leftyer/SamWaf
1
0
Fork 0
mirror of https://gitee.com/samwaf/SamWaf.git synced 2025-12-06 14:59:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat:增加在线文档连接和禁止访问url的类型

Browse Source
This commit is contained in:
samwaf
2023-12-27 11:54:50 +08:00
parent 8b881bb7d1
commit 8fe5f20f6b
14 changed files with 147 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
localwaf/src/App.vue
View File

@@ -121,3 +121,8 @@ ws.onclose = function(evt) {
</script>
<style>
.tdesign-starter-side-nav-logo-tdesign-logo{
padding: 0 0px;
}
</style>

6
localwaf/src/layouts/components/Header.vue
View File

@@ -422,8 +422,4 @@
}
}
</style>
<style>
.tdesign-starter-side-nav-logo-tdesign-logo{
padding: 0 0px;
}
</style>

12
localwaf/src/pages/waf/anticc/index.vue
View File

@@ -12,7 +12,11 @@
</template>
</t-input>
</t-row>
<t-alert theme="info" message="SamWaf防护墙抵御CC攻击" close>
<template #operation>
<span @click="handleJumpOnlineUrl">在线文档</span>
</template>
</t-alert>
<div class="table-container">
<t-table :columns="columns" :data="data" :rowKey="rowKey" :verticalAlign="verticalAlign" :hover="hover"
:pagination="pagination" :selected-row-keys="selectedRowKeys" :loading="dataLoading"
@@ -249,8 +253,8 @@ import {
},
},
mounted() {
this.getList("")
this.loadHostList()
this.getList("")
},
methods: {
@@ -478,6 +482,10 @@ import {
})
.finally(() => {});
},
//跳转界面
handleJumpOnlineUrl(){
window.open(this.samwafglobalconfig.getOnlineUrl()+"/guide/CC.html");
},
},
});
</script>

16
localwaf/src/pages/waf/ipblock/index.vue
View File

@@ -13,7 +13,11 @@
</template>
</t-input>
</t-row>
<t-alert theme="info" message="SamWaf防护墙会阻止在黑名单内的IP的访问" close>
<template #operation>
<span @click="handleJumpOnlineUrl">在线文档</span>
</template>
</t-alert>
<div class="table-container">
<t-table :columns="columns" :data="data" :rowKey="rowKey" :verticalAlign="verticalAlign" :hover="hover"
:pagination="pagination" :selected-row-keys="selectedRowKeys" :loading="dataLoading"
@@ -168,7 +172,7 @@
align: 'left',
width: 250,
ellipsis: true,
colKey: 'host_code',
colKey: 'host_code',
},
{
title: 'IP',
@@ -190,7 +194,7 @@
},
{
align: 'left',
align: 'left',
width: 200,
colKey: 'op',
title: '操作',
@@ -230,8 +234,8 @@
},
},
mounted() {
this.getList("")
this.loadHostList()
this.getList("")
},
methods: {
@@ -454,6 +458,10 @@
})
.finally(() => {});
},
//跳转界面
handleJumpOnlineUrl(){
window.open(this.samwafglobalconfig.getOnlineUrl()+"/guide/IPBlack.html");
},
},
});
</script>

15
localwaf/src/pages/waf/ipwhite/index.vue
View File

@@ -12,7 +12,11 @@
</template>
</t-input>
</t-row>
<t-alert theme="info" message="SamWaf防护墙会忽略在白名单内的IP" close>
<template #operation>
<span @click="handleJumpOnlineUrl">在线文档</span>
</template>
</t-alert>
<div class="table-container">
<t-table :columns="columns" :data="data" :rowKey="rowKey" :verticalAlign="verticalAlign" :hover="hover"
:pagination="pagination" :selected-row-keys="selectedRowKeys" :loading="dataLoading"
@@ -232,8 +236,9 @@
},
},
mounted() {
this.getList("")
this.loadHostList()
this.getList("")
},
methods: {
@@ -246,7 +251,7 @@
let host_options = resdata.data;
for(let i = 0;i<host_options.length;i++){
that.host_dic[host_options[i].value] = host_options[i].label
}
}
}
})
.catch((e: Error) => {
@@ -453,6 +458,10 @@
})
.finally(() => {});
},
//跳转界面
handleJumpOnlineUrl(){
window.open(this.samwafglobalconfig.getOnlineUrl()+"/guide/IPWhite.html");
},
},
});
</script>

15
localwaf/src/pages/waf/ldpurl/index.vue
View File

@@ -12,7 +12,11 @@
</template>
</t-input>
</t-row>
<t-alert theme="info" message="SamWaf用户在访问指定的url返回的敏感数据脱敏处理如手机号会隐藏部分" close>
<template #operation>
<span @click="handleJumpOnlineUrl">在线文档</span>
</template>
</t-alert>
<div class="table-container">
<t-table :columns="columns" :data="data" :rowKey="rowKey" :verticalAlign="verticalAlign" :hover="hover"
:pagination="pagination" :selected-row-keys="selectedRowKeys" :loading="dataLoading"
@@ -201,7 +205,7 @@
align: 'left',
width: 250,
ellipsis: true,
colKey: 'host_code',
colKey: 'host_code',
},{
title: '匹配方式',
align: 'left',
@@ -269,8 +273,8 @@
},
},
mounted() {
this.getList("")
this.loadHostList()
this.getList("")
},
methods: {
@@ -495,6 +499,11 @@
})
.finally(() => {});
},
//跳转界面
handleJumpOnlineUrl(){
window.open(this.samwafglobalconfig.getOnlineUrl()+"/guide/ldp.html");
},
},
});
</script>

59
localwaf/src/pages/waf/urlblock/index.vue
View File

@@ -12,7 +12,11 @@
</template>
</t-input>
</t-row>
<t-alert theme="info" message="SamWaf防护墙会阻止访问在限制访问内的URL" close>
<template #operation>
<span @click="handleJumpOnlineUrl">在线文档</span>
</template>
</t-alert>
<div class="table-container">
<t-table :columns="columns" :data="data" :rowKey="rowKey" :verticalAlign="verticalAlign" :hover="hover"
:pagination="pagination" :selected-row-keys="selectedRowKeys" :loading="dataLoading"
@@ -47,6 +51,14 @@
</t-option>
</t-select>
</t-form-item>
<t-form-item label="匹配方式" name="compare_type">
<t-select v-model="formData.compare_type" clearable :style="{ width: '480px' }">
<t-option v-for="(item, index) in compare_type_options" :value="item.value" :label="item.label"
:key="index">
{{ item.label }}
</t-option>
</t-select>
</t-form-item>
<t-form-item label="Url" name="url">
<t-input :style="{ width: '480px' }" v-model="formData.url" placeholder="请输入限制访问Url"></t-input>
</t-form-item>
@@ -75,6 +87,14 @@
</t-option>
</t-select>
</t-form-item>
<t-form-item label="匹配方式" name="compare_type">
<t-select v-model="formEditData.compare_type" clearable :style="{ width: '480px' }">
<t-option v-for="(item, index) in compare_type_options" :value="item.value" :label="item.label"
:key="index">
{{ item.label }}
</t-option>
</t-select>
</t-form-item>
<t-form-item label="Url" name="url">
<t-input :style="{ width: '480px' }" v-model="formEditData.url" placeholder="请输入限制访问Url"></t-input>
</t-form-item>
@@ -123,6 +143,7 @@
host_code: '',
url: '',
remarks: '',
compare_type:"等于"
};
export default Vue.extend({
name: 'ListBase',
@@ -154,6 +175,24 @@
type: 'error'
}],
},
compare_type_options: [{
label: '等于',
value: '等于'
},
{
label: '前缀匹配',
value: '前缀匹配'
},
{
label: '后缀匹配',
value: '后缀匹配'
},
{
label: '包含匹配',
value: '包含匹配'
},
],
textareaValue: '',
prefix,
dataLoading: false,
@@ -161,13 +200,19 @@
detail_data: [], //加载详情信息用于编辑
selectedRowKeys: [],
value: 'first',
columns: [
columns: [
{
title: '网站',
align: 'left',
width: 250,
ellipsis: true,
colKey: 'host_code',
colKey: 'host_code',
},{
title: '匹配方式',
align: 'left',
width: 250,
ellipsis: true,
colKey: 'compare_type',
},
{
title: 'Url',
@@ -189,7 +234,7 @@
},
{
align: 'left',
align: 'left',
width: 200,
colKey: 'op',
title: '操作',
@@ -229,8 +274,8 @@
},
},
mounted() {
this.getList("")
this.loadHostList()
this.getList("")
},
methods: {
@@ -454,6 +499,10 @@
})
.finally(() => {});
},
//跳转界面
handleJumpOnlineUrl(){
window.open(this.samwafglobalconfig.getOnlineUrl()+"/guide/UrlBlack.html");
},
},
});
</script>

16
localwaf/src/pages/waf/urlwhite/index.vue
View File

@@ -12,7 +12,11 @@
</template>
</t-input>
</t-row>
<t-alert theme="info" message="SamWaf防护墙防护时候会忽略在白名单内的URL" close>
<template #operation>
<span @click="handleJumpOnlineUrl">在线文档</span>
</template>
</t-alert>
<div class="table-container">
<t-table :columns="columns" :data="data" :rowKey="rowKey" :verticalAlign="verticalAlign" :hover="hover"
:pagination="pagination" :selected-row-keys="selectedRowKeys" :loading="dataLoading"
@@ -207,7 +211,7 @@
align: 'left',
width: 250,
ellipsis: true,
colKey: 'compare_type',
colKey: 'compare_type',
},
{
title: 'Url',
@@ -229,7 +233,7 @@
},
{
align: 'left',
align: 'left',
width: 200,
colKey: 'op',
title: '操作',
@@ -269,8 +273,8 @@
},
},
mounted() {
this.getList("")
this.loadHostList()
this.getList("")
},
methods: {
@@ -494,6 +498,10 @@
})
.finally(() => {});
},
//跳转界面
handleJumpOnlineUrl(){
window.open(this.samwafglobalconfig.getOnlineUrl()+"/guide/UrlWhite.html");
},
},
});
</script>

7
middleware/sec_api_middleware.go
View File

@@ -5,7 +5,6 @@ import (
"SamWaf/wafsec"
"bytes"
"encoding/base64"
"fmt"
"github.com/gin-gonic/gin"
"io/ioutil"
"net/http"
@@ -24,10 +23,10 @@ func SecApi() gin.HandlerFunc {
c.Request.Body = ioutil.NopCloser(bytes.NewBuffer(bodyBytes)) // Reset the request body to original
fmt.Println("Header ", c.Request.Header["Content-Type"])
//fmt.Println("Header ", c.Request.Header["Content-Type"])
// Your preprocessing logic here
// For example, reading raw body and doing some operations
fmt.Println("Raw body:", string(bodyBytes))
//fmt.Println("Raw body:", string(bodyBytes))
if c.Request.Header.Get("Content-Type") == "application/x-www-form-urlencoded" {
// Modify the bodyBytes if necessary
@@ -35,7 +34,7 @@ func SecApi() gin.HandlerFunc {
base64Bytes, _ := base64.StdEncoding.DecodeString(string(bodyBytes))
deBytes := wafsec.AesDecrypt(base64Bytes, global.GWAF_COMMUNICATION_KEY)
fmt.Println("Raw body解密:", string(deBytes))
//fmt.Println("Raw body解密:", string(deBytes))
// Store the modified body back in the request
c.Request.Body = ioutil.NopCloser(bytes.NewBuffer(deBytes))
}

7
model/blocklist.go
View File

@@ -13,7 +13,8 @@ type IPBlockList struct {
type URLBlockList struct {
baseorm.BaseOrm
HostCode string `json:"host_code"` //网站唯一码(主要键)
Url string `json:"url"` //限制请求地址
Remarks string `json:"remarks"` //备注
HostCode string `json:"host_code"` //网站唯一码(主要键)
CompareType string `json:"compare_type" form:"compare_type"` //对比方式
Url string `json:"url"` //限制请求地址
Remarks string `json:"remarks"` //备注
}

7
model/request/waf_block_url_add_req.go
View File

@@ -1,7 +1,8 @@
package request
type WafBlockUrlAddReq struct {
HostCode string `json:"host_code"` //网站唯一码(主要键)
Url string `json:"url"` //Block url
Remarks string `json:"remarks"` //备注
HostCode string `json:"host_code"` //网站唯一码(主要键)
CompareType string `json:"compare_type" form:"compare_type"` //对比方式
Url string `json:"url"` //Block url
Remarks string `json:"remarks"` //备注
}

9
model/request/waf_block_url_edit_req.go
View File

@@ -1,8 +1,9 @@
package request
type WafBlockUrlEditReq struct {
Id string `json:"id"` //Block url唯一键
HostCode string `json:"host_code"` //网站唯一码(主要键)
Url string `json:"url"` //Block url
Remarks string `json:"remarks"` //备注
Id string `json:"id"` //Block url唯一键
HostCode string `json:"host_code"` //网站唯一码(主要键)
CompareType string `json:"compare_type" form:"compare_type"` //对比方式
Url string `json:"url"` //Block url
Remarks string `json:"remarks"` //备注
}

8
service/waf_service/waf_block_url.go
View File

@@ -24,9 +24,10 @@ func (receiver *WafBlockUrlService) AddApi(req request.WafBlockUrlAddReq) error
CREATE_TIME: customtype.JsonTime(time.Now()),
UPDATE_TIME: customtype.JsonTime(time.Now()),
},
HostCode: req.HostCode,
Url: req.Url,
Remarks: req.Remarks,
HostCode: req.HostCode,
Url: req.Url,
CompareType: req.CompareType,
Remarks: req.Remarks,
}
global.GWAF_LOCAL_DB.Create(bean)
return nil
@@ -47,6 +48,7 @@ func (receiver *WafBlockUrlService) ModifyApi(req request.WafBlockUrlEditReq) er
"Host_Code": req.HostCode,
"Url": req.Url,
"Remarks": req.Remarks,
"CompareType": req.CompareType,
"UPDATE_TIME": customtype.JsonTime(time.Now()),
}
err := global.GWAF_LOCAL_DB.Model(model.URLBlockList{}).Where("id = ?", req.Id).Updates(modfiyMap).Error

10
wafenginecore/wafengine.go
View File

@@ -220,7 +220,10 @@ func (waf *WafEngine) ServeHTTP(w http.ResponseWriter, r *http.Request) {
//url黑名单策略-(局部) (待优化性能)
if waf.HostTarget[host].UrlBlockLists != nil {
for i := 0; i < len(waf.HostTarget[host].UrlBlockLists); i++ {
if waf.HostTarget[host].UrlBlockLists[i].Url == weblogbean.URL {
if (waf.HostTarget[host].UrlBlockLists[i].CompareType == "等于" && waf.HostTarget[host].UrlBlockLists[i].Url == weblogbean.URL) ||
(waf.HostTarget[host].UrlBlockLists[i].CompareType == "前缀匹配" && strings.HasPrefix(weblogbean.URL, waf.HostTarget[host].UrlBlockLists[i].Url)) ||
(waf.HostTarget[host].UrlBlockLists[i].CompareType == "后缀匹配" && strings.HasSuffix(weblogbean.URL, waf.HostTarget[host].UrlBlockLists[i].Url)) ||
(waf.HostTarget[host].UrlBlockLists[i].CompareType == "包含匹配" && strings.Contains(weblogbean.URL, waf.HostTarget[host].UrlBlockLists[i].Url)) {
EchoErrorInfo(w, r, weblogbean, "URL黑名单", "您的访问被阻止了URL限制")
return
}
@@ -229,7 +232,10 @@ func (waf *WafEngine) ServeHTTP(w http.ResponseWriter, r *http.Request) {
//url黑名单策略-(全局) (待优化性能)
if waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].Host.GUARD_STATUS == 1 && waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists != nil {
for i := 0; i < len(waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists); i++ {
if waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists[i].Url == weblogbean.URL {
if (waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists[i].CompareType == "等于" && waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists[i].Url == weblogbean.URL) ||
(waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists[i].CompareType == "前缀匹配" && strings.HasPrefix(weblogbean.URL, waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists[i].Url)) ||
(waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists[i].CompareType == "后缀匹配" && strings.HasSuffix(weblogbean.URL, waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists[i].Url)) ||
(waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists[i].CompareType == "包含匹配" && strings.Contains(weblogbean.URL, waf.HostTarget[global.GWAF_GLOBAL_HOST_NAME].UrlBlockLists[i].Url)) {
EchoErrorInfo(w, r, weblogbean, "【全局】URL黑名单", "您的访问被阻止了URL限制")
return
}