From ebc3195df46828c263b52e165014a7b508eb0d3b Mon Sep 17 00:00:00 2001 From: zhengkunwang <31820853+zhengkunwang223@users.noreply.github.com> Date: Tue, 19 Mar 2024 20:58:06 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20ACL=20=E8=A7=84=E5=88=99=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E5=8C=B9=E9=85=8D=E6=96=B9=E5=BC=8F=20(#4237)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- frontend/src/lang/modules/en.ts | 5 ++++ frontend/src/lang/modules/tw.ts | 5 ++++ frontend/src/lang/modules/zh.ts | 5 ++++ frontend/src/utils/util.ts | 8 ++++++ plugins/openresty/waf/config.lua | 4 +++ plugins/openresty/waf/lib/lib.lua | 48 ++++++++++++++++++++++++------- 6 files changed, 65 insertions(+), 10 deletions(-) diff --git a/frontend/src/lang/modules/en.ts b/frontend/src/lang/modules/en.ts index cb8c9b543..1ed24e03e 100644 --- a/frontend/src/lang/modules/en.ts +++ b/frontend/src/lang/modules/en.ts @@ -2269,6 +2269,11 @@ const message = { redisConfig: 'Redis configuration', redisHelper: 'Enable Redis to persist temporarily blocked IPs', wafHelper: 'All websites will lose protection after closing', + attackIP: 'Attack IP', + attackParam: 'Attack information', + execRule: 'Hit rule', + acl: 'ACL', + sql: 'SQL injection', }, monitor: { name: 'Website Monitor', diff --git a/frontend/src/lang/modules/tw.ts b/frontend/src/lang/modules/tw.ts index 292e03cad..21b47a3ce 100644 --- a/frontend/src/lang/modules/tw.ts +++ b/frontend/src/lang/modules/tw.ts @@ -2123,6 +2123,11 @@ const message = { redisConfig: 'Redis 配置', redisHelper: '開啟 Redis 可以將暫時拉黑的 IP 持久化', wafHelper: '關閉之後所有網站將失去防護', + attackIP: '攻擊 IP', + attackParam: '攻擊訊息', + execRule: '命中規則', + acl: 'ACL', + sql: 'SQL 注入', }, monitor: { name: '網站監控', diff --git a/frontend/src/lang/modules/zh.ts b/frontend/src/lang/modules/zh.ts index 10e662c72..716715ed3 100644 --- a/frontend/src/lang/modules/zh.ts +++ b/frontend/src/lang/modules/zh.ts @@ -2124,6 +2124,11 @@ const message = { redisConfig: 'Redis 配置', redisHelper: '开启 Redis 可以将临时拉黑的 IP 持久化', wafHelper: '关闭之后所有网站将失去防护', + attackIP: '攻击 IP', + attackParam: '攻击信息', + execRule: '命中规则', + acl: 'ACL', + sql: 'SQL 注入', }, monitor: { name: '网站监控', diff --git a/frontend/src/utils/util.ts b/frontend/src/utils/util.ts index ed9692c71..69585800f 100644 --- a/frontend/src/utils/util.ts +++ b/frontend/src/utils/util.ts @@ -500,3 +500,11 @@ export async function copyText(content: string) { MsgError(i18n.global.t('commons.msg.copyFailed')); } } + +export function getRuleType(ruleType: string) { + return i18n.global.t(`xpack.waf.${ruleType}`); +} + +export function getAction(action: string) { + return i18n.global.t(`xpack.waf.${action}`); +} diff --git a/plugins/openresty/waf/config.lua b/plugins/openresty/waf/config.lua index 38a716954..f9b1045c7 100644 --- a/plugins/openresty/waf/config.lua +++ b/plugins/openresty/waf/config.lua @@ -59,6 +59,9 @@ local function init_sites_config() end config.site_config = site_config config.site_rules = site_rules + + local waf_dict = ngx.shared.waf + waf_dict:set("config", config) end local function ini_waf_info() @@ -120,6 +123,7 @@ local function get_config() local config_table = waf_dict:get("config") if config_table == nil then init_global_config() + init_sites_config() return config end config = config_table diff --git a/plugins/openresty/waf/lib/lib.lua b/plugins/openresty/waf/lib/lib.lua index 2cc90cf72..5fa9a95ce 100644 --- a/plugins/openresty/waf/lib/lib.lua +++ b/plugins/openresty/waf/lib/lib.lua @@ -586,18 +586,44 @@ function _M.post_check() end +local function match_acl_rule(match_value, pattern,rule) + if pattern == "eq" then + if match_value == rule then + return true + end + + elseif pattern == "notEq" then + if match_value ~= rule then + return true + end + + elseif pattern == "regex" then + if matches(match_value, rule) then + return true + end + + elseif pattern == "contain" then + if ngx_re_find(match_value, rule, "isjo") then + return true + end + end +end + function _M.acl() local rules = get_site_rule("acl") for _, rule in pairs(rules) do if rule.state == nil or rule.state == "off" then goto continue end + ngx.log(ngx.ERR,"acl rule: "..rule.name .. "state"..rule.state) local conditions = rule.conditions local match = true + local condition_rule = "" for _, condition in pairs(conditions) do local field = condition.field local field_name = condition.name local pattern = condition.pattern + condition_rule = condition.rule local match_value = '' if field == 'URL' then match_value = ngx.var.request_uri @@ -639,20 +665,22 @@ function _M.acl() end if pattern == '' then - if match_value ~= nil and match_value ~= '' then - match = false - break - end - else - if not matches(match_value, pattern) then - match = false - break - end + match = false + break + end + + if not match_acl_rule(match_value, pattern,condition_rule) then + match = false + break end end if match then rule.type = "acl" - exec_action(rule) + local mr = { + type = rule.name, + rule = condition_rule + } + exec_action(rule,mr) end :: continue :: end