shukivaknin/jabali-panel
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify WAF whitelist rules

Browse Source
This commit is contained in:
root
2026-01-31 00:31:05 +02:00
parent 8bbc90106f
commit 1218b57bc5
2 changed files with 68 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
app/Filament/Admin/Pages/Waf.php
View File

@@ -125,15 +125,78 @@ class Waf extends Page implements HasForms, HasTable
->columns(2), ->columns(2),
Section::make(__('Whitelist Rules')) Section::make(__('Whitelist Rules'))
->description(__('Exclude trusted traffic from specific ModSecurity rule IDs.')) ->description(__('Exclude trusted traffic from specific ModSecurity rule IDs.'))
->headerActions([
\Filament\Actions\Action::make('addWhitelistRule')
->label(__('Add Custom Rule'))
->icon('heroicon-o-plus')
->modalHeading(__('Add Whitelist Rule'))
->form([
TextInput::make('label')
->label(__('Name'))
->placeholder(__('Example: Admin API allowlist'))
->maxLength(80),
Select::make('match_type')
->label(__('Match Type'))
->options([
'ip' => __('IP Address or CIDR'),
'uri_exact' => __('Exact URI'),
'uri_prefix' => __('URI Prefix'),
'host' => __('Host Header'),
])
->required(),
TextInput::make('match_value')
->label(__('Match Value'))
->placeholder(__('Example: 203.0.113.10 or /wp-admin/admin-ajax.php'))
->required(),
TextInput::make('rule_ids')
->label(__('Rule IDs'))
->placeholder(__('Example: 942100,949110'))
->helperText(__('Comma-separated ModSecurity rule IDs to disable for matches.'))
->required(),
])
->action(function (array $data): void {
$rules = $this->getWhitelistRules();
$rules[] = [
'label' => $data['label'] ?? null,
'match_type' => $data['match_type'] ?? '',
'match_value' => $data['match_value'] ?? '',
'rule_ids' => $data['rule_ids'] ?? '',
];
Setting::set('waf_whitelist_rules', json_encode(array_values($rules), JSON_UNESCAPED_SLASHES));
$this->wafFormData['whitelist_rules'] = $rules;
try {
$agent = new AgentClient;
$agent->wafApplySettings(
Setting::get('waf_enabled', '0') === '1',
(string) Setting::get('waf_paranoia', '1'),
Setting::get('waf_audit_log', '1') === '1',
$rules
);
} catch (Exception $e) {
Notification::make()
->title(__('Whitelist saved, but apply failed'))
->body($e->getMessage())
->warning()
->send();
}
Notification::make()
->title(__('Whitelist rule added'))
->success()
->send();
}),
])
->schema([ ->schema([
Repeater::make('whitelist_rules') Repeater::make('whitelist_rules')
->label(__('Whitelist Entries')) ->label(__('Whitelist Entries'))
->table([ ->table([
RepeaterTableColumn::make(__('Name'))->width('18%'), RepeaterTableColumn::make(__('Name'))->width('22%'),
RepeaterTableColumn::make(__('Match Type'))->width('16%'), RepeaterTableColumn::make(__('Match Type'))->width('16%'),
RepeaterTableColumn::make(__('Match Value'))->width('28%'), RepeaterTableColumn::make(__('Match Value'))->width('32%'),
RepeaterTableColumn::make(__('Rule IDs'))->width('26%'), RepeaterTableColumn::make(__('Rule IDs'))->width('30%'),
RepeaterTableColumn::make(__('Enabled'))->width('12%')->alignCenter(),
]) ])
->schema([ ->schema([
TextInput::make('label') TextInput::make('label')
@@ -158,13 +221,8 @@ class Waf extends Page implements HasForms, HasTable
->placeholder(__('Example: 942100,949110')) ->placeholder(__('Example: 942100,949110'))
->helperText(__('Comma-separated ModSecurity rule IDs to disable for matches.')) ->helperText(__('Comma-separated ModSecurity rule IDs to disable for matches.'))
->required(), ->required(),
Toggle::make('enabled')
->label(__('Enabled'))
->default(true),
]) ])
->itemLabel(fn (array $state): ?string => $state['label'] ?? $state['match_value'] ?? null)
->addActionLabel(__('Add Whitelist Rule')) ->addActionLabel(__('Add Whitelist Rule'))
->collapsible()
->columns(['default' => 2, 'md' => 2]), ->columns(['default' => 2, 'md' => 2]),
]) ])
->columns(1), ->columns(1),
@@ -275,9 +333,6 @@ class Waf extends Page implements HasForms, HasTable
if (!is_array($rule)) { if (!is_array($rule)) {
continue; continue;
} }
if (isset($rule['enabled']) && !$rule['enabled']) {
continue;
}
$idsRaw = (string) ($rule['rule_ids'] ?? ''); $idsRaw = (string) ($rule['rule_ids'] ?? '');
$ids = preg_split('/[,\s]+/', $idsRaw, -1, PREG_SPLIT_NO_EMPTY) ?: []; $ids = preg_split('/[,\s]+/', $idsRaw, -1, PREG_SPLIT_NO_EMPTY) ?: [];
@@ -311,9 +366,6 @@ class Waf extends Page implements HasForms, HasTable
if (!is_array($rule)) { if (!is_array($rule)) {
return false; return false;
} }
if (isset($rule['enabled']) && !$rule['enabled']) {
return false;
}
$ruleId = (string) ($entry['rule_id'] ?? ''); $ruleId = (string) ($entry['rule_id'] ?? '');
$uri = (string) ($entry['uri'] ?? ''); $uri = (string) ($entry['uri'] ?? '');
@@ -407,11 +459,10 @@ class Waf extends Page implements HasForms, HasTable
} }
$rules[] = [ $rules[] = [
'label' => __('Whitelist rule {rule}', ['rule' => $record['rule_id'] ?? '']), 'label' => __('Whitelist rule :rule', ['rule' => $record['rule_id'] ?? '']),
'match_type' => $matchType, 'match_type' => $matchType,
'match_value' => $matchValue, 'match_value' => $matchValue,
'rule_ids' => $record['rule_id'] ?? '', 'rule_ids' => $record['rule_id'] ?? '',
'enabled' => true,
]; ];
Setting::set('waf_whitelist_rules', json_encode(array_values($rules), JSON_UNESCAPED_SLASHES)); Setting::set('waf_whitelist_rules', json_encode(array_values($rules), JSON_UNESCAPED_SLASHES));

4
bin/jabali-agent
View File

@@ -3382,10 +3382,6 @@ function buildWafWhitelistRules(array $rules): array
continue; continue;
} }
if (isset($rule['enabled']) && !$rule['enabled']) {
continue;
}
$matchType = (string) ($rule['match_type'] ?? ''); $matchType = (string) ($rule['match_type'] ?? '');
$matchValue = trim((string) ($rule['match_value'] ?? '')); $matchValue = trim((string) ($rule['match_value'] ?? ''));
$idsRaw = (string) ($rule['rule_ids'] ?? ''); $idsRaw = (string) ($rule['rule_ids'] ?? '');