jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-05-24 04:37:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

waf skip body when protocol is grpc, websocket or sse (#943)

Browse Source
This commit is contained in:
rinfx
2024-05-15 20:34:47 +08:00
committed by GitHub
parent 8736188e6a
commit 42c9c3d824
3 changed files with 49 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
plugins/wasm-go/extensions/waf/wasmplugin/plugin.go
View File

@@ -69,6 +69,15 @@ func parseConfig(json gjson.Result, config *WafConfig, log wrapper.Log) error {
}
func onHttpRequestHeaders(ctx wrapper.HttpContext, config WafConfig, log wrapper.Log) types.Action {
ctx.SetContext("skipwaf", false)
if ignoreBody() {
ctx.DontReadRequestBody()
ctx.DontReadResponseBody()
ctx.SetContext("skipwaf", true)
return types.ActionContinue
}
ctx.SetContext("interruptionHandled", false)
ctx.SetContext("processedRequestBody", false)
ctx.SetContext("processedResponseBody", false)
@@ -192,6 +201,10 @@ func onHttpRequestBody(ctx wrapper.HttpContext, config WafConfig, body []byte, l
}
func onHttpResponseHeaders(ctx wrapper.HttpContext, config WafConfig, log wrapper.Log) types.Action {
if ctx.GetContext("skipwaf").(bool) {
return types.ActionContinue
}
if ctx.GetContext("interruptionHandled").(bool) {
return types.ActionContinue
}
@@ -306,6 +319,10 @@ func onHttpResponseBody(ctx wrapper.HttpContext, config WafConfig, body []byte,
}
func onHttpStreamDone(ctx wrapper.HttpContext, config WafConfig, log wrapper.Log) {
if ctx.GetContext("skipwaf").(bool) {
return
}
tx := ctx.GetContext("tx").(ctypes.Transaction)
if !tx.IsRuleEngineOff() {