remove redundant code from CC check and let it go directly when CC po…

…licy is OK_PASS
Janusec · Mar 20, 2022 · 2d83534 · 2d83534
1 parent b33ab0a
commit 2d83534
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 6 deletions.
diff --git a/firewall/cc.go b/firewall/cc.go
@@ -110,15 +110,10 @@ func GetCCPolicyRespByAppID(appID int64) (*models.CCPolicy, error) {
 
 // IsCCAttack to judge a request is CC attack, return IsCC, CCPolicy, ClientID, NeedLog
 func IsCCAttack(r *http.Request, app *models.Application, srcIP string) (bool, *models.CCPolicy, string, bool) {
-	isCC := false
 	ccPolicy := GetCCPolicyByAppID(app.ID)
-	if !ccPolicy.IsEnabled {
+	if !ccPolicy.IsEnabled || ccPolicy.Action == models.Action_Pass_400 {
 		return false, nil, "", false
 	}
-	if isCC {
-		clientID := data.SHA256Hash(srcIP)
-		return isCC, ccPolicy, clientID, false
-	}
 	ccAppID := app.ID
 	if ccPolicy.AppID == 0 {
 		ccAppID = 0 // Important: stat within general policy

diff --git a/gateway/gateway.go b/gateway/gateway.go
@@ -186,6 +186,8 @@ func ReverseHandlerFunc(w http.ResponseWriter, r *http.Request) {
 				captchaURL := CaptchaEntrance + "?id=" + hitInfo.ClientID
 				http.Redirect(w, r, captchaURL, http.StatusFound)
 				return
+			default:
+				// models.Action_Pass_400 do nothing
 			}
 		}
 	}