From dbf7ca3053106c6cbb4af46fcdc75dc363edbf86 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Fri, 15 Apr 2022 16:20:52 +0800 Subject: [PATCH] =?UTF-8?q?TSG-10278=20Proxy=20Policy=E7=9A=84Deny?= =?UTF-8?q?=E5=8A=A8=E4=BD=9C=E6=94=AF=E6=8C=81=E8=AE=BE=E7=BD=AE=E6=90=BA?= =?UTF-8?q?=E5=B8=A6=E7=AD=96=E7=95=A5=E3=80=81=E7=94=A8=E6=88=B7=E4=BF=A1?= =?UTF-8?q?=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/business/pangu-http/src/pangu_http.cpp | 71 +++++-------------- 1 file changed, 17 insertions(+), 54 deletions(-) diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp index 52e3229..690df06 100644 --- a/plugin/business/pangu-http/src/pangu_http.cpp +++ b/plugin/business/pangu-http/src/pangu_http.cpp @@ -1564,53 +1564,6 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio } } -static UNUSED void http_reject(const struct tfe_http_session * session, enum tfe_http_event events, - struct pangu_http_ctx * ctx) -{ - int resp_code = 0; - struct tfe_http_half * response = NULL; - char * page_buff = NULL; - size_t page_size = 0; - - char cont_len_str[16]; - - char *msg = NULL; - struct tfe_http_session * to_write_sess = NULL; - - struct policy_action_param *param = ctx->param; - - resp_code = param->status_code; - msg = param->message; - if (resp_code <= 0){ - TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid block rule %d", ctx->enforce_rules[0].config_id); - ctx->action = PG_ACTION_NONE; - return; - } - - if(events & EV_HTTP_RESP_HDR || tfe_http_in_request(events)) - { - to_write_sess = tfe_http_session_allow_write(session); - response = tfe_http_session_response_create(to_write_sess, resp_code); - - template_generate(resp_code, ctx->enforce_rules[0].config_id, msg, &page_buff, &page_size); - tfe_http_std_field_write(response, TFE_HTTP_CONT_TYPE, "text/html; charset=utf-8"); - snprintf(cont_len_str, sizeof(cont_len_str), "%lu", page_size); - tfe_http_std_field_write(response, TFE_HTTP_CONT_LENGTH, cont_len_str); - - tfe_http_half_append_body(response, page_buff, page_size, 0); - tfe_http_half_append_body(response, NULL, 0, 0); - tfe_http_session_response_set(to_write_sess, response); - tfe_http_session_detach(session); - html_free(&page_buff); - } - else - { - to_write_sess = tfe_http_session_allow_write(session); - tfe_http_session_kill(to_write_sess); - } - return; -} - static void http_get_client_id(const struct tfe_stream * stream, char *replace_regex) { const char *sip,*dip,*sport,*dport; @@ -1745,13 +1698,13 @@ error_out: return; } -static void http_block(const struct tfe_http_session * session, enum tfe_http_event events, +static void http_block(const struct tfe_stream * stream, const struct tfe_http_session * session, enum tfe_http_event events, struct pangu_http_ctx * ctx) { int ret = -1; struct tfe_http_half * response = NULL; - char * page_buff = NULL; - size_t page_size = 0; + char * page_buff = NULL; size_t page_size = 0; + size_t rewrite_message_sz=0; char *rewrite_message=NULL; char cont_len_str[16]; @@ -1776,8 +1729,18 @@ static void http_block(const struct tfe_http_session * session, enum tfe_http_ev ret = html_generate(profile_id, message, &page_buff, &page_size); if (ret != 0) { - /*read local configuration**/ - template_generate(resp_code, ctx->enforce_rules[0].config_id, message, &page_buff, &page_size); + rewrite_message_sz = http_decoder_url(stream, message, ctx->enforce_rules[0].config_id, &rewrite_message); + if(rewrite_message_sz>0 && rewrite_message!= NULL) + { + /*read local configuration**/ + template_generate(resp_code, ctx->enforce_rules[0].config_id, rewrite_message, &page_buff, &page_size); + FREE(&rewrite_message); + } + else + { + /*read local configuration**/ + template_generate(resp_code, ctx->enforce_rules[0].config_id, message, &page_buff, &page_size); + } } tfe_http_std_field_write(response, TFE_HTTP_CONT_TYPE, "text/html; charset=utf-8"); snprintf(cont_len_str, sizeof(cont_len_str), "%lu", page_size); @@ -2196,7 +2159,7 @@ static void http_manipulate(const struct tfe_stream * stream, const struct tfe_h http_redirect(stream, session, events, ctx); break; case MA_ACTION_BLOCK: - http_block(session, events, ctx); + http_block(stream, session, events, ctx); break; case MA_ACTION_REPLACE: http_replace(stream, session, events, body_frag, frag_size, ctx); @@ -2378,7 +2341,7 @@ void enforce_control_policy(const struct tfe_stream * stream, const struct tfe_h //send log on close. break; case PG_ACTION_REJECT: - http_block(session, events, ctx); + http_block(stream, session, events, ctx); break; case PG_ACTION_MANIPULATE: http_manipulate(stream, session, events, body_frag, frag_size, ctx);