType ¶ added in v1.3.0
func DefaultCaptchaType() *shared.Definition
func FindAllCaptchaTypes ¶ added in v1.3.0
func FindAllCaptchaTypes() []*shared.Definition
FindAllCaptchaTypes Find all captcha types
func FindAllFirewallModes ¶
func FindAllFirewallModes() []*shared.Definition
func FindCaptchaType ¶ added in v1.3.0
func FindCaptchaType(code CaptchaType) *shared.Definition
func FindFirewallActionTypeName ¶
func FindFirewallActionTypeName(actionType FirewallActionType) string
func FindFirewallMode ¶
func FindFirewallMode(code FirewallMode) *shared.Definition
func FindRuleOperatorName ¶
Types ¶
type AllowScope ¶ added in v1.3.3
type AllowScope = string
const ( AllowScopeGroup AllowScope = "group" AllowScopeServer AllowScope = "server" AllowScopeGlobal AllowScope = "global" )
type CaptchaType ¶ added in v1.3.0
type CaptchaType = string
const ( CaptchaTypeDefault CaptchaType = "default" CaptchaTypeOneClick CaptchaType = "oneClick" CaptchaTypeSlide CaptchaType = "slide" CaptchaTypeGeeTest CaptchaType = "geetest" )
type FieldOption ¶
type FieldOption struct { Type string `json:"type"` Name string `json:"name"` Code string `json:"code"` Value string `json:"value"` // default value IsRequired bool `json:"isRequired"` Size int `json:"size"` Comment string `json:"comment"` Placeholder string `json:"placeholder"` RightLabel string `json:"rightLabel"` MaxLength int `json:"maxLength"` Validate func(value string) (ok bool, message string) `json:"-"` }
attach option
func NewFieldOption ¶
func NewFieldOption(name string, code string) *FieldOption
type FirewallActionConfig ¶
type FirewallActionConfig struct { Id int64 `yaml:"id" json:"id"` // Id Type string `yaml:"type" json:"type"` // 类型 Params maps.Map `yaml:"params" json:"params"` // 参数 EventLevel string `yaml:"eventLevel" json:"eventLevel"` // 事件级别 }
FirewallActionConfig 防火墙动作配置
type FirewallActionFirewalldConfig ¶
type FirewallActionFirewalldConfig struct {
Path string `json:"path"` // 命令路径 TODO 暂时不实现
}
type FirewallActionHTMLConfig ¶
type FirewallActionHTMLConfig struct {
Content string `json:"content"` // 完整的HTML内容
}
FirewallActionHTMLConfig HTML配置
type FirewallActionHTTPAPIConfig ¶
type FirewallActionHTTPAPIConfig struct { URL string `json:"url"` // URL路径 TimeoutSeconds int `json:"timeoutSeconds"` // 超时时间 TODO 暂时不实现 Secret string `json:"secret"` // 认证密钥 TODO 暂时不实现 }
FirewallActionHTTPAPIConfig HTTP API配置
type FirewallActionIPSetConfig ¶
type FirewallActionIPSetConfig struct { Path string `json:"path"` // 命令路径 TODO 暂时不实现 WhiteName string `json:"whiteName"` // IPSet白名单名称 BlackName string `json:"blackName"` // IPSet黑名单名称 WhiteNameIPv6 string `json:"whiteNameIPv6"` // IPv6白名单名称 BlackNameIPv6 string `json:"blackNameIPv6"` // IPv6黑名单名称 MaxElements int `json:"maxElements"` // 最多IP数量 TODO 暂时不实现 AutoAddToIPTables bool `json:"autoAddToIPTables"` // 是否自动创建IPTables规则 AutoAddToFirewalld bool `json:"autoAddToFirewalld"` // 是否自动加入到Firewalld }
type FirewallActionIPTablesConfig ¶
type FirewallActionIPTablesConfig struct {
Path string `json:"path"` // 命令路径 TODO 暂时不实现
}
type FirewallActionType ¶
type FirewallActionType = string
const ( FirewallActionTypeIPSet FirewallActionType = "ipset" FirewallActionTypeFirewalld FirewallActionType = "firewalld" FirewallActionTypeIPTables FirewallActionType = "iptables" FirewallActionTypeScript FirewallActionType = "script" FirewallActionTypeHTTPAPI FirewallActionType = "httpAPI" FirewallActionTypeHTML FirewallActionType = "html" )
type FirewallActionTypeDefinition ¶
type FirewallActionTypeDefinition struct { Name string `json:"name"` Code FirewallActionType `json:"code"` Description string `json:"description"` }
func FindAllFirewallActionTypes ¶
func FindAllFirewallActionTypes() []*FirewallActionTypeDefinition
type FirewallEventLevelDefinition ¶
type FirewallEventLevelDefinition struct { Name string `json:"name"` Code string `json:"code"` Description string `json:"description"` }
func FindAllFirewallEventLevels ¶
func FindAllFirewallEventLevels() []*FirewallEventLevelDefinition
type FirewallMode ¶
type FirewallMode = string
FirewallMode 模式
const ( FirewallModeDefend FirewallMode = "defend" // 防御模式 FirewallModeObserve FirewallMode = "observe" // 观察模式 FirewallModeBypass FirewallMode = "bypass" // 通过模式 )
type FirewallScope ¶
type FirewallScope = string
const ( FirewallScopeGlobal FirewallScope = "global" FirewallScopeServer FirewallScope = "service" // 历史原因,代号为 service 而非 server )
type GeeTestConfig ¶ added in v1.3.2
type HTTPFirewallActionCategory ¶
type HTTPFirewallActionCategory = string
const ( HTTPFirewallActionCategoryBlock HTTPFirewallActionCategory = "block" HTTPFirewallActionCategoryAllow HTTPFirewallActionCategory = "allow" HTTPFirewallActionCategoryVerify HTTPFirewallActionCategory = "verify" )
type HTTPFirewallActionConfig ¶
type HTTPFirewallActionConfig struct { Code HTTPFirewallActionString `yaml:"code" json:"code"` Options maps.Map `yaml:"options" json:"options"` }
HTTPFirewallActionConfig 单个动作配置
type HTTPFirewallActionDefinition ¶
type HTTPFirewallActionDefinition struct { Name string `json:"name"` Code HTTPFirewallActionString `json:"code"` Description string `json:"description"` Type reflect.Type `json:"type"` Category HTTPFirewallActionCategory `json:"category"` }
HTTPFirewallActionDefinition action definition
func FindActionDefinition ¶
func FindActionDefinition(actionCode HTTPFirewallActionString) *HTTPFirewallActionDefinition
type HTTPFirewallActionString ¶
type HTTPFirewallActionString = string
const ( HTTPFirewallActionLog HTTPFirewallActionString = "log" // allow and log HTTPFirewallActionBlock HTTPFirewallActionString = "block" // block HTTPFirewallActionCaptcha HTTPFirewallActionString = "captcha" // block and show captcha HTTPFirewallActionJavascriptCookie HTTPFirewallActionString = "js_cookie" // Javascript Cookie HTTPFirewallActionNotify HTTPFirewallActionString = "notify" // 告警 HTTPFirewallActionGet302 HTTPFirewallActionString = "get_302" // 针对GET的302重定向认证 HTTPFirewallActionPost307 HTTPFirewallActionString = "post_307" // 针对POST的307重定向认证 HTTPFirewallActionRecordIP HTTPFirewallActionString = "record_ip" // 记录IP HTTPFirewallActionTag HTTPFirewallActionString = "tag" // 标签 HTTPFirewallActionPage HTTPFirewallActionString = "page" // 显示页面 HTTPFirewallActionRedirect HTTPFirewallActionString = "redirect" // 跳转 HTTPFirewallActionAllow HTTPFirewallActionString = "allow" // allow HTTPFirewallActionGoGroup HTTPFirewallActionString = "go_group" // go to next rule group HTTPFirewallActionGoSet HTTPFirewallActionString = "go_set" // go to next rule set )
type HTTPFirewallAllowAction ¶
type HTTPFirewallAllowAction struct {
Scope AllowScope `yaml:"scope" json:"scope"`
}
type HTTPFirewallBlockAction ¶
type HTTPFirewallBlockAction struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` StatusCode int `yaml:"statusCode" json:"statusCode"` Body string `yaml:"body" json:"body"` // supports HTML URL string `yaml:"url" json:"url"` Timeout int32 `yaml:"timeout" json:"timeout"` // 最小封禁时长 TimeoutMax int32 `yaml:"timeoutMax" json:"timeoutMax"` // 最大封禁时长 Scope FirewallScope `yaml:"scope" json:"scope"` FailBlockScopeAll bool `yaml:"failBlockScopeAll" json:"failBlockScopeAll"` }
HTTPFirewallBlockAction default block action
func NewHTTPFirewallBlockAction ¶ added in v1.3.5
func NewHTTPFirewallBlockAction() *HTTPFirewallBlockAction
type HTTPFirewallCaptchaAction ¶
type HTTPFirewallCaptchaAction struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` CaptchaType CaptchaType `yaml:"captchaType" json:"captchaType"` // 类型 Life int32 `yaml:"life" json:"life"` // 有效期 MaxFails int `yaml:"maxFails" json:"maxFails"` // 最大失败次数 FailBlockTimeout int `yaml:"failBlockTimeout" json:"failBlockTimeout"` // 失败拦截时间 FailBlockScopeAll bool `yaml:"failBlockScopeAll" json:"failBlockScopeAll"` // 是否全局有效 CountLetters int8 `yaml:"countLetters" json:"countLetters"` // 字符数量 UIIsOn bool `yaml:"uiIsOn" json:"uiIsOn"` // 是否使用自定义UI UITitle string `yaml:"uiTitle" json:"uiTitle"` // 消息标题 UIPrompt string `yaml:"uiPrompt" json:"uiPrompt"` // 消息提示 UIButtonTitle string `yaml:"uiButtonTitle" json:"uiButtonTitle"` // 按钮标题 UIShowRequestId bool `yaml:"uiShowRequestId" json:"uiShowRequestId"` // 是否显示请求ID UICss string `yaml:"uiCss" json:"uiCss"` // CSS样式 UIBody string `yaml:"uiBody" json:"uiBody"` // 内容轮廓 CookieId string `yaml:"cookieId" json:"cookieId"` // TODO Lang string `yaml:"lang" json:"lang"` // 语言,zh-CN, en-US ... TODO 需要实现,目前是根据浏览器Accept-Language动态获取 // 极验相关配置 // MUST be struct GeeTestConfig GeeTestConfig `yaml:"geeTestConfig" json:"geeTestConfig"` }
func NewHTTPFirewallCaptchaAction ¶ added in v1.3.5
func NewHTTPFirewallCaptchaAction() *HTTPFirewallCaptchaAction
type HTTPFirewallCheckpointDefinition ¶
type HTTPFirewallCheckpointDefinition struct { Name string `json:"name"` // 名称 Description string `json:"description"` // 描述 Prefix string `json:"prefix"` // 前缀 IsRequest bool `json:"isRequest"` // 是否为请求 HasParams bool `json:"hasParams"` // 是否有子参数 Params []*KeyValue `json:"params"` // 参数 Options []OptionInterface `json:"options"` // 选项 IsComposed bool `json:"isComposed"` // 是否为组合的checkpoint Priority int `json:"priority"` // 优先级 DataType string `json:"dataType"` // 数据类型:number, bool等 Version string `json:"version"` // 被加入的版本号 }
HTTPFirewallCheckpointDefinition check point definition
func FindCheckpointDefinition ¶
func FindCheckpointDefinition(prefix string) *HTTPFirewallCheckpointDefinition
FindCheckpointDefinition 查找Checkpoint定义
type HTTPFirewallGet302Action ¶
type HTTPFirewallGet302Action struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` Life int32 `yaml:"life" json:"life"` Scope FirewallScope `yaml:"scope" json:"scope"` }
type HTTPFirewallGoGroupAction ¶
type HTTPFirewallGoGroupAction struct {
GroupId string `yaml:"groupId" json:"groupId"`
}
type HTTPFirewallGoSetAction ¶
type HTTPFirewallInboundConfig ¶
type HTTPFirewallInboundConfig struct { IsOn bool `yaml:"isOn" json:"isOn"` GroupRefs []*HTTPFirewallRuleGroupRef `yaml:"groupRefs" json:"groupRefs"` Groups []*HTTPFirewallRuleGroup `yaml:"groups" json:"groups"` // 地区相关 Region *HTTPFirewallRegionConfig `yaml:"region" json:"region"` // IP名单 AllowListRef *ipconfigs.IPListRef `yaml:"whiteListRef" json:"whiteListRef"` DenyListRef *ipconfigs.IPListRef `yaml:"blackListRef" json:"blackListRef"` GreyListRef *ipconfigs.IPListRef `yaml:"greyListRef" json:"greyListRef"` // 绑定的IP名单 PublicAllowListRefs []*ipconfigs.IPListRef `yaml:"publicWhiteListRefs" json:"publicWhiteListRefs"` PublicDenyListRefs []*ipconfigs.IPListRef `yaml:"publicBlackListRefs" json:"publicBlackListRefs"` // contains filtered or unexported fields }
HTTPFirewallInboundConfig HTTP防火墙入口配置
func (*HTTPFirewallInboundConfig) AddPublicList ¶
func (this *HTTPFirewallInboundConfig) AddPublicList(listId int64, listType string)
AddPublicList 绑定公用的IP名单
func (*HTTPFirewallInboundConfig) AllAllowListRefs ¶
func (this *HTTPFirewallInboundConfig) AllAllowListRefs() []*ipconfigs.IPListRef
AllAllowListRefs 获取所有允许的IP名单
func (*HTTPFirewallInboundConfig) AllDenyListRefs ¶
func (this *HTTPFirewallInboundConfig) AllDenyListRefs() []*ipconfigs.IPListRef
AllDenyListRefs 获取所有禁止的IP名单
func (*HTTPFirewallInboundConfig) FindGroupWithCode ¶
func (this *HTTPFirewallInboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup
FindGroupWithCode 根据Code查找Group
func (*HTTPFirewallInboundConfig) Init ¶
func (this *HTTPFirewallInboundConfig) Init() error
Init 初始化
func (*HTTPFirewallInboundConfig) RemovePublicList ¶
func (this *HTTPFirewallInboundConfig) RemovePublicList(listId int64, listType string)
RemovePublicList 解绑公用的IP名单
func (*HTTPFirewallInboundConfig) RemoveRuleGroup ¶
func (this *HTTPFirewallInboundConfig) RemoveRuleGroup(groupId int64)
RemoveRuleGroup 删除某个分组
type HTTPFirewallJavascriptCookieAction ¶ added in v0.5.2
type HTTPFirewallJavascriptCookieAction struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` Life int32 `yaml:"life" json:"life"` // 有效期 MaxFails int `yaml:"maxFails" json:"maxFails"` // 最大失败次数 FailBlockTimeout int `yaml:"failBlockTimeout" json:"failBlockTimeout"` // 失败拦截时间 Scope string `yaml:"scope" json:"scope"` FailBlockScopeAll bool `yaml:"failBlockScopeAll" json:"failBlockScopeAll"` }
func NewHTTPFirewallJavascriptCookieAction ¶ added in v1.3.5
func NewHTTPFirewallJavascriptCookieAction() *HTTPFirewallJavascriptCookieAction
type HTTPFirewallLogAction ¶
type HTTPFirewallLogAction struct { }
type HTTPFirewallNotifyAction ¶
type HTTPFirewallNotifyAction struct { }
type HTTPFirewallOutboundConfig ¶
type HTTPFirewallOutboundConfig struct { IsOn bool `yaml:"isOn" json:"isOn"` GroupRefs []*HTTPFirewallRuleGroupRef `yaml:"groupRefs" json:"groupRefs"` Groups []*HTTPFirewallRuleGroup `yaml:"groups" json:"groups"` }
func (*HTTPFirewallOutboundConfig) FindGroupWithCode ¶
func (this *HTTPFirewallOutboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup
根据Code查找Group
func (*HTTPFirewallOutboundConfig) RemoveRuleGroup ¶
func (this *HTTPFirewallOutboundConfig) RemoveRuleGroup(groupId int64)
删除某个分组
type HTTPFirewallPageAction ¶ added in v1.3.3
type HTTPFirewallPageAction struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` Status int `yaml:"status" json:"status"` Body string `yaml:"body" json:"body"` }
HTTPFirewallPageAction default page action
func NewHTTPFirewallPageAction ¶ added in v1.3.5
func NewHTTPFirewallPageAction() *HTTPFirewallPageAction
type HTTPFirewallPolicy ¶
type HTTPFirewallPolicy struct { Id int64 `yaml:"id" json:"id"` IsOn bool `yaml:"isOn" json:"isOn"` ServerId int64 `yaml:"serverId" json:"serverId"` // 所属网站ID Name string `yaml:"name" json:"name"` Description string `yaml:"description" json:"description"` Inbound *HTTPFirewallInboundConfig `yaml:"inbound" json:"inbound"` Outbound *HTTPFirewallOutboundConfig `yaml:"outbound" json:"outbound"` BlockOptions *HTTPFirewallBlockAction `yaml:"blockOptions" json:"blockOptions"` CaptchaOptions *HTTPFirewallCaptchaAction `yaml:"captchaOptions" json:"captchaOptions"` PageOptions *HTTPFirewallPageAction `yaml:"pageOptions" json:"pageOptions"` Get302Options *HTTPFirewallGet302Action `yaml:"get302Options" json:"get302Options"` Post307Options *HTTPFirewallPost307Action `yaml:"post307Options" json:"post307Options"` JSCookieOptions *HTTPFirewallJavascriptCookieAction `yaml:"jsCookieOptions" json:"jsCookieOptions"` Mode FirewallMode `yaml:"mode" json:"mode"` UseLocalFirewall bool `yaml:"useLocalFirewall" json:"useLocalFirewall"` SYNFlood *SYNFloodConfig `yaml:"synFlood" json:"synFlood"` Log *HTTPFirewallPolicyLogConfig `yaml:"log" json:"log"` // 强制记录日志 MaxRequestBodySize int64 `yaml:"maxRequestBodySize" json:"maxRequestBodySize"` // 读取的请求最大尺寸 DenyCountryHTML string `yaml:"denyCountryHTML" json:"denyCountryHTML"` // 默认地区禁用提示 DenyProvinceHTML string `yaml:"denyProvinceHTML" json:"denyProvinceHTML"` // 默认省份禁用提示 }
HTTPFirewallPolicy 防火墙策略
func HTTPFirewallTemplate ¶
func HTTPFirewallTemplate() *HTTPFirewallPolicy
func (*HTTPFirewallPolicy) AllRuleGroups ¶
func (this *HTTPFirewallPolicy) AllRuleGroups() []*HTTPFirewallRuleGroup
AllRuleGroups 获取所有分组
func (*HTTPFirewallPolicy) FindRuleGroup ¶
func (this *HTTPFirewallPolicy) FindRuleGroup(groupId int64) *HTTPFirewallRuleGroup
FindRuleGroup 根据ID查找分组
func (*HTTPFirewallPolicy) FindRuleGroupWithCode ¶
func (this *HTTPFirewallPolicy) FindRuleGroupWithCode(code string) *HTTPFirewallRuleGroup
FindRuleGroupWithCode 根据代号查找分组
func (*HTTPFirewallPolicy) FindRuleGroupWithName ¶
func (this *HTTPFirewallPolicy) FindRuleGroupWithName(name string) *HTTPFirewallRuleGroup
FindRuleGroupWithName 根据名称查找分组
func (*HTTPFirewallPolicy) InboundJSON ¶
func (this *HTTPFirewallPolicy) InboundJSON() ([]byte, error)
InboundJSON Inbound JSON
func (*HTTPFirewallPolicy) OutboundJSON ¶
func (this *HTTPFirewallPolicy) OutboundJSON() ([]byte, error)
OutboundJSON Outbound JSON
func (*HTTPFirewallPolicy) RemoveRuleGroup ¶
func (this *HTTPFirewallPolicy) RemoveRuleGroup(groupId int64)
RemoveRuleGroup 删除某个分组
type HTTPFirewallPolicyLogConfig ¶
type HTTPFirewallPolicyLogConfig struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` IsOn bool `yaml:"isOn" json:"isOn"` RequestBody bool `yaml:"requestBody" json:"requestBody"` // 是否记录RequestBody RegionDenying bool `yaml:"regionDenying" json:"regionDenying"` // 是否记录区域封禁日志 }
func (*HTTPFirewallPolicyLogConfig) Init ¶
func (this *HTTPFirewallPolicyLogConfig) Init() error
type HTTPFirewallPost307Action ¶
type HTTPFirewallPost307Action struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` Life int32 `yaml:"life" json:"life"` Scope FirewallScope `yaml:"scope" json:"scope"` }
type HTTPFirewallRecordIPAction ¶
type HTTPFirewallRecordIPAction struct { Type string `yaml:"type" json:"type"` IPListId int64 `yaml:"ipListId" json:"ipListId"` Level string `yaml:"level" json:"level"` Timeout int32 `yaml:"timeout" json:"timeout"` Scope FirewallScope `yaml:"scope" json:"scope"` }
type HTTPFirewallRef ¶
type HTTPFirewallRef struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` IsOn bool `yaml:"isOn" json:"isOn"` FirewallPolicyId int64 `yaml:"firewallPolicyId" json:"firewallPolicyId"` IgnoreGlobalRules bool `yaml:"ignoreGlobalRules" json:"ignoreGlobalRules"` // 忽略系统定义的全局规则 DefaultCaptchaType ServerCaptchaType `yaml:"defaultCaptchaType" json:"defaultCaptchaType"` // 默认人机识别方式 }
func (*HTTPFirewallRef) Init ¶
func (this *HTTPFirewallRef) Init() error
type HTTPFirewallRegionConfig ¶
type HTTPFirewallRegionConfig struct { IsOn bool `yaml:"isOn" json:"isOn"` AllowCountryIds []int64 `yaml:"allowCountryIds" json:"allowCountryIds"` // 允许的国家/地区 DenyCountryIds []int64 `yaml:"denyCountryIds" json:"denyCountryIds"` // 封禁的国家/地区 AllowProvinceIds []int64 `yaml:"allowProvinceIds" json:"allowProvinceIds"` // 允许的省或自治区 DenyProvinceIds []int64 `yaml:"denyProvinceIds" json:"denyProvinceIds"` // 封禁的省或自治区 CountryOnlyURLPatterns []*shared.URLPattern `yaml:"countryOnlyURLPatterns" json:"countryOnlyURLPatterns"` // 仅限的URL CountryExceptURLPatterns []*shared.URLPattern `yaml:"countryExceptURLPatterns" json:"countryExceptURLPatterns"` // 排除的URL CountryHTML string `yaml:"countryHTML" json:"countryHTML"` // 提示HTML ProvinceOnlyURLPatterns []*shared.URLPattern `yaml:"provinceOnlyURLPatterns" json:"provinceOnlyURLPatterns"` // 仅限的URL ProvinceExceptURLPatterns []*shared.URLPattern `yaml:"provinceExceptURLPatterns" json:"provinceExceptURLPatterns"` // 排除的URL ProvinceHTML string `yaml:"provinceHTML" json:"provinceHTML"` // 提示HTML // contains filtered or unexported fields }
func (*HTTPFirewallRegionConfig) Init ¶
func (this *HTTPFirewallRegionConfig) Init() error
func (*HTTPFirewallRegionConfig) IsAllowedCountry ¶ added in v1.2.1
func (this *HTTPFirewallRegionConfig) IsAllowedCountry(countryId int64, provinceId int64) bool
func (*HTTPFirewallRegionConfig) IsAllowedProvince ¶ added in v1.2.1
func (this *HTTPFirewallRegionConfig) IsAllowedProvince(countryId int64, provinceId int64) bool
func (*HTTPFirewallRegionConfig) IsNotEmpty ¶
func (this *HTTPFirewallRegionConfig) IsNotEmpty() bool
func (*HTTPFirewallRegionConfig) MatchCountryURL ¶ added in v1.1.0
func (this *HTTPFirewallRegionConfig) MatchCountryURL(url string) bool
func (*HTTPFirewallRegionConfig) MatchProvinceURL ¶ added in v1.1.0
func (this *HTTPFirewallRegionConfig) MatchProvinceURL(url string) bool
type HTTPFirewallRule ¶
type HTTPFirewallRule struct { Id int64 `yaml:"id" json:"id"` IsOn bool `yaml:"isOn" json:"isOn"` Param string `yaml:"param" json:"param"` ParamFilters []*ParamFilter `yaml:"paramFilters" json:"paramFilters"` Operator string `yaml:"operator" json:"operator"` Value string `yaml:"value" json:"value"` IsCaseInsensitive bool `yaml:"isCaseInsensitive" json:"isCaseInsensitive"` IsComposed bool `yaml:"isComposed" json:"isComposed"` CheckpointOptions map[string]interface{} `yaml:"checkpointOptions" json:"checkpointOptions"` Description string `yaml:"description" json:"description"` }
func (*HTTPFirewallRule) Init ¶
func (this *HTTPFirewallRule) Init() error
func (*HTTPFirewallRule) Prefix ¶
func (this *HTTPFirewallRule) Prefix() string
func (*HTTPFirewallRule) Summary ¶
func (this *HTTPFirewallRule) Summary() string
type HTTPFirewallRuleCaseInsensitive ¶
type HTTPFirewallRuleCaseInsensitive = string
type HTTPFirewallRuleConnector ¶
type HTTPFirewallRuleConnector = string
type HTTPFirewallRuleGroup ¶
type HTTPFirewallRuleGroup struct { Id int64 `yaml:"id" json:"id"` IsOn bool `yaml:"isOn" json:"isOn"` Name string `yaml:"name" json:"name"` Description string `yaml:"description" json:"description"` Code string `yaml:"code" json:"code"` SetRefs []*HTTPFirewallRuleSetRef `yaml:"setRefs" json:"setRefs"` Sets []*HTTPFirewallRuleSet `yaml:"sets" json:"sets"` IsTemplate bool `yaml:"isTemplate" json:"isTemplate"` }
HTTPFirewallRuleGroup 规则组
func (*HTTPFirewallRuleGroup) AddRuleSet ¶
func (this *HTTPFirewallRuleGroup) AddRuleSet(ruleSet *HTTPFirewallRuleSet)
AddRuleSet 添加规则集
func (*HTTPFirewallRuleGroup) FindRuleSet ¶
func (this *HTTPFirewallRuleGroup) FindRuleSet(ruleSetId int64) *HTTPFirewallRuleSet
FindRuleSet 根据ID查找规则集
func (*HTTPFirewallRuleGroup) FindRuleSetWithCode ¶
func (this *HTTPFirewallRuleGroup) FindRuleSetWithCode(code string) *HTTPFirewallRuleSet
FindRuleSetWithCode 根据Code查找规则集
type HTTPFirewallRuleOperator ¶
type HTTPFirewallRuleOperator = string
const ( HTTPFirewallRuleOperatorGt HTTPFirewallRuleOperator = "gt" HTTPFirewallRuleOperatorGte HTTPFirewallRuleOperator = "gte" HTTPFirewallRuleOperatorLt HTTPFirewallRuleOperator = "lt" HTTPFirewallRuleOperatorLte HTTPFirewallRuleOperator = "lte" HTTPFirewallRuleOperatorEq HTTPFirewallRuleOperator = "eq" HTTPFirewallRuleOperatorNeq HTTPFirewallRuleOperator = "neq" HTTPFirewallRuleOperatorEqString HTTPFirewallRuleOperator = "eq string" HTTPFirewallRuleOperatorNeqString HTTPFirewallRuleOperator = "neq string" HTTPFirewallRuleOperatorMatch HTTPFirewallRuleOperator = "match" HTTPFirewallRuleOperatorNotMatch HTTPFirewallRuleOperator = "not match" HTTPFirewallRuleOperatorWildcardMatch HTTPFirewallRuleOperator = "wildcard match" HTTPFirewallRuleOperatorWildcardNotMatch HTTPFirewallRuleOperator = "wildcard not match" HTTPFirewallRuleOperatorContains HTTPFirewallRuleOperator = "contains" HTTPFirewallRuleOperatorNotContains HTTPFirewallRuleOperator = "not contains" HTTPFirewallRuleOperatorContainsAnyWord HTTPFirewallRuleOperator = "contains any word" HTTPFirewallRuleOperatorContainsAllWords HTTPFirewallRuleOperator = "contains all words" HTTPFirewallRuleOperatorNotContainsAnyWord HTTPFirewallRuleOperator = "not contains any word" HTTPFirewallRuleOperatorPrefix HTTPFirewallRuleOperator = "prefix" HTTPFirewallRuleOperatorSuffix HTTPFirewallRuleOperator = "suffix" HTTPFirewallRuleOperatorContainsAny HTTPFirewallRuleOperator = "contains any" HTTPFirewallRuleOperatorContainsAll HTTPFirewallRuleOperator = "contains all" HTTPFirewallRuleOperatorContainsSQLInjection HTTPFirewallRuleOperator = "contains sql injection" HTTPFirewallRuleOperatorContainsSQLInjectionStrictly HTTPFirewallRuleOperator = "contains sql injection strictly" HTTPFirewallRuleOperatorContainsXSS HTTPFirewallRuleOperator = "contains xss" HTTPFirewallRuleOperatorContainsXSSStrictly HTTPFirewallRuleOperator = "contains xss strictly" HTTPFirewallRuleOperatorHasKey HTTPFirewallRuleOperator = "has key" // has key in slice or map HTTPFirewallRuleOperatorVersionGt HTTPFirewallRuleOperator = "version gt" HTTPFirewallRuleOperatorVersionLt HTTPFirewallRuleOperator = "version lt" HTTPFirewallRuleOperatorVersionRange HTTPFirewallRuleOperator = "version range" HTTPFirewallRuleOperatorContainsBinary HTTPFirewallRuleOperator = "contains binary" // contains binary HTTPFirewallRuleOperatorNotContainsBinary HTTPFirewallRuleOperator = "not contains binary" // not contains binary HTTPFirewallRuleOperatorEqIP HTTPFirewallRuleOperator = "eq ip" HTTPFirewallRuleOperatorInIPList HTTPFirewallRuleOperator = "in ip list" HTTPFirewallRuleOperatorGtIP HTTPFirewallRuleOperator = "gt ip" HTTPFirewallRuleOperatorGteIP HTTPFirewallRuleOperator = "gte ip" HTTPFirewallRuleOperatorLtIP HTTPFirewallRuleOperator = "lt ip" HTTPFirewallRuleOperatorLteIP HTTPFirewallRuleOperator = "lte ip" HTTPFirewallRuleOperatorIPRange HTTPFirewallRuleOperator = "ip range" HTTPFirewallRuleOperatorNotIPRange HTTPFirewallRuleOperator = "not ip range" HTTPFirewallRuleOperatorIPMod10 HTTPFirewallRuleOperator = "ip mod 10" HTTPFirewallRuleOperatorIPMod100 HTTPFirewallRuleOperator = "ip mod 100" HTTPFirewallRuleOperatorIPMod HTTPFirewallRuleOperator = "ip mod" HTTPFirewallRuleCaseInsensitiveNone = "none" HTTPFirewallRuleCaseInsensitiveYes = "yes" HTTPFirewallRuleCaseInsensitiveNo = "no" )
type HTTPFirewallRuleRef ¶
type HTTPFirewallRuleSet ¶
type HTTPFirewallRuleSet struct { Id int64 `yaml:"id" json:"id"` IsOn bool `yaml:"isOn" json:"isOn"` Name string `yaml:"name" json:"name"` Code string `yaml:"code" json:"code"` Description string `yaml:"description" json:"description"` Connector string `yaml:"connector" json:"connector"` RuleRefs []*HTTPFirewallRuleRef `yaml:"ruleRefs" json:"ruleRefs"` Rules []*HTTPFirewallRule `yaml:"rules" json:"rules"` IgnoreLocal bool `yaml:"ignoreLocal" json:"ignoreLocal"` Actions []*HTTPFirewallActionConfig `yaml:"actions" json:"actions"` }
HTTPFirewallRuleSet 规则集定义
func (*HTTPFirewallRuleSet) AddRule ¶
func (this *HTTPFirewallRuleSet) AddRule(rule *HTTPFirewallRule)
AddRule 添加规则
type HTTPFirewallRuleSetRef ¶
type HTTPFirewallTagAction ¶
type HTTPFirewallTagAction struct {
Tags []string `yaml:"tags" json:"tags"`
}
type KeyValue ¶
func NewKeyValue ¶
type OptionInterface ¶
type OptionInterface interface { }
type OptionsOption ¶
type OptionsOption struct { Type string `json:"type"` Name string `json:"name"` Code string `json:"code"` Value string `json:"value"` // default value IsRequired bool `json:"isRequired"` Size int `json:"size"` Comment string `json:"comment"` RightLabel string `json:"rightLabel"` Validate func(value string) (ok bool, message string) `json:"-"` Options []maps.Map `json:"options"` }
func NewOptionsOption ¶
func NewOptionsOption(name string, code string) *OptionsOption
func (*OptionsOption) SetOptions ¶
func (this *OptionsOption) SetOptions(options []maps.Map)
type ParamFilter ¶
type ParamFilter struct { Code string `yaml:"code" json:"code"` // 过滤器编号 Name string `yaml:"name" json:"name"` // 名称 Options maps.Map `yaml:"options" json:"options"` // 过滤器选项 }
对参数的过滤器
type RuleOperatorDefinition ¶
type RuleOperatorDefinition struct { Name string `json:"name"` Code string `json:"code"` Description string `json:"description"` CaseInsensitive HTTPFirewallRuleCaseInsensitive `json:"caseInsensitive"` // default caseInsensitive setting DataType string `json:"dataType"` }
type SYNFloodConfig ¶
type SYNFloodConfig struct { IsPrior bool `yaml:"isPrior" json:"isPrior"` IsOn bool `yaml:"isOn" json:"isOn"` MinAttempts int32 `yaml:"minAttempts" json:"minAttempts"` // 最小尝试次数/分钟 TimeoutSeconds int32 `yaml:"timeoutSeconds" json:"timeoutSeconds"` // 拦截超时时间 IgnoreLocal bool `yaml:"ignoreLocal" json:"ignoreLocal"` // 忽略本地IP }
SYNFloodConfig Syn flood防护设置
func NewSYNFloodConfig ¶ added in v1.3.5
func NewSYNFloodConfig() *SYNFloodConfig
func (*SYNFloodConfig) Init ¶
func (this *SYNFloodConfig) Init() error
type ServerCaptchaType ¶ added in v1.3.0
type ServerCaptchaType = string
const ( ServerCaptchaTypeNone ServerCaptchaType = "none" // 不设置表示策略整体配置 ServerCaptchaTypeDefault ServerCaptchaType = CaptchaTypeDefault ServerCaptchaTypeOneClick ServerCaptchaType = CaptchaTypeOneClick ServerCaptchaTypeSlide ServerCaptchaType = CaptchaTypeSlide ServerCaptchaTypeGeeTest ServerCaptchaType = CaptchaTypeGeeTest )
Source Files ¶
- captcha_types.go
- consts.go
- firewall_action_config.go
- firewall_actions.go
- firewall_levels.go
- firewall_mode.go
- firewall_scope.go
- http_firewall_action_allow.go
- http_firewall_action_block.go
- http_firewall_action_captcha.go
- http_firewall_action_definition.go
- http_firewall_action_get_302.go
- http_firewall_action_go_group.go
- http_firewall_action_go_set.go
- http_firewall_action_instance.go
- http_firewall_action_javascript_cookie.go
- http_firewall_action_log.go
- http_firewall_action_notify.go
- http_firewall_action_post_307.go
- http_firewall_action_record_ip.go
- http_firewall_action_tag.go
- http_firewall_action_types.go
- http_firewall_action_utils.go
- http_firewall_checkpoint_definition.go
- http_firewall_checkpoints.go
- http_firewall_inbound_config.go
- http_firewall_outbound_config.go
- http_firewall_page_action.go
- http_firewall_policy.go
- http_firewall_policy_log_config.go
- http_firewall_ref.go
- http_firewall_region_config.go
- http_firewall_rule.go
- http_firewall_rule_group.go
- http_firewall_rule_group_ref.go
- http_firewall_rule_operator.go
- http_firewall_rule_ref.go
- http_firewall_rule_set.go
- http_firewall_rule_set_ref.go
- http_firewall_template.go
- option.go
- option_field.go
- option_options.go
- param_filter.go
- syn_flood_config.go