diff --git a/plugin/business/pangu-http/conf/pangu_ctrl.json b/plugin/business/pangu-http/conf/pangu_ctrl.json new file mode 100644 index 0000000..fa3587a --- /dev/null +++ b/plugin/business/pangu-http/conf/pangu_ctrl.json @@ -0,0 +1,135 @@ +{ + "rules": [ + { + "compile_id": 125, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "code=302;url=http://news.baidu.com", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "kernel-3.10.0-327.el7.src.rpm", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 128, + "service": 1, + "action": 16, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "code=302;url=http://news.baidu.com", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_RES_BODY", + "table_type": "string", + "table_content": { + "keywords": "hello=world", + "expr_type": "regex", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 127, + "service": 1, + "action": 80, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "zone=http_resp_body;regex=/house.qq.com/www.renren.com", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "www.qq.com", + "expr_type": "none", + "match_method": "left", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 130, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "code=404;content=", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "www.google.com", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 131, + "service": 1, + "action": 48, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "user_region": "code=404;content=", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "PXY_CTRL_HTTP_RES_BODY", + "table_type": "string", + "table_content": { + "keywords": "动物世界", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + } + + ] +} diff --git a/plugin/business/pangu-http/conf/pangu_pxy.conf b/plugin/business/pangu-http/conf/pangu_pxy.conf new file mode 100644 index 0000000..0424123 --- /dev/null +++ b/plugin/business/pangu-http/conf/pangu_pxy.conf @@ -0,0 +1,19 @@ +[DEBUG] +LOG_LEVEL=0 +[LOG] +NIC_NAME=enp131s0f2 +ENTRANCE_ID=0 +KAFKA_BROKERLIST=192.168.10.73:9092 + +[MAAT] +# 0:json 1: redis 2: iris +MAAT_INPUT_MODE=0 +TABLE_INFO=./pangu_conf/table_info.conf +JSON_CFG_FILE=./pangu_conf/pangu_ctrl.json +STAT_FILE=./log/pangu_scan.status +FULL_CFG_DIR=./pangu_policy/full/index/ +INC_CFG_DIR=./pangu_policy/inc/index/ +MAAT_REDIS_SERVER=192.168.11.243 +MAAT_REDIS_PORT=6379 +MAAT_REDIS_DB_INDEX=4 +EFFECT_INTERVAL_S=1 diff --git a/plugin/business/pangu-http/conf/table_info.conf b/plugin/business/pangu-http/conf/table_info.conf new file mode 100644 index 0000000..043accc --- /dev/null +++ b/plugin/business/pangu-http/conf/table_info.conf @@ -0,0 +1,25 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege [yes/no] +#cross cache [number] +#quick mode [quickon/quickoff], default [quickoff] +#For ip/intval/digest/compile/group +#id name type +# +#For plugin table +#id name type valid_column +# +#For expr/expr_plus Table +#id name type src_charset dst_charset do_merge cross_cache quick_mode +0 PXY_CTRL_COMPILE compile escape -- +1 PXY_CTRL_GROUP group -- +2 PXY_CTRL_IP ip --- +3 PXY_CTRL_HTTP_URL expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff +4 PXY_CTRL_HTTP_REQ_HDR expr_plus UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff +5 PXY_CTRL_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff +6 PXY_CTRL_HTTP_RES_HDR expr_plus UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff +7 PXY_CTRL_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 128 quickoff diff --git a/plugin/business/pangu-http/template/HTTP403.html b/plugin/business/pangu-http/conf/template/HTTP403.html similarity index 100% rename from plugin/business/pangu-http/template/HTTP403.html rename to plugin/business/pangu-http/conf/template/HTTP403.html diff --git a/plugin/business/pangu-http/template/HTTP404.html b/plugin/business/pangu-http/conf/template/HTTP404.html similarity index 100% rename from plugin/business/pangu-http/template/HTTP404.html rename to plugin/business/pangu-http/conf/template/HTTP404.html diff --git a/plugin/business/pangu-http/template/HTTP451.html b/plugin/business/pangu-http/conf/template/HTTP451.html similarity index 100% rename from plugin/business/pangu-http/template/HTTP451.html rename to plugin/business/pangu-http/conf/template/HTTP451.html diff --git a/plugin/business/pangu-http/pangu_http.cpp b/plugin/business/pangu-http/pangu_http.cpp index b6e6d64..7662844 100644 --- a/plugin/business/pangu-http/pangu_http.cpp +++ b/plugin/business/pangu-http/pangu_http.cpp @@ -61,22 +61,37 @@ struct pangu_rt int page_size; }; struct pangu_rt *g_pangu_rt; +#define MAAT_INPUT_JSON 0 +#define MAAT_INPUT_REDIS 1 +#define MAAT_INPUT_FILE 2 + static Maat_feather_t create_maat_feather(const char* profile, const char* section,int max_thread, void* logger) { Maat_feather_t target; - int maat_json_switch=0,maat_stat_on=0,maat_perf_on=0; + int input_mode=0,maat_stat_on=0,maat_perf_on=0; int ret=0,scan_detail=0,effect_interval=60; char table_info[TFE_STRING_MAX]={0},inc_cfg_dir[TFE_STRING_MAX]={0},ful_cfg_dir[TFE_STRING_MAX]={0}; + char redis_server[TFE_STRING_MAX]={0}; + int redis_port=0; + int redis_db_idx=0; char json_cfg_file[TFE_STRING_MAX]={0},maat_stat_file[TFE_STRING_MAX]={0}; const char* instance_name="pangu"; - MESA_load_profile_int_def(profile, section,"MAAT_JSON_SWITCH", &(maat_json_switch),0); + MESA_load_profile_int_def(profile, section,"MAAT_INPUT_MODE", &(input_mode),0); MESA_load_profile_int_def(profile, section,"STAT_SWITCH", &(maat_stat_on),1); MESA_load_profile_int_def(profile, section,"PERF_SWITCH", &(maat_perf_on),1); MESA_load_profile_string_def(profile,section,"TABLE_INFO",table_info, sizeof(table_info),""); + + MESA_load_profile_string_def(profile,section,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),""); + + MESA_load_profile_string_def(profile,section,"MAAT_REDIS_SERVER",redis_server, sizeof(redis_server),""); + MESA_load_profile_int_def(profile,section,"MAAT_REDIS_PORT", &(redis_port),6379); + MESA_load_profile_int_def(profile,section,"MAAT_REDIS_DB_INDEX", &(redis_db_idx),0); + + MESA_load_profile_string_def(profile,section,"INC_CFG_DIR",inc_cfg_dir, sizeof(inc_cfg_dir),""); MESA_load_profile_string_def(profile,section,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),""); - MESA_load_profile_string_def(profile,section,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),""); + MESA_load_profile_string_def(profile,section,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file),""); MESA_load_profile_int_def(profile,section,"EFFECT_INTERVAL_S", &(effect_interval),60); @@ -85,14 +100,24 @@ static Maat_feather_t create_maat_feather(const char* profile, const char* secti target=Maat_feather(max_thread,table_info, logger); Maat_set_feather_opt(target,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1); - if(maat_json_switch==1) + switch(input_mode) { - Maat_set_feather_opt(target, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1); - } - else - { - Maat_set_feather_opt(target, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1); - Maat_set_feather_opt(target, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1); + case MAAT_INPUT_JSON: + Maat_set_feather_opt(target, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1); + break; + case MAAT_INPUT_REDIS: + Maat_set_feather_opt(target, MAAT_OPT_REDIS_IP,redis_server, strlen(redis_server)+1); + Maat_set_feather_opt(target, MAAT_OPT_REDIS_PORT, &redis_port, sizeof(redis_port)); + Maat_set_feather_opt(target, MAAT_OPT_REDIS_INDEX, &redis_db_idx, sizeof(redis_db_idx)); + break; + case MAAT_INPUT_FILE: + Maat_set_feather_opt(target, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1); + Maat_set_feather_opt(target, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1); + break; + default: + TFE_LOG_ERROR(logger, "Invalid MAAT Input Mode: %d.", input_mode); + goto error_out; + break; } if(maat_stat_on) { @@ -111,13 +136,16 @@ static Maat_feather_t create_maat_feather(const char* profile, const char* secti if(ret<0) { TFE_LOG_ERROR(logger, "%s MAAT init failed.", __FUNCTION__); - return NULL; + goto error_out; } return target; +error_out: + Maat_burn_feather(target); + return NULL; } int pangu_http_init(struct tfe_proxy * proxy) { - const char* profile="./pangu/pangu_pxy.conf"; + const char* profile="./pangu_conf/pangu_pxy.conf"; const char* logfile="./log/pangu_pxy.log"; g_pangu_rt=ALLOC(struct pangu_rt,1); MESA_load_profile_int_def(profile, "DEBUG", "LOG_LEVEL", &(g_pangu_rt->log_level),0); @@ -151,11 +179,11 @@ int pangu_http_init(struct tfe_proxy * proxy) } char page_path[256]; - MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_403", page_path,sizeof(page_path), "./template/HTTP403.html"); + MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_403", page_path,sizeof(page_path), "./pangu_conf/template/HTTP403.html"); g_pangu_rt->tpl_403 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP); - MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_404", page_path,sizeof(page_path), "./template/HTTP404.html"); + MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_404", page_path,sizeof(page_path), "./pangu_conf/template/HTTP404.html"); g_pangu_rt->tpl_404 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP); - MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_451", page_path,sizeof(page_path), "./template/HTTP451.html"); + MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_451", page_path,sizeof(page_path), "./pangu_conf/template/HTTP451.html"); g_pangu_rt->tpl_451 = ctemplate::Template::GetTemplate(page_path,ctemplate::DO_NOT_STRIP); TFE_LOG_INFO(NULL, "Pangu HTTP init success."); @@ -866,7 +894,7 @@ void pangu_on_http_end(const struct tfe_stream * stream, struct pangu_log log_msg={.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce}; if(ctx->action!=PG_ACTION_NONE) { - pangu_log_send(g_pangu_rt->send_logger, &log_msg); + pangu_send_log(g_pangu_rt->send_logger, &log_msg); } pangu_http_ctx_free(ctx); *pme=NULL; diff --git a/plugin/business/pangu-http/pangu_logger.h b/plugin/business/pangu-http/pangu_logger.h index e9f6413..d9a3513 100644 --- a/plugin/business/pangu-http/pangu_logger.h +++ b/plugin/business/pangu-http/pangu_logger.h @@ -15,6 +15,7 @@ struct pangu_logger; struct pangu_logger* pangu_log_handle_create(const char* profile, const char* section, void* local_logger); //return 0 if SUCCESS, otherwise return -1 -int pangu_log_send(struct pangu_logger* logger, const pangu_log* log_msg); +int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg); +