Soul’s matching strategy and WAF execution process
Matching strategy for soul
From the analysis of the previous sections, we can see that almost all plug-ins have a matching rule execution order. From the analysis of plug-ins, we can see that the specific rule matching is implemented in soul-plugin-base. In AbstractSoulPlugin file, The requirements of specific filtering rules are encapsulated in matchStrategyutils. match method, and the matching rules are obtained by the number of requirements of rules
Finally, we can see that AndMatchStrategy and OrMatchStrategy specifically realize the matching of rules
Finally, the matching strategy is realized through the code related to the policy pattern and the specific mode operation
Waf execution process
First of all, you can set two different modes in the Settings interface.
- When The Model mode is set to Black, the denial policy is implemented only for matched traffic. If the traffic does not match, the denial policy is skipped.
- When model is set to mixed mode, all traffic will pass through the WAF plug-in. Users can set whether to reject or pass different matching traffic.
In addition, from the WAF configuration interface, you can see that waF configuration is very simple, that is, whether to reject or pass the request corresponding to the above matching rules. This is pretty straightforward
As you can see above, soul’s traffic interception (firewall) implementation is straightforward. And using SPI and the strategy model,
Welcome to search attention to my public number [micro view technology], and summary of classified interview questions github.com/zhendiao/Ja…