buyfakett/server_torii
1
0
Fork 0
mirror of https://github.com/Rayzggz/server_torii.git synced 2025-06-21 14:31:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: Block HTTP FLOOD

Browse Source
This commit is contained in:
Roi Feng
2025-04-24 21:02:19 -04:00
parent 5fe6db509d
commit 1a977b2bce
2 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/check/HTTPFlood.go
View File

@ -17,8 +17,7 @@ func HTTPFlood(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *
for window, limit := range ruleSet.HTTPFloodRule.HTTPFloodSpeedLimit { for window, limit := range ruleSet.HTTPFloodRule.HTTPFloodSpeedLimit {
if sharedMem.HTTPFloodSpeedLimitCounter.Query(ipKey, window) > limit { if sharedMem.HTTPFloodSpeedLimitCounter.Query(ipKey, window) > limit {
log.Printf("HTTPFlood rate limit exceeded: IP %s, window %d, limit %d", ipKey, window, limit) log.Printf("HTTPFlood rate limit exceeded: IP %s, window %d, limit %d", ipKey, window, limit)
//decision.SetResponse(action.Done, []byte("403"), nil) decision.SetCode(action.Done, []byte("429"))
decision.Set(action.Continue)
return return
} }
} }
@ -26,8 +25,7 @@ func HTTPFlood(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *
for window, limit := range ruleSet.HTTPFloodRule.HTTPFloodSameURILimit { for window, limit := range ruleSet.HTTPFloodRule.HTTPFloodSameURILimit {
if sharedMem.HTTPFloodSameURILimitCounter.Query(uriKey, window) > limit { if sharedMem.HTTPFloodSameURILimitCounter.Query(uriKey, window) > limit {
log.Printf("HTTPFlood URI rate limit exceeded: IP %s, URI %s, window %d, limit %d", ipKey, reqData.Uri, window, limit) log.Printf("HTTPFlood URI rate limit exceeded: IP %s, URI %s, window %d, limit %d", ipKey, reqData.Uri, window, limit)
//decision.SetResponse(action.Done, []byte("403"), nil) decision.SetCode(action.Done, []byte("429"))
decision.Set(action.Continue)
return return
} }
} }

24
internal/server/checker.go
View File

@ -81,6 +81,30 @@ func CheckMain(w http.ResponseWriter, userRequestData dataType.UserRequest, rule
return return
} }
} else if bytes.Compare(decision.HTTPCode, []byte("429")) == 0 {
tpl, err := template.ParseFiles(cfg.ErrorPage + "/429.html")
if err != nil {
log.Printf("Error template: %v", err)
http.Error(w, "500 - Internal Server Error", http.StatusInternalServerError)
return
}
data := struct {
EdgeTag string
ConnectIP string
Date string
}{
EdgeTag: cfg.NodeName,
ConnectIP: userRequestData.RemoteIP,
Date: time.Now().Format("2006-01-02 15:04:05"),
}
w.WriteHeader(http.StatusTooManyRequests)
w.Header().Set("Content-Type", "text/html; charset=utf-8")
if err = tpl.Execute(w, data); err != nil {
log.Printf("Error template: %v", err)
http.Error(w, "500 - Internal Server Error", http.StatusInternalServerError)
return
}
} else { } else {
//should never happen //should never happen
log.Printf("Error access in wrong state: %v", decision) log.Printf("Error access in wrong state: %v", decision)