feat: 修改waf参数

2022-12-06 18:38:45 +08:00 · 2022-12-06 18:38:45 +08:00 · 5676c7b66e
parent a323f87ba0
commit 5676c7b66e
5 changed files with 93 additions and 38 deletions
--- a/cmd/server/nginx_conf/website_default.conf
+++ b/cmd/server/nginx_conf/website_default.conf
@ -9,7 +9,7 @@ server {
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Upgrade $http_upgrade;`
    proxy_set_header Connection "upgrade";
@ -18,13 +18,17 @@ server {
    access_by_lua_file /www/common/waf/access.lua;
    set $RulePath /www/sites/domain/waf/rules;
    set $logdir /www/sites/domain/waf/log;
    set $redirect on;
    set $attackLog on;
    set $CCDeny on;
-    set $attacklog on;
+    set $urlWhiteAllow on;
-    set $whiteModule on;
+    set $urlBlockDeny on;
-    set $getMatch on;
+    set $argsDeny on;
-    set $cookieMatch on;
+    set $postDeny on;
-    set $postMatch on;
+    set $cookieDeny on;
-    set $Redirect on;
+    set $fileExtDeny on;
    set $ipBlockDeny on;
    set $ipWhiteAllow on;
    location ~ /.well-known/acme-challenge {
--- a/frontend/src/views/website/website/config/safety/file-block-list/index.vue
+++ b/frontend/src/views/website/website/config/safety/file-block-list/index.vue
@ -1,6 +1,9 @@
 <template>
    <el-row>
        <el-col :span="10" :offset="2">
            <el-form-item prop="enable" :label="$t('website.enable')">
                <el-switch v-model="enableUpdate.enable" @change="updateEnable"></el-switch>
            </el-form-item>
            <ComplexTable :data="data" v-loading="loading">
                <template #toolbar>
                    <el-button type="primary" icon="Plus" @click="openCreate">
@ -35,7 +38,7 @@
 </template>
 <script lang="ts" setup>
 import { WebSite } from '@/api/interface/website';
-import { GetWafConfig } from '@/api/modules/website';
+import { GetWafConfig, UpdateWafEnable } from '@/api/modules/website';
 import { computed, onMounted, reactive, ref } from 'vue';
 import ComplexTable from '@/components/complex-table/index.vue';
 import { SaveFileContent } from '@/api/modules/files';
@ -56,13 +59,18 @@ let loading = ref(false);
 let data = ref([]);
 let req = ref<WebSite.WafReq>({
    websiteId: 0,
-    key: '',
+    key: '$fileExtDeny',
-    rule: 'blackfileExt',
+    rule: 'fileExtBlockList',
 });
 let fileUpdate = reactive({
    path: '',
    content: '',
 });
 let enableUpdate = ref<WebSite.WafUpdate>({
    websiteId: 0,
    key: '$fileExtDeny',
    enable: false,
 });
 const get = async () => {
    data.value = [];
@ -82,6 +90,7 @@ const get = async () => {
    }
    fileUpdate.path = res.data.filePath;
    enableUpdate.value.enable = res.data.enable;
 };
 const remove = (index: number) => {
@ -112,8 +121,16 @@ const submit = async () => {
        });
 };
 const updateEnable = async (enable: boolean) => {
    enableUpdate.value.enable = enable;
    loading.value = true;
    await UpdateWafEnable(enableUpdate.value);
    loading.value = false;
 };
 onMounted(() => {
    req.value.websiteId = id.value;
    enableUpdate.value.websiteId = id.value;
    get();
 });
 </script>
--- a/frontend/src/views/website/website/config/safety/index.vue
+++ b/frontend/src/views/website/website/config/safety/index.vue
@ -4,28 +4,43 @@
            <CCDeny :id="id" v-if="index == 'cc'"></CCDeny>
        </el-tab-pane>
        <el-tab-pane :label="'IP 白名单'" name="ipWhiteList">
-            <IpList :id="id" :rule="'ipWhitelist'" v-if="index == 'ipWhiteList'"></IpList>
+            <IpList :id="id" :rule="'ipWhitelist'" :param-key="'$ipWhiteAllow'" v-if="index == 'ipWhiteList'"></IpList>
        </el-tab-pane>
        <el-tab-pane :label="'IP 黑名单'" name="ipBlockList">
-            <IpList :id="id" :rule="'ipBlockList'" v-if="index == 'ipBlockList'"></IpList>
+            <IpList :id="id" :rule="'ipBlockList'" :param-key="'$ipBlockDeny'" v-if="index == 'ipBlockList'"></IpList>
        </el-tab-pane>
-        <el-tab-pane :label="'文件扩展名黑名单'" name="FileBlockList">
+        <el-tab-pane :label="'文件扩展名黑名单'" name="fileExtBlockList">
-            <FileBlockList :id="id" v-if="index == 'FileBlockList'"></FileBlockList>
+            <FileBlockList :id="id" v-if="index == 'fileExtBlockList'"></FileBlockList>
        </el-tab-pane>
        <el-tab-pane :label="'URL白名单'" name="urlWhiteList">
-            <ValueList :id="id" :rule="'whiteurl'" v-if="index == 'urlWhiteList'"></ValueList>
+            <ValueList
                :id="id"
                :rule="'urlWhiteList'"
                :param-key="'$urlWhiteAllow'"
                v-if="index == 'urlWhiteList'"
            ></ValueList>
        </el-tab-pane>
        <el-tab-pane :label="'URL黑名单'" name="urlBlockList">
-            <ValueList :id="id" :rule="'url'" v-if="index == 'urlBlockList'"></ValueList>
+            <ValueList
                :id="id"
                :rule="'urlBlockList'"
                :param-key="'$urlBlockDeny'"
                v-if="index == 'urlBlockList'"
            ></ValueList>
        </el-tab-pane>
        <el-tab-pane :label="'GET参数(args)校验'" name="args">
-            <ValueList :id="id" :rule="'args'" v-if="index == 'args'"></ValueList>
+            <ValueList :id="id" :rule="'argsCheckList'" :param-key="'$argsDeny'" v-if="index == 'args'"></ValueList>
        </el-tab-pane>
        <el-tab-pane :label="'POST参数校验'" name="post">
-            <ValueList :id="id" :rule="'post'" v-if="index == 'post'"></ValueList>
+            <ValueList :id="id" :rule="'postCheckList'" :param-key="'$postDeny'" v-if="index == 'post'"></ValueList>
        </el-tab-pane>
        <el-tab-pane :label="'Cookie黑名单'" name="cookie">
-            <ValueList :id="id" :rule="'cookie'" v-if="index == 'cookie'"></ValueList>
+            <ValueList
                :id="id"
                :rule="'cookieBlockList'"
                :param-key="'$cookieDeny'"
                v-if="index == 'cookie'"
            ></ValueList>
        </el-tab-pane>
    </el-tabs>
 </template>
--- a/frontend/src/views/website/website/config/safety/ip-list/index.vue
+++ b/frontend/src/views/website/website/config/safety/ip-list/index.vue
@ -1,6 +1,9 @@
 <template>
    <el-row>
        <el-col :span="10" :offset="2">
            <el-form-item prop="enable" :label="$t('website.enable')">
                <el-switch v-model="enableUpdate.enable" @change="updateEnable"></el-switch>
            </el-form-item>
            <ComplexTable :data="data" v-loading="loading">
                <template #toolbar>
                    <el-button type="primary" icon="Plus" @click="openCreate">
@ -35,7 +38,7 @@
 </template>
 <script lang="ts" setup>
 import { WebSite } from '@/api/interface/website';
-import { GetWafConfig } from '@/api/modules/website';
+import { GetWafConfig, UpdateWafEnable } from '@/api/modules/website';
 import { computed, onMounted, reactive, ref } from 'vue';
 import ComplexTable from '@/components/complex-table/index.vue';
 import { SaveFileContent } from '@/api/modules/files';
@ -52,6 +55,10 @@ const props = defineProps({
        type: String,
        default: 'ipWhitelist',
    },
    paramKey: {
        type: String,
        default: '$ipWhiteAllow',
    },
 });
 const id = computed(() => {
    return props.id;
@ -59,18 +66,26 @@ const id = computed(() => {
 const rule = computed(() => {
    return props.rule;
 });
 const key = computed(() => {
    return props.paramKey;
 });
 let loading = ref(false);
 let data = ref([]);
 let req = ref<WebSite.WafReq>({
    websiteId: 0,
-    key: '',
+    key: '$ipWhiteAllow',
    rule: 'ipWhitelist',
 });
 let fileUpdate = reactive({
    path: '',
    content: '',
 });
 let enableUpdate = ref<WebSite.WafUpdate>({
    websiteId: 0,
    key: '$ipWhiteAllow',
    enable: false,
 });
 const get = async () => {
    data.value = [];
@ -88,7 +103,7 @@ const get = async () => {
            });
        });
    }
-
+    enableUpdate.value.enable = res.data.enable;
    fileUpdate.path = res.data.filePath;
 };
@ -127,6 +142,13 @@ const submit = async () => {
        });
 };
 const updateEnable = async (enable: boolean) => {
    enableUpdate.value.enable = enable;
    loading.value = true;
    await UpdateWafEnable(enableUpdate.value);
    loading.value = false;
 };
 const checkIpRule = (row: any) => {
    if (checkIp(row.ip)) {
        row.error = i18n.global.t('commons.rule.ip');
@ -138,6 +160,9 @@ const checkIpRule = (row: any) => {
 onMounted(() => {
    req.value.websiteId = id.value;
    req.value.rule = rule.value;
    req.value.key = key.value;
    enableUpdate.value.websiteId = id.value;
    enableUpdate.value.key = key.value;
    get();
 });
 </script>
--- a/frontend/src/views/website/website/config/safety/value-list/index.vue
+++ b/frontend/src/views/website/website/config/safety/value-list/index.vue
@ -59,6 +59,10 @@ const props = defineProps({
        type: String,
        default: 'url',
    },
    paramKey: {
        type: String,
        default: 'url',
    },
 });
 const id = computed(() => {
    return props.id;
@ -66,6 +70,9 @@ const id = computed(() => {
 const rule = computed(() => {
    return props.rule;
 });
 const key = computed(() => {
    return props.paramKey;
 });
 let loading = ref(false);
 let data = ref([]);
@ -141,25 +148,12 @@ const submit = async () => {
        });
 };
 const getKey = (rule: string) => {
    switch (rule) {
        case 'url':
            return '$UrlDeny';
        case 'whiteurl':
            return '$whiteModule';
        case 'post':
            return '$postMatch';
        case 'url':
            return '$UrlDeny';
        case 'url':
            return '$UrlDeny';
    }
 };
 onMounted(() => {
    req.value.websiteId = id.value;
    req.value.rule = rule.value;
-    enableUpdate.value.key = getKey(rule.value);
+    req.value.key = key.value;
    enableUpdate.value.key = key.value;
    enableUpdate.value.websiteId = id.value;
    get();
 });
 </script>