Skip to content

Commit

Permalink
feat:host and back domain different
Browse files Browse the repository at this point in the history
  • Loading branch information
samwafgo committed Dec 12, 2024
1 parent ba0519f commit 97af8a4
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 9 deletions.
2 changes: 2 additions & 0 deletions model/hosts.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ type Hosts struct {
BindSslId string `json:"bind_ssl_id"` //绑定SSL的ID
AutoJumpHTTPS int `json:"auto_jump_https"` //是否自动跳转https 0 不自动 1 强制80跳转https
BindMoreHost string `json:"bind_more_host"` //绑定多域名
IsTransBackDomain int `json:"is_trans_back_domain"` //是否传递后端域名到后端服务器侧

}

type HostsDefense struct {
Expand Down
3 changes: 3 additions & 0 deletions model/request/waf_host_req.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ type WafHostAddReq struct {
BindSslId string `json:"bind_ssl_id"` //绑定SSL的ID
AutoJumpHTTPS int `json:"auto_jump_https"` //是否自动跳转https 0 不自动 1 强制80跳转https
BindMoreHost string `json:"bind_more_host"` //绑定多域名
IsTransBackDomain int `json:"is_trans_back_domain"` //是否传递后端域名到后端服务器侧
}
type WafHostDelReq struct {
CODE string `json:"code"`
Expand Down Expand Up @@ -55,6 +56,8 @@ type WafHostEditReq struct {
BindSslId string `json:"bind_ssl_id"` //绑定SSL的ID
AutoJumpHTTPS int `json:"auto_jump_https"` //是否自动跳转https 0 不自动 1 强制80跳转https
BindMoreHost string `json:"bind_more_host"` //绑定多域名
IsTransBackDomain int `json:"is_trans_back_domain"` //是否传递后端域名到后端服务器侧

}

type WafHostGuardStatusReq struct {
Expand Down
2 changes: 2 additions & 0 deletions service/waf_service/waf_host.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ func (receiver *WafHostService) AddApi(wafHostAddReq request.WafHostAddReq) (str
BindSslId: wafHostAddReq.BindSslId,
AutoJumpHTTPS: wafHostAddReq.AutoJumpHTTPS,
BindMoreHost: wafHostAddReq.BindMoreHost,
IsTransBackDomain: wafHostAddReq.IsTransBackDomain,
}
global.GWAF_LOCAL_DB.Create(wafHost)
return wafHost.Code, nil
Expand Down Expand Up @@ -100,6 +101,7 @@ func (receiver *WafHostService) ModifyApi(wafHostEditReq request.WafHostEditReq)
"BindSslId": wafHostEditReq.BindSslId,
"AutoJumpHTTPS": wafHostEditReq.AutoJumpHTTPS,
"BindMoreHost": wafHostEditReq.BindMoreHost,
"IsTransBackDomain": wafHostEditReq.IsTransBackDomain,
}
err := global.GWAF_LOCAL_DB.Debug().Model(model.Hosts{}).Where("CODE=?", wafHostEditReq.CODE).Updates(hostMap).Error

Expand Down
7 changes: 7 additions & 0 deletions wafdb/patch_sql.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,4 +82,11 @@ func pathCoreSql(db *gorm.DB) {
} else {
zlog.Info("db", "idx_iptag_ip created")
}
//20241209 是否传递后端域名到后端服务器侧
err = db.Exec("UPDATE hosts SET is_trans_back_domain=0 WHERE is_trans_back_domain IS NULL ").Error
if err != nil {
panic("failed to hosts :is_trans_back_domain " + err.Error())
} else {
zlog.Info("db", "hosts :is_trans_back_domain init successfully")
}
}
8 changes: 6 additions & 2 deletions wafenginecore/proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,9 @@ func (waf *WafEngine) ProxyHTTP(w http.ResponseWriter, r *http.Request, host str
//初始化后端负载
zlog.Debug("HTTP REQUEST", weblog.REQ_UUID, weblog.URL, "未初始化")
transport, customHeaders := waf.createTransport(r, host, 1, loadBalance, hostTarget)
proxy := wafproxy.NewSingleHostReverseProxyCustomHeader(remoteUrl, customHeaders)
customConfig := map[string]string{}
customConfig["IsTransBackDomain"] = strconv.Itoa(hostTarget.Host.IsTransBackDomain)
proxy := wafproxy.NewSingleHostReverseProxyCustomHeader(remoteUrl, customHeaders, customConfig)
proxy.Transport = transport
proxy.ModifyResponse = waf.modifyResponse()
proxy.ErrorHandler = waf.errorResponse()
Expand Down Expand Up @@ -61,7 +63,9 @@ func (waf *WafEngine) ProxyHTTP(w http.ResponseWriter, r *http.Request, host str

} else {
transport, customHeaders := waf.createTransport(r, host, 0, model.LoadBalance{}, hostTarget)
proxy := wafproxy.NewSingleHostReverseProxyCustomHeader(remoteUrl, customHeaders)
customConfig := map[string]string{}
customConfig["IsTransBackDomain"] = strconv.Itoa(hostTarget.Host.IsTransBackDomain)
proxy := wafproxy.NewSingleHostReverseProxyCustomHeader(remoteUrl, customHeaders, customConfig)
proxy.Transport = transport
proxy.ModifyResponse = waf.modifyResponse()
proxy.ErrorHandler = waf.errorResponse()
Expand Down
16 changes: 9 additions & 7 deletions wafproxy/reverseproxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -160,8 +160,8 @@ func NewSingleHostReverseProxy(target *url.URL) *ReverseProxy {
return &ReverseProxy{Director: director}
}

// NewSingleHostReverseProxy 自定义header
func NewSingleHostReverseProxyCustomHeader(target *url.URL, customHeaders map[string]string) *ReverseProxy {
// NewSingleHostReverseProxy 自定义header 传递参数
func NewSingleHostReverseProxyCustomHeader(target *url.URL, customHeaders map[string]string, customConfig map[string]string) *ReverseProxy {
targetQuery := target.RawQuery
director := func(req *http.Request) {
req.URL.Scheme = target.Scheme
Expand All @@ -180,11 +180,13 @@ func NewSingleHostReverseProxyCustomHeader(target *url.URL, customHeaders map[st
for key, value := range customHeaders {
req.Header.Set(key, value)
}
// 拆分主机名和端口
hostPort := strings.Split(target.Host, ":")
if len(hostPort) == 2 {
if req.Host != hostPort[0] {
req.Host = hostPort[0]
if customConfig["IsTransBackDomain"] == "1" {
// 拆分主机名和端口
hostPort := strings.Split(target.Host, ":")
if len(hostPort) == 2 {
if req.Host != hostPort[0] {
req.Host = hostPort[0]
}
}
}

Expand Down

0 comments on commit 97af8a4

Please sign in to comment.