Merge pull request #86 from samwafgo/fix_78_back

feat:host and back domain different
samwafgo · Dec 12, 2024 · eda9852 · eda9852
2 parents ba0519f + 97af8a4
commit eda9852
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 9 deletions.
diff --git a/model/hosts.go b/model/hosts.go
@@ -27,6 +27,8 @@ type Hosts struct {
 	BindSslId           string `json:"bind_ssl_id"`            //绑定SSL的ID
 	AutoJumpHTTPS       int    `json:"auto_jump_https"`        //是否自动跳转https  0 不自动 1 强制80跳转https
 	BindMoreHost        string `json:"bind_more_host"`         //绑定多域名
+	IsTransBackDomain   int    `json:"is_trans_back_domain"`   //是否传递后端域名到后端服务器侧
+
 }
 
 type HostsDefense struct {

diff --git a/model/request/waf_host_req.go b/model/request/waf_host_req.go
@@ -24,6 +24,7 @@ type WafHostAddReq struct {
 	BindSslId           string `json:"bind_ssl_id"`            //绑定SSL的ID
 	AutoJumpHTTPS       int    `json:"auto_jump_https"`        //是否自动跳转https  0 不自动 1 强制80跳转https
 	BindMoreHost        string `json:"bind_more_host"`         //绑定多域名
+	IsTransBackDomain   int    `json:"is_trans_back_domain"`   //是否传递后端域名到后端服务器侧
 }
 type WafHostDelReq struct {
 	CODE string `json:"code"`
@@ -55,6 +56,8 @@ type WafHostEditReq struct {
 	BindSslId           string `json:"bind_ssl_id"`            //绑定SSL的ID
 	AutoJumpHTTPS       int    `json:"auto_jump_https"`        //是否自动跳转https  0 不自动 1 强制80跳转https
 	BindMoreHost        string `json:"bind_more_host"`         //绑定多域名
+	IsTransBackDomain   int    `json:"is_trans_back_domain"`   //是否传递后端域名到后端服务器侧
+
 }
 
 type WafHostGuardStatusReq struct {

diff --git a/service/waf_service/waf_host.go b/service/waf_service/waf_host.go
@@ -55,6 +55,7 @@ func (receiver *WafHostService) AddApi(wafHostAddReq request.WafHostAddReq) (str
 		BindSslId:           wafHostAddReq.BindSslId,
 		AutoJumpHTTPS:       wafHostAddReq.AutoJumpHTTPS,
 		BindMoreHost:        wafHostAddReq.BindMoreHost,
+		IsTransBackDomain:   wafHostAddReq.IsTransBackDomain,
 	}
 	global.GWAF_LOCAL_DB.Create(wafHost)
 	return wafHost.Code, nil
@@ -100,6 +101,7 @@ func (receiver *WafHostService) ModifyApi(wafHostEditReq request.WafHostEditReq)
 		"BindSslId":           wafHostEditReq.BindSslId,
 		"AutoJumpHTTPS":       wafHostEditReq.AutoJumpHTTPS,
 		"BindMoreHost":        wafHostEditReq.BindMoreHost,
+		"IsTransBackDomain":   wafHostEditReq.IsTransBackDomain,
 	}
 	err := global.GWAF_LOCAL_DB.Debug().Model(model.Hosts{}).Where("CODE=?", wafHostEditReq.CODE).Updates(hostMap).Error
 

diff --git a/wafdb/patch_sql.go b/wafdb/patch_sql.go
@@ -82,4 +82,11 @@ func pathCoreSql(db *gorm.DB) {
 	} else {
 		zlog.Info("db", "idx_iptag_ip created")
 	}
+	//20241209 是否传递后端域名到后端服务器侧
+	err = db.Exec("UPDATE hosts SET is_trans_back_domain=0 WHERE is_trans_back_domain IS NULL ").Error
+	if err != nil {
+		panic("failed to hosts :is_trans_back_domain " + err.Error())
+	} else {
+		zlog.Info("db", "hosts :is_trans_back_domain init successfully")
+	}
 }
diff --git a/wafenginecore/proxy.go b/wafenginecore/proxy.go
@@ -28,7 +28,9 @@ func (waf *WafEngine) ProxyHTTP(w http.ResponseWriter, r *http.Request, host str
 				//初始化后端负载
 				zlog.Debug("HTTP REQUEST", weblog.REQ_UUID, weblog.URL, "未初始化")
 				transport, customHeaders := waf.createTransport(r, host, 1, loadBalance, hostTarget)
-				proxy := wafproxy.NewSingleHostReverseProxyCustomHeader(remoteUrl, customHeaders)
+				customConfig := map[string]string{}
+				customConfig["IsTransBackDomain"] = strconv.Itoa(hostTarget.Host.IsTransBackDomain)
+				proxy := wafproxy.NewSingleHostReverseProxyCustomHeader(remoteUrl, customHeaders, customConfig)
 				proxy.Transport = transport
 				proxy.ModifyResponse = waf.modifyResponse()
 				proxy.ErrorHandler = waf.errorResponse()
@@ -61,7 +63,9 @@ func (waf *WafEngine) ProxyHTTP(w http.ResponseWriter, r *http.Request, host str
 
 	} else {
 		transport, customHeaders := waf.createTransport(r, host, 0, model.LoadBalance{}, hostTarget)
-		proxy := wafproxy.NewSingleHostReverseProxyCustomHeader(remoteUrl, customHeaders)
+		customConfig := map[string]string{}
+		customConfig["IsTransBackDomain"] = strconv.Itoa(hostTarget.Host.IsTransBackDomain)
+		proxy := wafproxy.NewSingleHostReverseProxyCustomHeader(remoteUrl, customHeaders, customConfig)
 		proxy.Transport = transport
 		proxy.ModifyResponse = waf.modifyResponse()
 		proxy.ErrorHandler = waf.errorResponse()

diff --git a/wafproxy/reverseproxy.go b/wafproxy/reverseproxy.go
@@ -160,8 +160,8 @@ func NewSingleHostReverseProxy(target *url.URL) *ReverseProxy {
 	return &ReverseProxy{Director: director}
 }
 
-// NewSingleHostReverseProxy 自定义header
-func NewSingleHostReverseProxyCustomHeader(target *url.URL, customHeaders map[string]string) *ReverseProxy {
+// NewSingleHostReverseProxy 自定义header  传递参数
+func NewSingleHostReverseProxyCustomHeader(target *url.URL, customHeaders map[string]string, customConfig map[string]string) *ReverseProxy {
 	targetQuery := target.RawQuery
 	director := func(req *http.Request) {
 		req.URL.Scheme = target.Scheme
@@ -180,11 +180,13 @@ func NewSingleHostReverseProxyCustomHeader(target *url.URL, customHeaders map[st
 		for key, value := range customHeaders {
 			req.Header.Set(key, value)
 		}
-		// 拆分主机名和端口
-		hostPort := strings.Split(target.Host, ":")
-		if len(hostPort) == 2 {
-			if req.Host != hostPort[0] {
-				req.Host = hostPort[0]
+		if customConfig["IsTransBackDomain"] == "1" {
+			// 拆分主机名和端口
+			hostPort := strings.Split(target.Host, ":")
+			if len(hostPort) == 2 {
+				if req.Host != hostPort[0] {
+					req.Host = hostPort[0]
+				}
 			}
 		}