mirror of
https://github.com/fabriziosalmi/caddy-waf.git
synced 2025-12-23 22:27:46 -05:00
chore: renamed country block to country blacklisting for consistency
This commit is contained in:
drev74
28
caddywaf.go
28
caddywaf.go
@@ -193,23 +193,23 @@ func (m *Middleware) Provision(ctx caddy.Context) error {
|
||||
// Initialize GeoIP stats
|
||||
m.geoIPStats = make(map[string]int64)
|
||||
|
||||
// Configure GeoIP-based country blocking/whitelisting
|
||||
if m.CountryBlock.Enabled || m.CountryWhitelist.Enabled {
|
||||
geoIPPath := m.CountryBlock.GeoIPDBPath
|
||||
// Configure GeoIP-based country blacklisting/whitelisting
|
||||
if m.CountryBlacklist.Enabled || m.CountryWhitelist.Enabled {
|
||||
geoIPPath := m.CountryBlacklist.GeoIPDBPath
|
||||
if m.CountryWhitelist.Enabled && m.CountryWhitelist.GeoIPDBPath != "" {
|
||||
geoIPPath = m.CountryWhitelist.GeoIPDBPath
|
||||
}
|
||||
|
||||
if !fileExists(geoIPPath) {
|
||||
m.logger.Warn("GeoIP database not found. Country blocking/whitelisting will be disabled", zap.String("path", geoIPPath))
|
||||
m.logger.Warn("GeoIP database not found. Country blacklisting/whitelisting will be disabled", zap.String("path", geoIPPath))
|
||||
} else {
|
||||
reader, err := maxminddb.Open(geoIPPath)
|
||||
if err != nil {
|
||||
m.logger.Error("Failed to load GeoIP database", zap.String("path", geoIPPath), zap.Error(err))
|
||||
} else {
|
||||
m.logger.Info("GeoIP database loaded successfully", zap.String("path", geoIPPath))
|
||||
if m.CountryBlock.Enabled {
|
||||
m.CountryBlock.geoIP = reader
|
||||
if m.CountryBlacklist.Enabled {
|
||||
m.CountryBlacklist.geoIP = reader
|
||||
}
|
||||
if m.CountryWhitelist.Enabled {
|
||||
m.CountryWhitelist.geoIP = reader
|
||||
@@ -288,20 +288,20 @@ func (m *Middleware) Shutdown(ctx context.Context) error {
|
||||
var errorOccurred bool
|
||||
|
||||
// Close GeoIP databases
|
||||
if m.CountryBlock.geoIP != nil {
|
||||
m.logger.Debug("Closing country block GeoIP database...")
|
||||
if err := m.CountryBlock.geoIP.Close(); err != nil {
|
||||
m.logger.Error("Error encountered while closing country block GeoIP database", zap.Error(err))
|
||||
if m.CountryBlacklist.geoIP != nil {
|
||||
m.logger.Debug("Closing country blacklist GeoIP database...")
|
||||
if err := m.CountryBlacklist.geoIP.Close(); err != nil {
|
||||
m.logger.Error("Error encountered while closing country blacklist GeoIP database", zap.Error(err))
|
||||
if !errorOccurred {
|
||||
firstError = fmt.Errorf("error closing country block GeoIP: %w", err)
|
||||
firstError = fmt.Errorf("error closing country blacklist GeoIP: %w", err)
|
||||
errorOccurred = true
|
||||
}
|
||||
} else {
|
||||
m.logger.Debug("Country block GeoIP database closed successfully.")
|
||||
m.logger.Debug("Country blacklist GeoIP database closed successfully.")
|
||||
}
|
||||
m.CountryBlock.geoIP = nil
|
||||
m.CountryBlacklist.geoIP = nil
|
||||
} else {
|
||||
m.logger.Debug("Country block GeoIP database was not open, skipping close.")
|
||||
m.logger.Debug("Country blacklist GeoIP database was not open, skipping close.")
|
||||
}
|
||||
|
||||
if m.CountryWhitelist.geoIP != nil {
|
||||
|
||||
@@ -32,7 +32,7 @@ func TestMiddleware_Provision(t *testing.T) {
|
||||
IPBlacklistFile: "testdata/ip_blacklist.txt",
|
||||
DNSBlacklistFile: "testdata/dns_blacklist.txt",
|
||||
AnomalyThreshold: 10,
|
||||
CountryBlock: CountryAccessFilter{
|
||||
CountryBlacklist: CountryAccessFilter{
|
||||
Enabled: true,
|
||||
CountryList: []string{"US"},
|
||||
GeoIPDBPath: "testdata/GeoIP2-Country-Test.mmdb",
|
||||
|
||||
@@ -140,7 +140,7 @@ func (cl *ConfigLoader) UnmarshalCaddyfile(d *caddyfile.Dispenser, m *Middleware
|
||||
m.LogSeverity = "info"
|
||||
m.LogJSON = false
|
||||
m.AnomalyThreshold = 5
|
||||
m.CountryBlock.Enabled = false
|
||||
m.CountryBlacklist.Enabled = false
|
||||
m.CountryWhitelist.Enabled = false
|
||||
m.LogFilePath = "debug.json"
|
||||
m.RedactSensitiveData = false
|
||||
@@ -269,7 +269,7 @@ func (cl *ConfigLoader) parseCustomResponse(d *caddyfile.Dispenser, m *Middlewar
|
||||
// parseCountryBlockDirective returns a closure to handle block_countries and whitelist_countries directives.
|
||||
func (cl *ConfigLoader) parseCountryBlockDirective(isBlock bool) func(d *caddyfile.Dispenser, m *Middleware) error {
|
||||
return func(d *caddyfile.Dispenser, m *Middleware) error {
|
||||
target := &m.CountryBlock
|
||||
target := &m.CountryBlacklist
|
||||
directiveName := "block_countries"
|
||||
if !isBlock {
|
||||
target = &m.CountryWhitelist
|
||||
|
||||
@@ -201,14 +201,14 @@ func TestParseCountryBlock(t *testing.T) {
|
||||
t.Fatalf("parseCountryBlockDirective failed: %v", err)
|
||||
}
|
||||
|
||||
if !m.CountryBlock.Enabled {
|
||||
t.Errorf("Expected country block to be enabled, got %v", m.CountryBlock.Enabled)
|
||||
if !m.CountryBlacklist.Enabled {
|
||||
t.Errorf("Expected country blacklist to be enabled, got %v", m.CountryBlacklist.Enabled)
|
||||
}
|
||||
if m.CountryBlock.GeoIPDBPath != "/etc/geoip/GeoIP.dat" {
|
||||
t.Errorf("Expected GeoIP DB path to be '/etc/geoip/GeoIP.dat', got '%s'", m.CountryBlock.GeoIPDBPath)
|
||||
if m.CountryBlacklist.GeoIPDBPath != "/etc/geoip/GeoIP.dat" {
|
||||
t.Errorf("Expected GeoIP DB path to be '/etc/geoip/GeoIP.dat', got '%s'", m.CountryBlacklist.GeoIPDBPath)
|
||||
}
|
||||
if len(m.CountryBlock.CountryList) != 2 || m.CountryBlock.CountryList[0] != "US" || m.CountryBlock.CountryList[1] != "CA" {
|
||||
t.Errorf("Expected country list to be ['US', 'CA'], got %v", m.CountryBlock.CountryList)
|
||||
if len(m.CountryBlacklist.CountryList) != 2 || m.CountryBlacklist.CountryList[0] != "US" || m.CountryBlacklist.CountryList[1] != "CA" {
|
||||
t.Errorf("Expected country list to be ['US', 'CA'], got %v", m.CountryBlacklist.CountryList)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -230,11 +230,11 @@ func (m *Middleware) handlePhase(w http.ResponseWriter, r *http.Request, phase i
|
||||
zap.String("user_agent", r.UserAgent()),
|
||||
)
|
||||
|
||||
if phase == 1 && m.CountryBlock.Enabled {
|
||||
if phase == 1 && m.CountryBlacklist.Enabled {
|
||||
m.logger.Debug("Starting country blacklisting phase")
|
||||
blocked, err := m.isCountryInList(r.RemoteAddr, m.CountryBlock.CountryList, m.CountryBlock.geoIP)
|
||||
blocked, err := m.isCountryInList(r.RemoteAddr, m.CountryBlacklist.CountryList, m.CountryBlacklist.geoIP)
|
||||
if err != nil {
|
||||
m.logRequest(zapcore.ErrorLevel, "Failed to check country block",
|
||||
m.logRequest(zapcore.ErrorLevel, "Failed to check country blacklisting",
|
||||
r,
|
||||
zap.Error(err),
|
||||
)
|
||||
|
||||
@@ -71,7 +71,7 @@ func TestBlockedRequestPhase1_GeoIPBlocking(t *testing.T) {
|
||||
logger: logger,
|
||||
ipBlacklist: iptrie.NewTrie(),
|
||||
geoIPHandler: geoIPHandler,
|
||||
CountryBlock: CountryAccessFilter{
|
||||
CountryBlacklist: CountryAccessFilter{
|
||||
Enabled: true,
|
||||
CountryList: []string{"US", "RU"},
|
||||
GeoIPDBPath: geoIPdata, // Path to a test GeoIP database
|
||||
|
||||
2
types.go
2
types.go
@@ -104,7 +104,7 @@ type Middleware struct {
|
||||
IPBlacklistFile string `json:"ip_blacklist_file"`
|
||||
DNSBlacklistFile string `json:"dns_blacklist_file"`
|
||||
AnomalyThreshold int `json:"anomaly_threshold"`
|
||||
CountryBlock CountryAccessFilter `json:"country_block"`
|
||||
CountryBlacklist CountryAccessFilter `json:"country_blacklist"`
|
||||
CountryWhitelist CountryAccessFilter `json:"country_whitelist"`
|
||||
Rules map[int][]Rule `json:"-"`
|
||||
ipBlacklist *iptrie.Trie `json:"-"`
|
||||
|
||||
Reference in New Issue
Block a user