Drop add_headers - headers can now be added to meta[] to be applied for any action. Consilidate Tagging in a service
This commit is contained in:
Dan Milne
@@ -9,7 +9,7 @@ class WafPolicy < ApplicationRecord
|
||||
POLICY_TYPES = %w[country asn company network_type path_pattern].freeze
|
||||
|
||||
# Actions - what to do when traffic matches this policy
|
||||
ACTIONS = %w[allow deny redirect challenge add_header].freeze
|
||||
ACTIONS = %w[allow deny redirect challenge log].freeze
|
||||
|
||||
# Associations
|
||||
belongs_to :user
|
||||
@@ -25,7 +25,6 @@ validate :targets_must_be_array
|
||||
validate :validate_targets_by_type
|
||||
validate :validate_redirect_configuration, if: :redirect_policy_action?
|
||||
validate :validate_challenge_configuration, if: :challenge_policy_action?
|
||||
validate :validate_add_header_configuration, if: :add_header_policy_action?
|
||||
|
||||
# Scopes
|
||||
scope :enabled, -> { where(enabled: true) }
|
||||
@@ -96,10 +95,6 @@ validate :targets_must_be_array
|
||||
policy_action == 'challenge'
|
||||
end
|
||||
|
||||
def add_header_policy_action?
|
||||
policy_action == 'add_header'
|
||||
end
|
||||
|
||||
# Lifecycle methods
|
||||
def active?
|
||||
enabled? && !expired?
|
||||
@@ -168,7 +163,7 @@ validate :targets_must_be_array
|
||||
priority: network_range.prefix_length
|
||||
)
|
||||
|
||||
# Handle redirect/challenge/add_header specific data
|
||||
# Handle redirect/challenge specific data
|
||||
if redirect_action? && additional_data['redirect_url']
|
||||
rule.update!(
|
||||
metadata: rule.metadata.merge(
|
||||
@@ -183,13 +178,6 @@ validate :targets_must_be_array
|
||||
challenge_message: additional_data['challenge_message']
|
||||
)
|
||||
)
|
||||
elsif add_header_action?
|
||||
rule.update!(
|
||||
metadata: rule.metadata.merge(
|
||||
header_name: additional_data['header_name'],
|
||||
header_value: additional_data['header_value']
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
rule
|
||||
@@ -224,7 +212,7 @@ validate :targets_must_be_array
|
||||
priority: 50 # Default priority for path rules
|
||||
)
|
||||
|
||||
# Handle redirect/challenge/add_header specific data
|
||||
# Handle redirect/challenge specific data
|
||||
if redirect_action? && additional_data['redirect_url']
|
||||
rule.update!(
|
||||
metadata: rule.metadata.merge(
|
||||
@@ -239,13 +227,6 @@ validate :targets_must_be_array
|
||||
challenge_message: additional_data['challenge_message']
|
||||
)
|
||||
)
|
||||
elsif add_header_action?
|
||||
rule.update!(
|
||||
metadata: rule.metadata.merge(
|
||||
header_name: additional_data['header_name'],
|
||||
header_value: additional_data['header_value']
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
rule
|
||||
@@ -365,12 +346,6 @@ validate :targets_must_be_array
|
||||
self.targets ||= []
|
||||
self.additional_data ||= {}
|
||||
self.enabled = true if enabled.nil?
|
||||
|
||||
# Set default header values for add_header action
|
||||
if add_header_policy_action?
|
||||
self.additional_data['header_name'] ||= 'X-Bot-Agent'
|
||||
self.additional_data['header_value'] ||= 'Unknown'
|
||||
end
|
||||
end
|
||||
|
||||
def targets_must_be_array
|
||||
@@ -455,15 +430,6 @@ validate :targets_must_be_array
|
||||
end
|
||||
end
|
||||
|
||||
def validate_add_header_configuration
|
||||
if additional_data['header_name'].blank?
|
||||
errors.add(:additional_data, "must include 'header_name' for add_header action")
|
||||
end
|
||||
if additional_data['header_value'].blank?
|
||||
errors.add(:additional_data, "must include 'header_value' for add_header action")
|
||||
end
|
||||
end
|
||||
|
||||
# Matching logic for different policy types
|
||||
def matches_country?(network_range)
|
||||
country = network_range.country || network_range.inherited_intelligence[:country]
|
||||
|
||||
Reference in New Issue
Block a user