WAF区域封禁增加“允许搜索引擎”选项

iwind · iwind · commit 3bcbde4ba0c1 · 2024-05-08T17:53:12.000+08:00
diff --git a/internal/web/actions/default/servers/components/waf/ipadmin/index.go b/internal/web/actions/default/servers/components/waf/ipadmin/index.go
@@ -41,12 +41,15 @@ func (this *IndexAction) RunGet(params struct {
 	var deniedCountryIds = []int64{}
 	var allowedCountryIds = []int64{}
 	var countryHTML string
+	var allowSearchEngine bool
 	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
 		deniedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
 		allowedCountryIds = policyConfig.Inbound.Region.AllowCountryIds
 		countryHTML = policyConfig.Inbound.Region.CountryHTML
+		allowSearchEngine = policyConfig.Inbound.Region.AllowSearchEngine
 	}
 	this.Data["countryHTML"] = countryHTML
+	this.Data["allowSearchEngine"] = allowSearchEngine
 
 	countriesResp, err := this.RPC().RegionCountryRPC().FindAllRegionCountries(this.AdminContext(), &pb.FindAllRegionCountriesRequest{})
 	if err != nil {
@@ -94,7 +97,8 @@ func (this *IndexAction) RunPost(params struct {
 	ExceptURLPatternsJSON []byte
 	OnlyURLPatternsJSON   []byte
 
-	CountryHTML string
+	CountryHTML       string
+	AllowSearchEngine bool
 
 	Must *actions.Must
 }) {
@@ -139,6 +143,7 @@ func (this *IndexAction) RunPost(params struct {
 		return
 	}
 	policyConfig.Inbound.Region.CountryHTML = params.CountryHTML
+	policyConfig.Inbound.Region.AllowSearchEngine = params.AllowSearchEngine
 
 	// 限制URL
 	var onlyURLPatterns = []*shared.URLPattern{}
diff --git a/internal/web/actions/default/servers/server/settings/waf/ipadmin/countries.go b/internal/web/actions/default/servers/server/settings/waf/ipadmin/countries.go
@@ -46,12 +46,15 @@ func (this *CountriesAction) RunGet(params struct {
 	var deniedCountryIds = []int64{}
 	var allowedCountryIds = []int64{}
 	var countryHTML = ""
+	var allowSearchEngine bool
 	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
 		deniedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
 		allowedCountryIds = policyConfig.Inbound.Region.AllowCountryIds
 		countryHTML = policyConfig.Inbound.Region.CountryHTML
+		allowSearchEngine = policyConfig.Inbound.Region.AllowSearchEngine
 	}
 	this.Data["countryHTML"] = countryHTML
+	this.Data["allowSearchEngine"] = allowSearchEngine
 
 	countriesResp, err := this.RPC().RegionCountryRPC().FindAllRegionCountries(this.AdminContext(), &pb.FindAllRegionCountriesRequest{})
 	if err != nil {
@@ -126,7 +129,8 @@ func (this *CountriesAction) RunPost(params struct {
 	ExceptURLPatternsJSON []byte
 	OnlyURLPatternsJSON   []byte
 
-	CountryHTML string
+	CountryHTML       string
+	AllowSearchEngine bool
 
 	Must *actions.Must
 }) {
@@ -179,6 +183,7 @@ func (this *CountriesAction) RunPost(params struct {
 	policyConfig.Inbound.Region.CountryOnlyURLPatterns = onlyURLPatterns
 
 	policyConfig.Inbound.Region.CountryHTML = params.CountryHTML
+	policyConfig.Inbound.Region.AllowSearchEngine = params.AllowSearchEngine
 
 	if len(params.CountryHTML) > 32<<10 {
 		this.Fail("提示内容长度不能超出32K")
diff --git a/web/views/@default/servers/components/waf/ipadmin/index.html b/web/views/@default/servers/components/waf/ipadmin/index.html
@@ -40,6 +40,13 @@
                     <p class="comment">当客户端所在区域被封禁时提示页面的HTML内容；不填则表示使用默认的提示内容；支持请求变量。</p>
                 </td>
             </tr>
+            <tr>
+                <td>允许搜索引擎</td>
+                <td>
+                    <checkbox name="allowSearchEngine" v-model="allowSearchEngine"></checkbox>
+                    <p class="comment">选中后，表示如果请求来自常见搜索引擎的IP，则不受区域限制。</p>
+                </td>
+            </tr>
         </tbody>
     </table>
     <submit-btn></submit-btn>
diff --git a/web/views/@default/servers/groups/group/settings/waf/ipadmin/countries.html b/web/views/@default/servers/groups/group/settings/waf/ipadmin/countries.html
@@ -39,6 +39,13 @@
                     <td>限制URL &nbsp;<tip-icon content="只对这些URL做限制。"></tip-icon></td>
                     <td><url-patterns-box v-model="onlyURLPatterns"></url-patterns-box></td>
                 </tr>
+                <tr>
+                    <td>允许搜索引擎</td>
+                    <td>
+                        <checkbox name="allowSearchEngine" v-model="allowSearchEngine"></checkbox>
+                        <p class="comment">选中后，表示如果请求来自常见搜索引擎的IP，则不受区域限制。</p>
+                    </td>
+                </tr>
             </tbody>
 		</table>
 		<submit-btn></submit-btn>
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/countries.html b/web/views/@default/servers/server/settings/waf/ipadmin/countries.html
@@ -51,6 +51,13 @@
                         <p class="comment">当客户端所在区域被封禁时提示页面的HTML内容；不填则表示使用默认的提示内容；支持请求变量。</p>
                     </td>
                 </tr>
+                <tr>
+                    <td>允许搜索引擎</td>
+                    <td>
+                        <checkbox name="allowSearchEngine" v-model="allowSearchEngine"></checkbox>
+                        <p class="comment">选中后，表示如果请求来自常见搜索引擎的IP，则不受区域限制。</p>
+                    </td>
+                </tr>
             </tbody>
 		</table>
 		<submit-btn></submit-btn>
