diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp index 552696a..f124cdf 100644 --- a/plugin/business/pangu-http/src/pangu_http.cpp +++ b/plugin/business/pangu-http/src/pangu_http.cpp @@ -469,6 +469,8 @@ static enum manipulate_action manipulate_action_str2idx(const char *action_str) void policy_action_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp) { + struct policy_action_param* param=NULL; + *ad=NULL; if((unsigned int)rule->serv_def_lenlocal_logger, "Invalid policy parameter: %d invalid protocol format", rule->config_id); + goto error_out; + } + if(0!=strcasecmp(item->valuestring, "http")) + { + goto error_out; + } + param=ALLOC(struct policy_action_param, 1); param->ref_cnt=1; pthread_mutex_init(&(param->lock), NULL); @@ -572,8 +584,10 @@ void policy_action_param_new(int idx, const struct Maat_rule_t* rule, const char default: assert(0); break; } - cJSON_Delete(json); *ad=param; + TFE_LOG_INFO(g_pangu_rt->local_logger, "Add ctrl policy: %d", rule->config_id); +error_out: + cJSON_Delete(json); return; } @@ -1658,7 +1672,7 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e } if (tfe_http_in_request(events)) - { + { return; } @@ -1696,9 +1710,9 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e } const char* cont_disposition_val=tfe_http_std_field_read(to_write_sess->resp, TFE_HTTP_CONT_DISPOSITION); if (cont_disposition_val != NULL) - { + { tfe_http_std_field_write(response, TFE_HTTP_CONT_DISPOSITION, cont_disposition_val); - } + } tfe_http_std_field_write(response, TFE_HTTP_CONT_TYPE, hijack_profile->profile_type); snprintf(cont_len_str, sizeof(cont_len_str), "%lu", hijack_size); tfe_http_std_field_write(response, TFE_HTTP_CONT_LENGTH, cont_len_str); diff --git a/plugin/business/pangu-http/src/pangu_logger.cpp b/plugin/business/pangu-http/src/pangu_logger.cpp index 335bed1..f4c7714 100644 --- a/plugin/business/pangu-http/src/pangu_logger.cpp +++ b/plugin/business/pangu-http/src/pangu_logger.cpp @@ -191,12 +191,13 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) const char *app_proto[]= {"unkonw","http1", "http2"}; - struct json_spec req_fields[]={ {"cookie", TFE_HTTP_COOKIE}, - {"referer", TFE_HTTP_REFERER}, - {"user_agent", TFE_HTTP_USER_AGENT} }; + struct json_spec req_fields[]={ {"http_cookie", TFE_HTTP_COOKIE}, + {"http_referer", TFE_HTTP_REFERER}, + {"http_user_agent", TFE_HTTP_USER_AGENT} }; - struct json_spec resp_fields[]={ {"content_type", TFE_HTTP_CONT_TYPE}, - {"content_len", TFE_HTTP_CONT_LENGTH} }; + struct json_spec resp_fields[]={ {"http_content_type", TFE_HTTP_CONT_TYPE}, + {"http_content_length", TFE_HTTP_CONT_LENGTH}, + {"http_set_cookie", TFE_HTTP_SET_COOKIE}}; if (!handle->en_sendlog) { @@ -206,43 +207,55 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) common_obj=cJSON_CreateObject(); cur_time = time(NULL); - cJSON_AddNumberToObject(common_obj, "start_time", cur_time); - cJSON_AddNumberToObject(common_obj, "end_time", cur_time); - cJSON_AddStringToObject(common_obj, "app_proto", app_proto[http->major_version]); + cJSON_AddNumberToObject(common_obj, "common_start_time", cur_time); + cJSON_AddNumberToObject(common_obj, "common_end_time", cur_time); + cJSON_AddStringToObject(common_obj, "http_version", app_proto[http->major_version]); + + uint64_t opt_val; + uint16_t opt_out_size; + struct tfe_cmsg * cmsg = tfe_stream_get0_cmsg(log_msg->stream); + if (cmsg!=NULL) + { + int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_STREAM_TRACE_ID, (unsigned char *) &opt_val, sizeof(opt_val), &opt_out_size); + if (ret==0) + { + cJSON_AddNumberToObject(common_obj, "common_stream_trace_id", opt_val); + } + } switch(addr->addrtype) { case TFE_ADDR_STREAM_TUPLE4_V4: - cJSON_AddNumberToObject(common_obj, "addr_type", 4); + cJSON_AddNumberToObject(common_obj, "common_address_type", 4); inet_ntop(AF_INET, &addr->tuple4_v4->saddr, src_ip_str, sizeof(src_ip_str)); inet_ntop(AF_INET, &addr->tuple4_v4->daddr, dst_ip_str, sizeof(dst_ip_str)); - cJSON_AddStringToObject(common_obj, "client_ip", src_ip_str); - cJSON_AddStringToObject(common_obj, "server_ip", dst_ip_str); - cJSON_AddNumberToObject(common_obj, "client_port", ntohs(addr->tuple4_v4->source)); - cJSON_AddNumberToObject(common_obj, "server_port", ntohs(addr->tuple4_v4->dest)); - cJSON_AddStringToObject(common_obj, "trans_proto", "IPv4_TCP"); + cJSON_AddStringToObject(common_obj, "common_client_ip", src_ip_str); + cJSON_AddStringToObject(common_obj, "common_server_ip", dst_ip_str); + cJSON_AddNumberToObject(common_obj, "common_client_port", ntohs(addr->tuple4_v4->source)); + cJSON_AddNumberToObject(common_obj, "common_server_port", ntohs(addr->tuple4_v4->dest)); + cJSON_AddStringToObject(common_obj, "common_l4_protocol", "IPv4_TCP"); break; case TFE_ADDR_STREAM_TUPLE4_V6: - cJSON_AddNumberToObject(common_obj, "addr_type", 6); + cJSON_AddNumberToObject(common_obj, "common_address_type", 6); inet_ntop(AF_INET6, &addr->tuple4_v6->saddr, src_ip_str, sizeof(src_ip_str)); inet_ntop(AF_INET6, &addr->tuple4_v6->daddr, dst_ip_str, sizeof(dst_ip_str)); - cJSON_AddStringToObject(common_obj, "client_ip", src_ip_str); - cJSON_AddStringToObject(common_obj, "server_ip", dst_ip_str); - cJSON_AddNumberToObject(common_obj, "client_port", ntohs(addr->tuple4_v6->source)); - cJSON_AddNumberToObject(common_obj, "server_port", ntohs(addr->tuple4_v6->dest)); - cJSON_AddStringToObject(common_obj, "trans_proto", "IPv6_TCP"); + cJSON_AddStringToObject(common_obj, "common_client_ip", src_ip_str); + cJSON_AddStringToObject(common_obj, "common_server_ip", dst_ip_str); + cJSON_AddNumberToObject(common_obj, "common_client_port", ntohs(addr->tuple4_v6->source)); + cJSON_AddNumberToObject(common_obj, "common_server_port", ntohs(addr->tuple4_v6->dest)); + cJSON_AddStringToObject(common_obj, "common_l4_protocol", "IPv6_TCP"); break; default: break; } - cJSON_AddNumberToObject(common_obj, "direction", 0); //0:域内->域外,1:域外->域内,描述的是CLIENT_IP信息 - cJSON_AddNumberToObject(common_obj, "Link_id", 0); - cJSON_AddNumberToObject(common_obj, "stream_dir", 3); //1:c2s, 2:s2c, 3:double - cJSON_AddStringToObject(common_obj, "cap_ip", handle->local_ip_str); - cJSON_AddNumberToObject(common_obj, "entrance_id", handle->entry_id); - cJSON_AddNumberToObject(common_obj, "device_id", 0); - cJSON_AddStringToObject(common_obj, "url", http->req->req_spec.url); - cJSON_AddStringToObject(common_obj, "host", http->req->req_spec.host); + cJSON_AddNumberToObject(common_obj, "common_direction", 0); //0:域内->域外,1:域外->域内,描述的是CLIENT_IP信息 + cJSON_AddNumberToObject(common_obj, "common_link_id", 0); + cJSON_AddNumberToObject(common_obj, "common_stream_dir", 3); //1:c2s, 2:s2c, 3:double + cJSON_AddStringToObject(common_obj, "common_sled_ip", handle->local_ip_str); + cJSON_AddNumberToObject(common_obj, "common_entrance_id", handle->entry_id); + cJSON_AddNumberToObject(common_obj, "common_device_id", 0); + cJSON_AddStringToObject(common_obj, "http_url", http->req->req_spec.url); + cJSON_AddStringToObject(common_obj, "http_host", http->req->req_spec.host); for(size_t i=0;ireq, req_fields[i].field_id); @@ -280,7 +293,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) log_file_upload_path, sizeof(log_file_upload_path)); if(tmp==0) { - cJSON_AddStringToObject(common_obj, "req_body", log_file_upload_path); + cJSON_AddStringToObject(common_obj, "http_request_body", log_file_upload_path); } else { @@ -306,8 +319,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) if(tmp==0) { - cJSON_AddStringToObject(common_obj, "resp_body", log_file_upload_path); - + cJSON_AddStringToObject(common_obj, "http_response_body", log_file_upload_path); } else { @@ -331,9 +343,9 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg) } per_hit_obj=cJSON_Duplicate(common_obj, 1); - cJSON_AddNumberToObject(per_hit_obj, "policy_id", log_msg->result[i].config_id); - cJSON_AddNumberToObject(per_hit_obj, "service", log_msg->result[i].service_id); - cJSON_AddNumberToObject(per_hit_obj, "action", (unsigned char)log_msg->result[i].action); + cJSON_AddNumberToObject(per_hit_obj, "common_policy_id", log_msg->result[i].config_id); + cJSON_AddNumberToObject(per_hit_obj, "common_service", log_msg->result[i].service_id); + cJSON_AddNumberToObject(per_hit_obj, "common_action", (unsigned char)log_msg->result[i].action); log_payload = cJSON_PrintUnformatted(per_hit_obj); TFE_LOG_DEBUG(handle->local_logger, "%s", log_payload); diff --git a/plugin/business/ssl-policy/src/ssl_policy.cpp b/plugin/business/ssl-policy/src/ssl_policy.cpp index 8489ffb..ab096d4 100644 --- a/plugin/business/ssl-policy/src/ssl_policy.cpp +++ b/plugin/business/ssl-policy/src/ssl_policy.cpp @@ -60,26 +60,38 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin struct ssl_policy_enforcer* enforcer=(struct ssl_policy_enforcer*)argp; ret=Maat_helper_read_column(table_line, 7, &intercept_user_region_offset, &len); if(ret<0) - { + { TFE_LOG_ERROR(enforcer->logger, "Get intercept user region: %s", table_line); return; - } + } json_str=ALLOC(char, len+1); - memcpy(json_str, table_line+intercept_user_region_offset, len); + memcpy(json_str, table_line+intercept_user_region_offset, len); json=cJSON_Parse(json_str); if(json==NULL) { TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: id = %s", key); goto error_out; } - param=ALLOC(struct intercept_param, 1); + + item=cJSON_GetObjectItem(json, "protocol"); + if(unlikely(!item || !cJSON_IsString(item))) + { + TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %s invalid protocol format", key); + goto error_out; + } + if (0!=strcasecmp(item->valuestring, "SSL/HTTP")) + { + goto error_out; + } + + param=ALLOC(struct intercept_param, 1); param->policy_id=atoi(key); param->ref_cnt=1; param->bypass_mutual_auth=1; param->bypass_pinning=1; param->mirror_client_version=1; param->keyring=1; - + item=cJSON_GetObjectItem(json, "keyring"); if(item) { @@ -96,7 +108,7 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: %d invalid keyring format", param->policy_id); } } - + exclusions=cJSON_GetObjectItem(json, "dynamic_bypass"); if(exclusions) { @@ -119,7 +131,7 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin if(approach) { item=cJSON_GetObjectItem(approach, "cn"); - if(item && item->type==cJSON_Number && item->valueint==0) param->no_verify_cn=1; + if(item && item->type==cJSON_Number && item->valueint==0) param->no_verify_cn=1; item=cJSON_GetObjectItem(approach, "issuer"); if(item && item->type==cJSON_Number && item->valueint==0) param->no_verify_issuer=1; item=cJSON_GetObjectItem(approach, "self-signed"); @@ -138,14 +150,14 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin } ssl_ver=cJSON_GetObjectItem(json, "protocol_version"); if(ssl_ver) - { - item=cJSON_GetObjectItem(ssl_ver, "mirror_client"); + { + item=cJSON_GetObjectItem(ssl_ver, "mirror_client"); if(item && item->type==cJSON_Number) param->mirror_client_version=item->valueint; if(!param->mirror_client_version) { - item=cJSON_GetObjectItem(ssl_ver, "min"); + item=cJSON_GetObjectItem(ssl_ver, "min"); if(item && item->type==cJSON_String) param->ssl_min_version=sslver_str2num(item->valuestring); - item=cJSON_GetObjectItem(ssl_ver, "max"); + item=cJSON_GetObjectItem(ssl_ver, "max"); if(item && item->type==cJSON_String) param->ssl_max_version=sslver_str2num(item->valuestring); if(param->ssl_min_version<0||param->ssl_max_version<0) { @@ -153,12 +165,12 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin TFE_LOG_ERROR(enforcer->logger, "Invalid intercept parameter: ssl version = %s", item->valuestring); } } - item=cJSON_GetObjectItem(ssl_ver, "allow_http2"); + item=cJSON_GetObjectItem(ssl_ver, "allow_http2"); if(item && item->type==cJSON_Number) param->allow_http2=item->valueint; } *ad=param; TFE_LOG_INFO(enforcer->logger, "Add intercept policy: %d", param->policy_id); -error_out: +error_out: cJSON_Delete(json); free(json_str); return; @@ -171,7 +183,7 @@ void intercept_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, v { return; } - + if ((__sync_sub_and_fetch(¶m->ref_cnt, 1) == 0)) { TFE_LOG_INFO(enforcer->logger, "Del intercept policy %d", param->policy_id);\ @@ -189,10 +201,10 @@ struct ssl_policy_enforcer* ssl_policy_enforcer_create(void* logger) struct ssl_policy_enforcer* enforcer=ALLOC(struct ssl_policy_enforcer, 1); enforcer->maat=g_business_maat; enforcer->logger=logger; - enforcer->table_id=Maat_table_register(enforcer->maat, "PXY_INTERCEPT_COMPILE"); - UNUSED int ret=Maat_plugin_EX_register(enforcer->maat, + enforcer->table_id=Maat_table_register(enforcer->maat, "TSG_SECURITY_COMPILE"); + UNUSED int ret=Maat_plugin_EX_register(enforcer->maat, enforcer->table_id, - intercept_param_new_cb, + intercept_param_new_cb, intercept_param_free_cb, intercept_param_dup_cb, NULL, @@ -222,7 +234,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p else { ssl_stream_get_string_opt(upstream, SSL_STREAM_OPT_SNI, sni, sizeof(sni)); - ssl_stream_get_string_opt(upstream, SSL_STREAM_OPT_ADDR, addr_string, sizeof(addr_string)); + ssl_stream_get_string_opt(upstream, SSL_STREAM_OPT_ADDR, addr_string, sizeof(addr_string)); TFE_LOG_DEBUG(enforcer->logger, "%s %s enforce policy %d", addr_string, sni, policy_id); } int pinning_staus=0, is_ev=0, is_ct=0, is_mauth=0, has_error=0; diff --git a/plugin/business/traffic-mirror/src/entry.cpp b/plugin/business/traffic-mirror/src/entry.cpp index f55f2bb..1b421e7 100644 --- a/plugin/business/traffic-mirror/src/entry.cpp +++ b/plugin/business/traffic-mirror/src/entry.cpp @@ -83,6 +83,17 @@ void policy_table_ex_data_new_cb(int table_id, const char * key, const char * ta goto ignore; } + json_item=cJSON_GetObjectItem(json_root, "protocol"); + if (unlikely(!json_item || !cJSON_IsString(json_item))) + { + TFE_LOG_ERROR(instance->logger, "invalid JSON, protocol not existed or invalid type."); + goto ignore; + } + if (0!=strcasecmp(json_item->valuestring, "SSL/HTTP")) + { + goto out; + } + json_subroot = cJSON_GetObjectItem(json_root, "decrypt_mirror"); if (unlikely(!json_subroot)) { @@ -496,10 +507,10 @@ int traffic_mirror_init(struct tfe_proxy * proxy) } /* REGISTER MAAT FEATHER */ - instance->policy_table_id = Maat_table_register(instance->maat_feather, "PXY_INTERCEPT_COMPILE"); + instance->policy_table_id = Maat_table_register(instance->maat_feather, "TSG_SECURITY_COMPILE"); if (unlikely(instance->policy_table_id < 0)) { - TFE_LOG_ERROR(instance->logger, "failed at register table PXY_INTERCEPT_COMPILE, ret = %d", + TFE_LOG_ERROR(instance->logger, "failed at register table TSG_SECURITY_COMPILE, ret = %d", instance->policy_table_id); goto errout; } diff --git a/plugin/protocol/http2/src/http2_stream.cpp b/plugin/protocol/http2/src/http2_stream.cpp index b328183..8f5446a 100644 --- a/plugin/protocol/http2/src/http2_stream.cpp +++ b/plugin/protocol/http2/src/http2_stream.cpp @@ -2003,6 +2003,32 @@ nghttp2_client_on_frame_recv(nghttp2_session *session, return 0; } +static enum tfe_stream_action +nghttp2_submit_data_by_user(struct tfe_h2_stream *connection, + struct tfe_h2_session *h2_session, + enum tfe_conn_dir dir) +{ + int rv = -1; + enum tfe_stream_action stream_action = ACTION_DROP_DATA; + + struct tfe_h2_half_private *h2_half = tfe_h2_stream_get_half(h2_session, dir); + nghttp2_session *ngh2_session = tfe_h2_stream_get_nghttp2_session(connection, dir); + + struct tfe_h2_payload *body = &h2_half->h2_payload; + + nghttp2_data_provider upstream_data_provider; + upstream_data_provider.source.ptr = (void *)body; + upstream_data_provider.read_callback = upstream_read_callback; + + rv = nghttp2_submit_data(ngh2_session, body->flags, + h2_session->ngh2_stream_id, &upstream_data_provider); + if (rv != 0){ + stream_action = ACTION_FORWARD_DATA; + //printf("Fatal server submit data error: %s\n", nghttp2_strerror(rv)); + } + return stream_action; +} + static int nghttp2_client_on_data_chunk_recv(nghttp2_session *session, uint8_t flags, int32_t stream_id, const uint8_t *input, @@ -2041,6 +2067,26 @@ nghttp2_client_on_data_chunk_recv(nghttp2_session *session, uint8_t flags, input = (const uint8_t*)uncompr; input_len = uncompr_len; } + else + { + /*if input is end_stream, send by nghttp2_submit_frame_data **/ + if (flags != NGHTTP2_FLAG_END_STREAM) + { + /**Decompression failed, send this data**/ + stream_action = nghttp2_submit_data_by_user(h2_stream_info, h2_session, CONN_DIR_UPSTREAM); + if (stream_action == ACTION_DROP_DATA) + { + xret = nghttp2_session_send(h2_stream_info->as_server); + if (xret != 0) + { + stream_action = ACTION_FORWARD_DATA; + TFE_LOG_ERROR(logger()->handle, "Fatal upstream(%d) send error: %s\n",stream_id, nghttp2_strerror(xret)); + } + } + h2_stream_info->stream_action = stream_action; + return 0; + } + } } data = input; len = input_len; diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index b2a3b15..742ab75 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -9,7 +9,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.baidu.com/index.html\"}", + "user_region": "{\"protocol\":\"http\",\"method\":\"redirect\",\"code\":302,\"to\":\"https://www.baidu.com/index.html\"}", "is_valid": "yes", "groups": [ { @@ -35,7 +35,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":101}", + "user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":101}", "is_valid": "yes", "groups": [ { @@ -61,7 +61,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":102}", + "user_region": "{\"protocol\":\"http\",\"method\":\"block\",\"code\":403,\"message\":\"error\",\"html_profile\":102}", "is_valid": "yes", "groups": [ { @@ -87,7 +87,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"比特币\",\"replace_with\":\"硬币\"}]}", + "user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_resp_body\",\"find\":\"比特币\",\"replace_with\":\"硬币\"}]}", "is_valid": "yes", "groups": [ { @@ -113,7 +113,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"hijack\",\"hijack_profile\":201}", + "user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}", "is_valid": "yes", "groups": [ { @@ -139,7 +139,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"hijack\",\"hijack_profile\":201}", + "user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":201}", "is_valid": "yes", "groups": [ { @@ -165,7 +165,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"hijack\",\"hijack_profile\":202}", + "user_region": "{\"protocol\":\"http\",\"method\":\"hijack\",\"hijack_profile\":202}", "is_valid": "yes", "groups": [ { @@ -191,7 +191,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"insert\",\"insert_profile\":302}", + "user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":302}", "is_valid": "yes", "groups": [ { @@ -217,7 +217,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"insert\",\"insert_profile\":303,\"position\":\"after-page-load\"}", + "user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"after-page-load\"}", "is_valid": "yes", "groups": [ { @@ -243,7 +243,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"insert\",\"insert_profile\":303,\"position\":\"before-page-load\"}", + "user_region": "{\"protocol\":\"http\",\"method\":\"insert\",\"insert_profile\":303,\"position\":\"before-page-load\"}", "is_valid": "yes", "groups": [ { @@ -269,7 +269,7 @@ "do_blacklist": 1, "do_log": 1, "effective_range": 0, - "user_region": "{\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)q=([^&|^#]*)(?=&|$)\",\"replace_with\":\"q=find\"},{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)ei=([^&|^#]*)(?=&|$)\",\"replace_with\":\"ei=chaxun\"}]}", + "user_region": "{\"protocol\":\"http\",\"method\":\"replace\",\"rules\":[{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)q=([^&|^#]*)(?=&|$)\",\"replace_with\":\"q=find\"},{\"search_in\":\"http_req_uri\",\"find\":\"(?<=\\\\\\?|^|&)ei=([^&|^#]*)(?=&|$)\",\"replace_with\":\"ei=chaxun\"}]}", "is_valid": "yes", "groups": [ { @@ -300,23 +300,23 @@ { "table_name": "PXY_PROFILE_HIJACK_FILES", "table_content": [ - "201\tchakanqi-947KB.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/chakanqi-947KB.exe\t1", - "202\tWPS8648-132M.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/WPS8648-132M.exe\t1" + "201\tchakanqi\tchakanqi-947KB.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/chakanqi-947KB.exe\t1", + "202\tWPS8648\tWPS8648-132M.exe\tapplication/x-msdos-program\t./resource/pangu/policy_file/WPS8648-132M.exe\t1" ] }, { "table_name": "PXY_PROFILE_INSERT_SCRIPTS", "table_content": [ - "301\ttime\tjs\t./resource/pangu/policy_file/time.js\t1", - "302\tu1\tcss\t./resource/pangu/policy_file/u1.css\t1", - "303\tu1\tjs\t./resource/pangu/policy_file/alert.js\t1" + "301\ttime\tjs\t./resource/pangu/policy_file/time.js\tbefore_page_load\t1", + "302\tu1\tcss\t./resource/pangu/policy_file/u1.css\tbefore_page_load\t1", + "303\tu1\tjs\t./resource/pangu/policy_file/alert.js\tbefore_page_load\t1" ] }, { - "table_name": "PXY_INTERCEPT_COMPILE", + "table_name": "TSG_SECURITY_COMPILE", "table_content": [ - "0\t0\t2\t1\t1\t{}\t{\"keyring\":765,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1,\"protocol_errors\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", - "1\t0\t2\t1\t1\t{}\t{\"keyring\":0,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2" + "0\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":765,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1,\"protocol_errors\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":0},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"ssl3\",\"mirror_client\":1,\"allow_http2\":1},\"decrypt_mirror\":{\"enable\":0}}\t1\t2", + "1\t0\t2\t1\t1\t{}\t{\"protocol\":\"SSL/HTTP\",\"keyring\":0,\"dynamic_bypass\":{\"ev_cert\":0,\"cert_transparency\":0,\"mutual_authentication\":1,\"cert_pinning\":1},\"certificate_checks\":{\"approach\":{\"cn\":1,\"issuer\":1,\"self-signed\":1,\"expiration\":1},\"fail_action\":\"pass-through\"},\"protocol_version\":{\"min\":\"ssl3\",\"max\":\"tls13\",\"mirror_client\":1},\"decrypt_mirror\":{\"enable\":1,\"mirror_profile\":4}}\t1\t2" ] } ] diff --git a/resource/pangu/table_info.conf b/resource/pangu/table_info.conf index b8fa02c..e2f4371 100644 --- a/resource/pangu/table_info.conf +++ b/resource/pangu/table_info.conf @@ -42,5 +42,5 @@ 16 PXY_PROFILE_RESPONSE_PAGES plugin {"key":1,"foreign":"4","valid":5} 17 PXY_PROFILE_HIJACK_FILES plugin {"key":1,"foreign":"5","valid":6} 18 PXY_PROFILE_INSERT_SCRIPTS plugin {"key":1,"foreign":"4","valid":6} -19 PXY_INTERCEPT_COMPILE plugin {"key":1,"valid":8} +19 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8} 20 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4} diff --git a/resource/pangu/table_info_traffic_mirror.conf b/resource/pangu/table_info_traffic_mirror.conf index c1a2529..fb0bd87 100644 --- a/resource/pangu/table_info_traffic_mirror.conf +++ b/resource/pangu/table_info_traffic_mirror.conf @@ -15,5 +15,5 @@ # #For expr/expr_plus Table #id name type src_charset dst_charset do_merge cross_cache quick_mode -0 PXY_INTERCEPT_COMPILE plugin {"key":1,"valid":8} +0 TSG_SECURITY_COMPILE plugin {"key":1,"valid":8} 1 PXY_PROFILE_TRAFFIC_MIRROR plugin {"key":1,"valid":4}