-
Notifications
You must be signed in to change notification settings - Fork 22
/
http_request_referers.go
78 lines (63 loc) · 2.13 KB
/
http_request_referers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
package nodes
import (
"net/http"
"net/url"
)
func (this *HTTPRequest) doCheckReferers() (shouldStop bool) {
if this.web.Referers == nil {
return
}
// 检查URL
if !this.web.Referers.MatchURL(this.URL()) {
return
}
var origin = this.RawReq.Header.Get("Origin")
const cacheSeconds = "3600" // 时间不能过长,防止修改设置后长期无法生效
// 处理用到Origin的特殊功能
if this.web.Referers.CheckOrigin && len(origin) > 0 {
// 处理Websocket
if this.web.Websocket != nil && this.web.Websocket.IsOn && this.RawReq.Header.Get("Upgrade") == "websocket" {
originHost, _ := httpParseHost(origin)
if len(originHost) > 0 && this.web.Websocket.MatchOrigin(originHost) {
return
}
}
}
var refererURL = this.RawReq.Header.Get("Referer")
if len(refererURL) == 0 && this.web.Referers.CheckOrigin {
if len(origin) > 0 && origin != "null" {
if urlSchemeRegexp.MatchString(origin) {
refererURL = origin
} else {
refererURL = "https://" + origin
}
}
}
if len(refererURL) == 0 {
if this.web.Referers.MatchDomain(this.ReqHost, "") {
return
}
this.tags = append(this.tags, "refererCheck")
this.writer.Header().Set("Cache-Control", "max-age="+cacheSeconds)
this.writeCode(http.StatusForbidden, "The referer has been blocked.", "当前访问已被防盗链系统拦截。")
return true
}
u, err := url.Parse(refererURL)
if err != nil {
if this.web.Referers.MatchDomain(this.ReqHost, "") {
return
}
this.tags = append(this.tags, "refererCheck")
this.writer.Header().Set("Cache-Control", "max-age="+cacheSeconds)
this.writeCode(http.StatusForbidden, "The referer has been blocked.", "当前访问已被防盗链系统拦截。")
return true
}
if !this.web.Referers.MatchDomain(this.ReqHost, u.Host) {
this.tags = append(this.tags, "refererCheck")
this.writer.Header().Set("Cache-Control", "max-age="+cacheSeconds)
this.writeCode(http.StatusForbidden, "The referer has been blocked.", "当前访问已被防盗链系统拦截。")
return true
}
return
}