-
-
Notifications
You must be signed in to change notification settings - Fork 28
Expand file tree
/
Copy pathresponse.go
More file actions
102 lines (86 loc) · 2.89 KB
/
response.go
File metadata and controls
102 lines (86 loc) · 2.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package caddywaf
import (
"bytes"
"fmt"
"net/http"
"go.uber.org/zap"
)
// allowRequest - handles request allowing
func (m *Middleware) allowRequest(state *WAFState) {
state.Blocked = false
state.StatusCode = http.StatusOK
state.ResponseWritten = false
m.incrementAllowedRequestsMetric()
}
// blockRequest handles blocking a request and logging the details.
func (m *Middleware) blockRequest(recorder http.ResponseWriter, r *http.Request, state *WAFState, statusCode int, reason, ruleID string, fields ...zap.Field) {
// CRITICAL FIX: Set these flags before any other operations
state.Blocked = true
state.StatusCode = statusCode
state.ResponseWritten = true
// CRITICAL FIX: Log at WARN level for visibility
m.logger.Warn("REQUEST BLOCKED BY WAF", append(fields,
zap.String("rule_id", ruleID),
zap.String("reason", reason),
zap.Int("status_code", statusCode),
zap.String("remote_addr", r.RemoteAddr),
zap.Int("total_score", state.TotalScore))...)
// CRITICAL FIX: Increment blocked metrics immediately
m.incrementBlockedRequestsMetric()
// Write a simple text response for blocked requests
recorder.Header().Set("Content-Type", "text/plain")
recorder.WriteHeader(statusCode)
if m.CustomResponses != nil {
m.writeCustomResponse(recorder, state.StatusCode)
} else {
message := fmt.Sprintf("Request blocked by WAF. Reason: %s", reason)
if _, err := recorder.Write([]byte(message)); err != nil {
m.logger.Error("Failed to write blocked response", zap.Error(err))
}
}
}
// responseRecorder captures the response status code, headers, and body.
type responseRecorder struct {
http.ResponseWriter
body *bytes.Buffer
statusCode int
written bool // To track if a write to the original writer has been done.
}
// NewResponseRecorder creates a new responseRecorder.
func NewResponseRecorder(w http.ResponseWriter) *responseRecorder {
return &responseRecorder{
ResponseWriter: w,
body: new(bytes.Buffer),
statusCode: 0, // Zero means not explicitly set
written: false,
}
}
// WriteHeader captures the response status code.
func (r *responseRecorder) WriteHeader(statusCode int) {
r.statusCode = statusCode
r.ResponseWriter.WriteHeader(statusCode)
}
// Header returns the response headers.
func (r *responseRecorder) Header() http.Header {
return r.ResponseWriter.Header()
}
// BodyString returns the captured response body as a string.
func (r *responseRecorder) BodyString() string {
return r.body.String()
}
// StatusCode returns the captured status code.
func (r *responseRecorder) StatusCode() int {
if r.statusCode == 0 {
return http.StatusOK
}
return r.statusCode
}
// Write captures the response body and writes to the buffer only.
func (r *responseRecorder) Write(b []byte) (int, error) {
if r.statusCode == 0 && !r.written {
r.WriteHeader(http.StatusOK) // Default to 200 if not set
}
n, err := r.body.Write(b)
r.written = true
return n, err
}