- Remove telemetry: disabled all phone-home (installation notify, false positives, behavior tracking, upgrade tips) - Version branding: removed 'ce-' prefix, product name changed to '长亭雷池 WAF' - Detection engine enhancement: strict preset enables all 17 modules with aggressive configs - Multi-user RBAC: admin/operator/viewer roles with password + TOTP 2FA - Rate limiting: nginx limit_req per website (RPS, burst, action) - JS Challenge: browser fingerprint verification page with cookie-based bypass - Security fixes: removed InsecureSkipVerify, hardcoded credentials, NO_AUTH backdoor
This commit is contained in:
@@ -0,0 +1,41 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/credentials/insecure"
|
||||
|
||||
"chaitin.cn/patronus/safeline-2/management/tcontrollerd/pkg/config"
|
||||
"chaitin.cn/patronus/safeline-2/management/tcontrollerd/pkg/log"
|
||||
pb "chaitin.cn/patronus/safeline-2/management/tcontrollerd/proto/website"
|
||||
)
|
||||
|
||||
var (
|
||||
logger = log.GetLogger("controller")
|
||||
)
|
||||
|
||||
func Handle() error {
|
||||
logger.Infof("Connect mgt-webserver at %s", config.GlobalConfig.MgtWebserver)
|
||||
gRPCConn, err := grpc.Dial(config.GlobalConfig.MgtWebserver, []grpc.DialOption{
|
||||
grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||
}...)
|
||||
if err != nil {
|
||||
logger.Errorf("Fail to dial: %v", err)
|
||||
return err
|
||||
}
|
||||
|
||||
wsClient := pb.NewWebsiteClient(gRPCConn)
|
||||
|
||||
defer func(conn *grpc.ClientConn) {
|
||||
err := conn.Close()
|
||||
if err != nil {
|
||||
logger.Errorf("Fail to close: %v", err)
|
||||
return
|
||||
}
|
||||
}(gRPCConn)
|
||||
|
||||
if err = websiteHandler(wsClient); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user