waf

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2022 License: BSD-3-Clause Imports: 46 Imported by: 0

README

WAF

A basic WAF for TeaWeb.

Config Constructions

WAF
  Inbound
	  Rule Groups
		Rule Sets
		  Rules
			Checkpoint Param <Operator> Value
  Outbound
  	  Rule Groups
  	    ...

Apply WAF

Request  -->  WAF  -->   Backends
			/
Response  <-- WAF <----

Coding

waf := teawaf.NewWAF()

// add rule groups here

err := waf.Init()
if err != nil {
	return
}
waf.Start()

// match http request
// (req *http.Request, responseWriter http.ResponseWriter)
goNext, ruleSet, _ := waf.MatchRequest(req, responseWriter)
if ruleSet != nil {
	log.Println("meet rule set:", ruleSet.Name, "action:", ruleSet.Action)
}
if !goNext {
	return
}

// stop the waf
// waf.Stop()

Documentation

Index

Constants

View Source 
const (
	CaptchaSeconds = 600 // 10 minutes
	CaptchaPath    = "/WAF/VERIFY/CAPTCHA"
)
View Source 
const (
	RuleConnectorAnd = "and"
	RuleConnectorOr  = "or"
)
View Source 
const (
	Get302Path = "/WAF/VERIFY/GET"
)
View Source 
const IPTypeAll = "*"

Variables

View Source 
var AllActions = []*ActionDefinition{
	{
		Name:     "阻止",
		Code:     ActionBlock,
		Instance: new(BlockAction),
		Type:     reflect.TypeOf(new(BlockAction)).Elem(),
	},
	{
		Name:     "允许通过",
		Code:     ActionAllow,
		Instance: new(AllowAction),
		Type:     reflect.TypeOf(new(AllowAction)).Elem(),
	},
	{
		Name:     "允许并记录日志",
		Code:     ActionLog,
		Instance: new(LogAction),
		Type:     reflect.TypeOf(new(LogAction)).Elem(),
	},
	{
		Name:     "Captcha验证码",
		Code:     ActionCaptcha,
		Instance: new(CaptchaAction),
		Type:     reflect.TypeOf(new(CaptchaAction)).Elem(),
	},
	{
		Name:     "告警",
		Code:     ActionNotify,
		Instance: new(NotifyAction),
		Type:     reflect.TypeOf(new(NotifyAction)).Elem(),
	},
	{
		Name:     "GET 302",
		Code:     ActionGet302,
		Instance: new(Get302Action),
		Type:     reflect.TypeOf(new(Get302Action)).Elem(),
	},
	{
		Name:     "POST 307",
		Code:     ActionPost307,
		Instance: new(Post307Action),
		Type:     reflect.TypeOf(new(Post307Action)).Elem(),
	},
	{
		Name:     "记录IP",
		Code:     ActionRecordIP,
		Instance: new(RecordIPAction),
		Type:     reflect.TypeOf(new(RecordIPAction)).Elem(),
	},
	{
		Name:     "标签",
		Code:     ActionTag,
		Instance: new(TagAction),
		Type:     reflect.TypeOf(new(TagAction)).Elem(),
	},
	{
		Name:     "显示页面",
		Code:     ActionPage,
		Instance: new(PageAction),
		Type:     reflect.TypeOf(new(PageAction)).Elem(),
	},
	{
		Name:     "跳到下一个规则分组",
		Code:     ActionGoGroup,
		Instance: new(GoGroupAction),
		Type:     reflect.TypeOf(new(GoGroupAction)).Elem(),
	},
	{
		Name:     "跳到下一个规则集",
		Code:     ActionGoSet,
		Instance: new(GoSetAction),
		Type:     reflect.TypeOf(new(GoSetAction)).Elem(),
	},
}
View Source 
var AllRuleOperators = []*RuleOperatorDefinition{
	{
		Name:            "数值大于",
		Code:            RuleOperatorGt,
		Description:     "使用数值对比大于",
		CaseInsensitive: RuleCaseInsensitiveNone,
	},
	{
		Name:            "数值大于等于",
		Code:            RuleOperatorGte,
		Description:     "使用数值对比大于等于",
		CaseInsensitive: RuleCaseInsensitiveNone,
	},
	{
		Name:            "数值小于",
		Code:            RuleOperatorLt,
		Description:     "使用数值对比小于",
		CaseInsensitive: RuleCaseInsensitiveNone,
	},
	{
		Name:            "数值小于等于",
		Code:            RuleOperatorLte,
		Description:     "使用数值对比小于等于",
		CaseInsensitive: RuleCaseInsensitiveNone,
	},
	{
		Name:            "数值等于",
		Code:            RuleOperatorEq,
		Description:     "使用数值对比等于",
		CaseInsensitive: RuleCaseInsensitiveNone,
	},
	{
		Name:            "数值不等于",
		Code:            RuleOperatorNeq,
		Description:     "使用数值对比不等于",
		CaseInsensitive: RuleCaseInsensitiveNone,
	},
	{
		Name:            "字符串等于",
		Code:            RuleOperatorEqString,
		Description:     "使用字符串对比等于",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "字符串不等于",
		Code:            RuleOperatorNeqString,
		Description:     "使用字符串对比不等于",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "正则匹配",
		Code:            RuleOperatorMatch,
		Description:     "使用正则表达式匹配,在头部使用(?i)表示不区分大小写,<a href=\"http://teaos.cn/doc/regexp/Regexp.md\" target=\"_blank\">正则表达式语法 &raquo;</a>",
		CaseInsensitive: RuleCaseInsensitiveYes,
	},
	{
		Name:            "正则不匹配",
		Code:            RuleOperatorNotMatch,
		Description:     "使用正则表达式不匹配,在头部使用(?i)表示不区分大小写,<a href=\"http://teaos.cn/doc/regexp/Regexp.md\" target=\"_blank\">正则表达式语法 &raquo;</a>",
		CaseInsensitive: RuleCaseInsensitiveYes,
	},
	{
		Name:            "包含字符串",
		Code:            RuleOperatorContains,
		Description:     "包含某个字符串",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "不包含字符串",
		Code:            RuleOperatorNotContains,
		Description:     "不包含某个字符串",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "包含前缀",
		Code:            RuleOperatorPrefix,
		Description:     "包含某个前缀",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "包含后缀",
		Code:            RuleOperatorSuffix,
		Description:     "包含某个后缀",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "包含索引",
		Code:            RuleOperatorHasKey,
		Description:     "对于一组数据拥有某个键值或者索引",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "版本号大于",
		Code:            RuleOperatorVersionGt,
		Description:     "对比版本号大于",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "版本号小于",
		Code:            RuleOperatorVersionLt,
		Description:     "对比版本号小于",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "版本号范围",
		Code:            RuleOperatorVersionRange,
		Description:     "判断版本号在某个范围内,格式为version1,version2",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "IP等于",
		Code:            RuleOperatorEqIP,
		Description:     "将参数转换为IP进行对比",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "IP大于",
		Code:            RuleOperatorGtIP,
		Description:     "将参数转换为IP进行对比",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "IP大于等于",
		Code:            RuleOperatorGteIP,
		Description:     "将参数转换为IP进行对比",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "IP小于",
		Code:            RuleOperatorLtIP,
		Description:     "将参数转换为IP进行对比",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "IP小于等于",
		Code:            RuleOperatorLteIP,
		Description:     "将参数转换为IP进行对比",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "IP范围",
		Code:            RuleOperatorIPRange,
		Description:     "IP在某个范围之内,范围格式可以是英文逗号分隔的ip1,ip2,或者CIDR格式的ip/bits",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "不在IP范围",
		Code:            RuleOperatorNotIPRange,
		Description:     "IP不在某个范围之内,范围格式可以是英文逗号分隔的ip1,ip2,或者CIDR格式的ip/bits",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "IP取模10",
		Code:            RuleOperatorIPMod10,
		Description:     "对IP参数值取模,除数为10,对比值为余数",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "IP取模100",
		Code:            RuleOperatorIPMod100,
		Description:     "对IP参数值取模,除数为100,对比值为余数",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
	{
		Name:            "IP取模",
		Code:            RuleOperatorIPMod,
		Description:     "对IP参数值取模,对比值格式为:除数,余数,比如10,1",
		CaseInsensitive: RuleCaseInsensitiveNo,
	},
}
View Source 
var SharedIPBlackList = NewIPList(IPListTypeDeny)
View Source 
var SharedIPWhiteList = NewIPList(IPListTypeAllow)
View Source 
var SharedWAFManager = NewWAFManager()

Functions

func CaptchaCacheKey 

func CaptchaCacheKey(req requests.Request, pageCode CaptchaPageCode) string

CaptchaCacheKey 获取Captcha缓存Key

func CaptchaDeleteCacheKey 

func CaptchaDeleteCacheKey(req requests.Request)

CaptchaDeleteCacheKey 清除计数

func CaptchaIncreaseFails 

func CaptchaIncreaseFails(req requests.Request, actionConfig *CaptchaAction, policyId int64, groupId int64, setId int64, pageCode CaptchaPageCode) (goNext bool)

CaptchaIncreaseFails 增加Captcha失败次数,以便后续操作

func FindActionName 

func FindActionName(action ActionString) string

Types

type Action 

type Action struct {
}

type ActionCategory 

type ActionCategory = string
const (
	ActionCategoryAllow  ActionCategory = firewallconfigs.HTTPFirewallActionCategoryAllow
	ActionCategoryBlock  ActionCategory = firewallconfigs.HTTPFirewallActionCategoryBlock
	ActionCategoryVerify ActionCategory = firewallconfigs.HTTPFirewallActionCategoryVerify
)

type ActionConfig 

type ActionConfig struct {
	Code    string   `yaml:"code" json:"code"`
	Options maps.Map `yaml:"options" json:"options"`
}

type ActionDefinition 

type ActionDefinition struct {
	Name        string
	Code        ActionString
	Description string
	Category    string // category: block, verify, allow
	Instance    ActionInterface
	Type        reflect.Type
}

ActionDefinition action definition

type ActionInterface 

type ActionInterface interface {
	// Init 初始化
	Init(waf *WAF) error

	// ActionId 读取ActionId
	ActionId() int64

	// SetActionId 设置ID
	SetActionId(id int64)

	// Code 代号
	Code() string

	// IsAttack 是否为拦截攻击动作
	IsAttack() bool

	// WillChange determine if the action will change the request
	WillChange() bool

	// Perform the action
	Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)
}

func FindActionInstance 

func FindActionInstance(action ActionString, options maps.Map) ActionInterface

type ActionString 

type ActionString = string
const (
	ActionLog      ActionString = "log"       // allow and log
	ActionBlock    ActionString = "block"     // block
	ActionCaptcha  ActionString = "captcha"   // block and show captcha
	ActionNotify   ActionString = "notify"    // 告警
	ActionGet302   ActionString = "get_302"   // 针对GET的302重定向认证
	ActionPost307  ActionString = "post_307"  // 针对POST的307重定向认证
	ActionRecordIP ActionString = "record_ip" // 记录IP
	ActionTag      ActionString = "tag"       // 标签
	ActionPage     ActionString = "page"      // 显示网页
	ActionAllow    ActionString = "allow"     // allow
	ActionGoGroup  ActionString = "go_group"  // go to next rule group
	ActionGoSet    ActionString = "go_set"    // go to next rule set
)

type AllowAction 

type AllowAction struct {
	BaseAction
}

func (*AllowAction) Code 

func (this *AllowAction) Code() string

func (*AllowAction) Init 

func (this *AllowAction) Init(waf *WAF) error

func (*AllowAction) IsAttack 

func (this *AllowAction) IsAttack() bool

func (*AllowAction) Perform 

func (this *AllowAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

func (*AllowAction) WillChange 

func (this *AllowAction) WillChange() bool

type BaseAction 

type BaseAction struct {
	// contains filtered or unexported fields
}

func (*BaseAction) ActionId 

func (this *BaseAction) ActionId() int64

ActionId 读取ActionId

func (*BaseAction) CloseConn 

func (this *BaseAction) CloseConn(writer http.ResponseWriter) error

CloseConn 关闭连接

func (*BaseAction) SetActionId 

func (this *BaseAction) SetActionId(actionId int64)

SetActionId 设置Id

type BlockAction 

type BlockAction struct {
	BaseAction

	StatusCode int    `yaml:"statusCode" json:"statusCode"`
	Body       string `yaml:"body" json:"body"` // supports HTML
	URL        string `yaml:"url" json:"url"`
	Timeout    int32  `yaml:"timeout" json:"timeout"`
	Scope      string `yaml:"scope" json:"scope"`
}

func (*BlockAction) Code 

func (this *BlockAction) Code() string

func (*BlockAction) Init 

func (this *BlockAction) Init(waf *WAF) error

func (*BlockAction) IsAttack 

func (this *BlockAction) IsAttack() bool

func (*BlockAction) Perform 

func (this *BlockAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

func (*BlockAction) WillChange 

func (this *BlockAction) WillChange() bool

type CaptchaAction 

type CaptchaAction struct {
	BaseAction

	Life              int32 `yaml:"life" json:"life"`
	MaxFails          int   `yaml:"maxFails" json:"maxFails"`                   // 最大失败次数
	FailBlockTimeout  int   `yaml:"failBlockTimeout" json:"failBlockTimeout"`   // 失败拦截时间
	FailBlockScopeAll bool  `yaml:"failBlockScopeAll" json:"failBlockScopeAll"` // 是否全局有效

	CountLetters int8 `yaml:"countLetters" json:"countLetters"`

	UIIsOn          bool   `yaml:"uiIsOn" json:"uiIsOn"`                   // 是否使用自定义UI
	UITitle         string `yaml:"uiTitle" json:"uiTitle"`                 // 消息标题
	UIPrompt        string `yaml:"uiPrompt" json:"uiPrompt"`               // 消息提示
	UIButtonTitle   string `yaml:"uiButtonTitle" json:"uiButtonTitle"`     // 按钮标题
	UIShowRequestId bool   `yaml:"uiShowRequestId" json:"uiShowRequestId"` // 是否显示请求ID
	UICss           string `yaml:"uiCss" json:"uiCss"`                     // CSS样式
	UIFooter        string `yaml:"uiFooter" json:"uiFooter"`               // 页脚
	UIBody          string `yaml:"uiBody" json:"uiBody"`                   // 内容轮廓

	Lang           string `yaml:"lang" json:"lang"`                     // 语言,zh-CN, en-US ...
	AddToWhiteList bool   `yaml:"addToWhiteList" json:"addToWhiteList"` // 是否加入到白名单
	Scope          string `yaml:"scope" json:"scope"`
}

func (*CaptchaAction) Code 

func (this *CaptchaAction) Code() string

func (*CaptchaAction) Init 

func (this *CaptchaAction) Init(waf *WAF) error

func (*CaptchaAction) IsAttack 

func (this *CaptchaAction) IsAttack() bool

func (*CaptchaAction) Perform 

func (this *CaptchaAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, req requests.Request, writer http.ResponseWriter) (allow bool)

func (*CaptchaAction) WillChange 

func (this *CaptchaAction) WillChange() bool

type CaptchaPageCode 

type CaptchaPageCode = string
const (
	CaptchaPageCodeInit   CaptchaPageCode = "init"
	CaptchaPageCodeShow   CaptchaPageCode = "show"
	CaptchaPageCodeSubmit CaptchaPageCode = "submit"
)

type CaptchaValidator 

type CaptchaValidator struct {
}

func NewCaptchaValidator 

func NewCaptchaValidator() *CaptchaValidator

func (*CaptchaValidator) Run 

func (this *CaptchaValidator) Run(req requests.Request, writer http.ResponseWriter)

type Get302Action 

type Get302Action struct {
	BaseAction

	Life  int32  `yaml:"life" json:"life"`
	Scope string `yaml:"scope" json:"scope"`
}

Get302Action 原理: origin url --> 302 verify url --> origin url TODO 将来支持meta refresh验证

func (*Get302Action) Code 

func (this *Get302Action) Code() string

func (*Get302Action) Init 

func (this *Get302Action) Init(waf *WAF) error

func (*Get302Action) IsAttack 

func (this *Get302Action) IsAttack() bool

func (*Get302Action) Perform 

func (this *Get302Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

func (*Get302Action) WillChange 

func (this *Get302Action) WillChange() bool

type Get302Validator 

type Get302Validator struct {
}

func NewGet302Validator 

func NewGet302Validator() *Get302Validator

func (*Get302Validator) Run 

func (this *Get302Validator) Run(request requests.Request, writer http.ResponseWriter)

type GoGroupAction 

type GoGroupAction struct {
	BaseAction

	GroupId string `yaml:"groupId" json:"groupId"`
}

func (*GoGroupAction) Code 

func (this *GoGroupAction) Code() string

func (*GoGroupAction) Init 

func (this *GoGroupAction) Init(waf *WAF) error

func (*GoGroupAction) IsAttack 

func (this *GoGroupAction) IsAttack() bool

func (*GoGroupAction) Perform 

func (this *GoGroupAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

func (*GoGroupAction) WillChange 

func (this *GoGroupAction) WillChange() bool

type GoSetAction 

type GoSetAction struct {
	BaseAction

	GroupId string `yaml:"groupId" json:"groupId"`
	SetId   string `yaml:"setId" json:"setId"`
}

func (*GoSetAction) Code 

func (this *GoSetAction) Code() string

func (*GoSetAction) Init 

func (this *GoSetAction) Init(waf *WAF) error

func (*GoSetAction) IsAttack 

func (this *GoSetAction) IsAttack() bool

func (*GoSetAction) Perform 

func (this *GoSetAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

func (*GoSetAction) WillChange 

func (this *GoSetAction) WillChange() bool

type IPList 

type IPList struct {
	// contains filtered or unexported fields
}

IPList IP列表管理

func NewIPList 

func NewIPList(listType IPListType) *IPList

NewIPList 获取新对象

func (*IPList) Add 

func (this *IPList) Add(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string, expiresAt int64)

Add 添加IP

func (*IPList) Contains 

func (this *IPList) Contains(ipType string, scope firewallconfigs.FirewallScope, serverId int64, ip string) bool

Contains 判断是否有某个IP

func (*IPList) RecordIP 

func (this *IPList) RecordIP(ipType string,
	scope firewallconfigs.FirewallScope,
	serverId int64,
	ip string,
	expiresAt int64,
	policyId int64,
	useLocalFirewall bool,
	groupId int64,
	setId int64,
	reason string)

RecordIP 记录IP

func (*IPList) RemoveIP 

func (this *IPList) RemoveIP(ip string, serverId int64, shouldExecute bool)

RemoveIP 删除IP

type IPListType 

type IPListType = string
const (
	IPListTypeAllow IPListType = "allow"
	IPListTypeDeny  IPListType = "deny"
)

type LogAction 

type LogAction struct {
	BaseAction
}

func (*LogAction) Code 

func (this *LogAction) Code() string

func (*LogAction) Init 

func (this *LogAction) Init(waf *WAF) error

func (*LogAction) IsAttack 

func (this *LogAction) IsAttack() bool

func (*LogAction) Perform 

func (this *LogAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

func (*LogAction) WillChange 

func (this *LogAction) WillChange() bool

type NotifyAction 

type NotifyAction struct {
	BaseAction
}

func (*NotifyAction) Code 

func (this *NotifyAction) Code() string

func (*NotifyAction) Init 

func (this *NotifyAction) Init(waf *WAF) error

func (*NotifyAction) IsAttack 

func (this *NotifyAction) IsAttack() bool

func (*NotifyAction) Perform 

func (this *NotifyAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

Perform the action

func (*NotifyAction) WillChange 

func (this *NotifyAction) WillChange() bool

WillChange determine if the action will change the request

type PageAction 

type PageAction struct {
	BaseAction

	Status int    `yaml:"status" json:"status"`
	Body   string `yaml:"body" json:"body"`
}

func (*PageAction) Code 

func (this *PageAction) Code() string

func (*PageAction) Init 

func (this *PageAction) Init(waf *WAF) error

func (*PageAction) IsAttack 

func (this *PageAction) IsAttack() bool

func (*PageAction) Perform 

func (this *PageAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

Perform the action

func (*PageAction) WillChange 

func (this *PageAction) WillChange() bool

WillChange determine if the action will change the request

type ParamFilter 

type ParamFilter struct {
	Code    string   `yaml:"code" json:"code"`
	Options maps.Map `yaml:"options" json:"options"`
}

type Post307Action 

type Post307Action struct {
	Life  int32  `yaml:"life" json:"life"`
	Scope string `yaml:"scope" json:"scope"`

	BaseAction
}

func (*Post307Action) Code 

func (this *Post307Action) Code() string

func (*Post307Action) Init 

func (this *Post307Action) Init(waf *WAF) error

func (*Post307Action) IsAttack 

func (this *Post307Action) IsAttack() bool

func (*Post307Action) Perform 

func (this *Post307Action) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

func (*Post307Action) WillChange 

func (this *Post307Action) WillChange() bool

type RecordIPAction 

type RecordIPAction struct {
	BaseAction

	Type     string `yaml:"type" json:"type"`
	IPListId int64  `yaml:"ipListId" json:"ipListId"`
	Level    string `yaml:"level" json:"level"`
	Timeout  int32  `yaml:"timeout" json:"timeout"`
	Scope    string `yaml:"scope" json:"scope"`
}

func (*RecordIPAction) Code 

func (this *RecordIPAction) Code() string

func (*RecordIPAction) Init 

func (this *RecordIPAction) Init(waf *WAF) error

func (*RecordIPAction) IsAttack 

func (this *RecordIPAction) IsAttack() bool

func (*RecordIPAction) Perform 

func (this *RecordIPAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

func (*RecordIPAction) WillChange 

func (this *RecordIPAction) WillChange() bool

type Rule 

type Rule struct {
	Id int64

	Description       string                 `yaml:"description" json:"description"`
	Param             string                 `yaml:"param" json:"param"` // such as ${arg.name} or ${args}, can be composite as ${arg.firstName}${arg.lastName}
	ParamFilters      []*ParamFilter         `yaml:"paramFilters" json:"paramFilters"`
	Operator          RuleOperator           `yaml:"operator" json:"operator"` // such as contains, gt,  ...
	Value             string                 `yaml:"value" json:"value"`       // compared value
	IsCaseInsensitive bool                   `yaml:"isCaseInsensitive" json:"isCaseInsensitive"`
	CheckpointOptions map[string]interface{} `yaml:"checkpointOptions" json:"checkpointOptions"`
	// contains filtered or unexported fields
}

Rule

func NewRule 

func NewRule() *Rule

func (*Rule) Init 

func (this *Rule) Init() error

func (*Rule) IsSingleCheckpoint 

func (this *Rule) IsSingleCheckpoint() bool

func (*Rule) MatchRequest 

func (this *Rule) MatchRequest(req requests.Request) (b bool, hasRequestBody bool, err error)

func (*Rule) MatchResponse 

func (this *Rule) MatchResponse(req requests.Request, resp *requests.Response) (b bool, hasRequestBody bool, err error)

func (*Rule) SetCheckpointFinder 

func (this *Rule) SetCheckpointFinder(finder func(prefix string) checkpoints.CheckpointInterface)

func (*Rule) Test 

func (this *Rule) Test(value interface{}) bool

type RuleCaseInsensitive 

type RuleCaseInsensitive = string

type RuleConnector 

type RuleConnector = string

type RuleGroup 

type RuleGroup struct {
	Id          int64      `yaml:"id" json:"id"`
	IsOn        bool       `yaml:"isOn" json:"isOn"`
	Name        string     `yaml:"name" json:"name"` // such as SQL Injection
	Description string     `yaml:"description" json:"description"`
	Code        string     `yaml:"code" json:"code"` // identify the group
	RuleSets    []*RuleSet `yaml:"ruleSets" json:"ruleSets"`
	IsInbound   bool       `yaml:"isInbound" json:"isInbound"`
	// contains filtered or unexported fields
}

rule group

func NewRuleGroup 

func NewRuleGroup() *RuleGroup

func (*RuleGroup) AddRuleSet 

func (this *RuleGroup) AddRuleSet(ruleSet *RuleSet)

func (*RuleGroup) FindRuleSet 

func (this *RuleGroup) FindRuleSet(id int64) *RuleSet

func (*RuleGroup) FindRuleSetWithCode 

func (this *RuleGroup) FindRuleSetWithCode(code string) *RuleSet

func (*RuleGroup) Init 

func (this *RuleGroup) Init(waf *WAF) error

func (*RuleGroup) MatchRequest 

func (this *RuleGroup) MatchRequest(req requests.Request) (b bool, hasRequestBody bool, set *RuleSet, err error)

func (*RuleGroup) MatchResponse 

func (this *RuleGroup) MatchResponse(req requests.Request, resp *requests.Response) (b bool, hasRequestBody bool, set *RuleSet, err error)

func (*RuleGroup) MoveRuleSet 

func (this *RuleGroup) MoveRuleSet(fromIndex int, toIndex int)

func (*RuleGroup) RemoveRuleSet 

func (this *RuleGroup) RemoveRuleSet(id int64)

type RuleOperator 

type RuleOperator = string
const (
	RuleOperatorGt           RuleOperator = "gt"
	RuleOperatorGte          RuleOperator = "gte"
	RuleOperatorLt           RuleOperator = "lt"
	RuleOperatorLte          RuleOperator = "lte"
	RuleOperatorEq           RuleOperator = "eq"
	RuleOperatorNeq          RuleOperator = "neq"
	RuleOperatorEqString     RuleOperator = "eq string"
	RuleOperatorNeqString    RuleOperator = "neq string"
	RuleOperatorMatch        RuleOperator = "match"
	RuleOperatorNotMatch     RuleOperator = "not match"
	RuleOperatorContains     RuleOperator = "contains"
	RuleOperatorNotContains  RuleOperator = "not contains"
	RuleOperatorPrefix       RuleOperator = "prefix"
	RuleOperatorSuffix       RuleOperator = "suffix"
	RuleOperatorHasKey       RuleOperator = "has key" // has key in slice or map
	RuleOperatorVersionGt    RuleOperator = "version gt"
	RuleOperatorVersionLt    RuleOperator = "version lt"
	RuleOperatorVersionRange RuleOperator = "version range"

	RuleOperatorContainsBinary    RuleOperator = "contains binary"     // contains binary
	RuleOperatorNotContainsBinary RuleOperator = "not contains binary" // not contains binary

	// ip
	RuleOperatorEqIP       RuleOperator = "eq ip"
	RuleOperatorGtIP       RuleOperator = "gt ip"
	RuleOperatorGteIP      RuleOperator = "gte ip"
	RuleOperatorLtIP       RuleOperator = "lt ip"
	RuleOperatorLteIP      RuleOperator = "lte ip"
	RuleOperatorIPRange    RuleOperator = "ip range"
	RuleOperatorNotIPRange RuleOperator = "not ip range"
	RuleOperatorIPMod10    RuleOperator = "ip mod 10"
	RuleOperatorIPMod100   RuleOperator = "ip mod 100"
	RuleOperatorIPMod      RuleOperator = "ip mod"

	RuleCaseInsensitiveNone = "none"
	RuleCaseInsensitiveYes  = "yes"
	RuleCaseInsensitiveNo   = "no"
)

type RuleOperatorDefinition 

type RuleOperatorDefinition struct {
	Name            string
	Code            string
	Description     string
	CaseInsensitive RuleCaseInsensitive // default caseInsensitive setting
}

type RuleSet 

type RuleSet struct {
	Id          int64           `yaml:"id" json:"id"`
	Code        string          `yaml:"code" json:"code"`
	IsOn        bool            `yaml:"isOn" json:"isOn"`
	Name        string          `yaml:"name" json:"name"`
	Description string          `yaml:"description" json:"description"`
	Rules       []*Rule         `yaml:"rules" json:"rules"`
	Connector   RuleConnector   `yaml:"connector" json:"connector"` // rules connector
	Actions     []*ActionConfig `yaml:"actions" json:"actions"`
	IgnoreLocal bool            `yaml:"ignoreLocal" json:"ignoreLocal"`
	// contains filtered or unexported fields
}

func NewRuleSet 

func NewRuleSet() *RuleSet

func (*RuleSet) ActionCodes 

func (this *RuleSet) ActionCodes() []string

func (*RuleSet) AddAction 

func (this *RuleSet) AddAction(code string, options maps.Map)

AddAction 添加动作

func (*RuleSet) AddRule 

func (this *RuleSet) AddRule(rule ...*Rule)

func (*RuleSet) HasAttackActions 

func (this *RuleSet) HasAttackActions() bool

HasAttackActions 检查是否含有攻击防御动作

func (*RuleSet) HasSpecialActions 

func (this *RuleSet) HasSpecialActions() bool

HasSpecialActions 除了Allow之外是否还有别的动作

func (*RuleSet) Init 

func (this *RuleSet) Init(waf *WAF) error

func (*RuleSet) MatchRequest 

func (this *RuleSet) MatchRequest(req requests.Request) (b bool, hasRequestBody bool, err error)

func (*RuleSet) MatchResponse 

func (this *RuleSet) MatchResponse(req requests.Request, resp *requests.Response) (b bool, hasRequestBody bool, err error)

func (*RuleSet) PerformActions 

func (this *RuleSet) PerformActions(waf *WAF, group *RuleGroup, req requests.Request, writer http.ResponseWriter) bool

type TagAction 

type TagAction struct {
	BaseAction

	Tags []string `yaml:"tags" json:"tags"`
}

func (*TagAction) Code 

func (this *TagAction) Code() string

func (*TagAction) Init 

func (this *TagAction) Init(waf *WAF) error

func (*TagAction) IsAttack 

func (this *TagAction) IsAttack() bool

func (*TagAction) Perform 

func (this *TagAction) Perform(waf *WAF, group *RuleGroup, set *RuleSet, request requests.Request, writer http.ResponseWriter) (allow bool)

func (*TagAction) WillChange 

func (this *TagAction) WillChange() bool

type WAF 

type WAF struct {
	Id               int64                           `yaml:"id" json:"id"`
	IsOn             bool                            `yaml:"isOn" json:"isOn"`
	Name             string                          `yaml:"name" json:"name"`
	Inbound          []*RuleGroup                    `yaml:"inbound" json:"inbound"`
	Outbound         []*RuleGroup                    `yaml:"outbound" json:"outbound"`
	CreatedVersion   string                          `yaml:"createdVersion" json:"createdVersion"`
	Mode             firewallconfigs.FirewallMode    `yaml:"mode" json:"mode"`
	UseLocalFirewall bool                            `yaml:"useLocalFirewall" json:"useLocalFirewall"`
	SYNFlood         *firewallconfigs.SYNFloodConfig `yaml:"synFlood" json:"synFlood"`

	DefaultBlockAction   *BlockAction
	DefaultCaptchaAction *CaptchaAction
	// contains filtered or unexported fields
}

func NewWAF 

func NewWAF() *WAF

func NewWAFFromFile 

func NewWAFFromFile(path string) (waf *WAF, err error)

func Template 

func Template() *WAF

func (*WAF) AddAction 

func (this *WAF) AddAction(action ActionInterface)

func (*WAF) AddRuleGroup 

func (this *WAF) AddRuleGroup(ruleGroup *RuleGroup)

func (*WAF) ContainsGroupCode 

func (this *WAF) ContainsGroupCode(code string) bool

func (*WAF) Copy 

func (this *WAF) Copy() *WAF

func (*WAF) CountInboundRuleSets 

func (this *WAF) CountInboundRuleSets() int

func (*WAF) CountOutboundRuleSets 

func (this *WAF) CountOutboundRuleSets() int

func (*WAF) FindAction 

func (this *WAF) FindAction(actionId int64) ActionInterface

func (*WAF) FindCheckpointInstance 

func (this *WAF) FindCheckpointInstance(prefix string) checkpoints.CheckpointInterface

func (*WAF) FindRuleGroup 

func (this *WAF) FindRuleGroup(ruleGroupId int64) *RuleGroup

func (*WAF) FindRuleGroupWithCode 

func (this *WAF) FindRuleGroupWithCode(ruleGroupCode string) *RuleGroup

func (*WAF) Init 

func (this *WAF) Init() (resultErrors []error)

func (*WAF) MatchRequest 

func (this *WAF) MatchRequest(req requests.Request, writer http.ResponseWriter) (goNext bool, hasRequestBody bool, group *RuleGroup, set *RuleSet, err error)

func (*WAF) MatchResponse 

func (this *WAF) MatchResponse(req requests.Request, rawResp *http.Response, writer http.ResponseWriter) (goNext bool, hasRequestBody bool, group *RuleGroup, set *RuleSet, err error)

func (*WAF) MergeTemplate 

func (this *WAF) MergeTemplate() (changedItems []string)

MergeTemplate merge with template

func (*WAF) MoveInboundRuleGroup 

func (this *WAF) MoveInboundRuleGroup(fromIndex int, toIndex int)

func (*WAF) MoveOutboundRuleGroup 

func (this *WAF) MoveOutboundRuleGroup(fromIndex int, toIndex int)

func (*WAF) RemoveRuleGroup 

func (this *WAF) RemoveRuleGroup(ruleGroupId int64)

func (*WAF) Save 

func (this *WAF) Save(path string) error

Save save to file path

func (*WAF) Start 

func (this *WAF) Start()

Start start

func (*WAF) Stop 

func (this *WAF) Stop()

Stop call stop() when the waf was deleted

type WAFManager 

type WAFManager struct {
	// contains filtered or unexported fields
}

WAFManager WAF管理器

func NewWAFManager 

func NewWAFManager() *WAFManager

NewWAFManager 获取新对象

func (*WAFManager) ConvertWAF 

func (this *WAFManager) ConvertWAF(policy *firewallconfigs.HTTPFirewallPolicy) (*WAF, error)

ConvertWAF 将Policy转换为WAF

func (*WAFManager) FindWAF 

func (this *WAFManager) FindWAF(policyId int64) *WAF

FindWAF 查找WAF

func (*WAFManager) UpdatePolicies 

func (this *WAFManager) UpdatePolicies(policies []*firewallconfigs.HTTPFirewallPolicy)

UpdatePolicies 更新策略

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.