feat: HTTP FLOOD Speed Limit

add shared memory

internal/check/Captcha.go

@@ -25,7 +25,7 @@ type HCaptchaResponse struct {
 	ErrorCodes  []string `json:"error-codes"`
 }
 
-func Captcha(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision) {
+func Captcha(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision, sharedMem *dataType.SharedMemory) {
 	if !reqData.Captcha {
 		decision.Set(action.Continue)
 		return

internal/check/HTTPFlood.go

@@ -0,0 +1,35 @@
+package check
+
+import (
+	"log"
+	"server_torii/internal/action"
+	"server_torii/internal/config"
+	"server_torii/internal/dataType"
+)
+
+func HTTPFlood(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision, sharedMem *dataType.SharedMemory) {
+	ipKey := reqData.RemoteIP
+	sharedMem.HTTPFloodSpeedLimitCounter.Add(ipKey, 1)
+
+	uriKey := reqData.RemoteIP + "|" + reqData.Uri
+	sharedMem.HTTPFloodSameURILimitCounter.Add(uriKey, 1)
+
+	for window, limit := range ruleSet.HTTPFloodRule.HTTPFloodSpeedLimit {
+		if sharedMem.HTTPFloodSpeedLimitCounter.Query(ipKey, window) > limit {
+			log.Printf("HTTPFlood rate limit exceeded: IP %s, window %d, limit %d", ipKey, window, limit)
+			//decision.SetResponse(action.Done, []byte("403"), nil)
+			decision.Set(action.Continue)
+			return
+		}
+	}
+
+	for window, limit := range ruleSet.HTTPFloodRule.HTTPFloodSameURILimit {
+		if sharedMem.HTTPFloodSameURILimitCounter.Query(uriKey, window) > limit {
+			log.Printf("HTTPFlood URI rate limit exceeded: IP %s, URI %s, window %d, limit %d", ipKey, reqData.Uri, window, limit)
+			//decision.SetResponse(action.Done, []byte("403"), nil)
+			decision.Set(action.Continue)
+			return
+		}
+	}
+	decision.Set(action.Continue)
+}

internal/check/IPAllow.go

@@ -7,7 +7,7 @@ import (
 	"server_torii/internal/dataType"
 )
 
-func IPAllowList(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision) {
+func IPAllowList(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision, sharedMem *dataType.SharedMemory) {
 	remoteIP := reqData.RemoteIP
 	trie := ruleSet.IPAllowTrie
 

internal/check/IPBlock.go

@@ -7,7 +7,7 @@ import (
 	"server_torii/internal/dataType"
 )
 
-func IPBlockList(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision) {
+func IPBlockList(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision, sharedMem *dataType.SharedMemory) {
 	remoteIP := reqData.RemoteIP
 	trie := ruleSet.IPBlockTrie
 	ip := net.ParseIP(remoteIP)

internal/check/URLAllow.go

@@ -6,7 +6,7 @@ import (
 	"server_torii/internal/dataType"
 )
 
-func URLAllowList(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision) {
+func URLAllowList(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision, sharedMem *dataType.SharedMemory) {
 	url := reqData.Uri
 	list := ruleSet.URLAllowList
 	if list.Match(url) {

internal/check/URLBlock.go

@@ -6,7 +6,7 @@ import (
 	"server_torii/internal/dataType"
 )
 
-func URLBlockList(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision) {
+func URLBlockList(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision, sharedMem *dataType.SharedMemory) {
 	url := reqData.Uri
 	list := ruleSet.URLBlockList
 	if list.Match(url) {

internal/check/VerifyBot.go

@@ -9,7 +9,7 @@ import (
 	"strings"
 )
 
-func VerifyBot(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision) {
+func VerifyBot(reqData dataType.UserRequest, ruleSet *config.RuleSet, decision *action.Decision, sharedMem *dataType.SharedMemory) {
 	ua := strings.ToLower(reqData.UserAgent)
 
 	var exptractRDNS []string