diff --git a/internal/web/actions/default/servers/components/waf/policy.go b/internal/web/actions/default/servers/components/waf/policy.go index a227c5cf..bfe29666 100644 --- a/internal/web/actions/default/servers/components/waf/policy.go +++ b/internal/web/actions/default/servers/components/waf/policy.go @@ -84,6 +84,7 @@ func (this *PolicyAction) RunGet(params struct { if len(firewallPolicy.Mode) == 0 { firewallPolicy.Mode = firewallconfigs.FirewallModeDefend } + this.Data["firewallPolicy"] = maps.Map{ "id": firewallPolicy.Id, "name": firewallPolicy.Name, @@ -94,6 +95,7 @@ func (this *PolicyAction) RunGet(params struct { "groups": internalGroups, "blockOptions": firewallPolicy.BlockOptions, "useLocalFirewall": firewallPolicy.UseLocalFirewall, + "synFlood": firewallPolicy.SYNFlood, } // 正在使用此策略的集群 diff --git a/internal/web/actions/default/servers/components/waf/update.go b/internal/web/actions/default/servers/components/waf/update.go index de7954af..dc9fe16a 100644 --- a/internal/web/actions/default/servers/components/waf/update.go +++ b/internal/web/actions/default/servers/components/waf/update.go @@ -48,6 +48,16 @@ func (this *UpdateAction) RunGet(params struct { } this.Data["modes"] = firewallconfigs.FindAllFirewallModes() + // syn flood + if firewallPolicy.SYNFlood == nil { + firewallPolicy.SYNFlood = &firewallconfigs.SYNFloodConfig{ + IsOn: false, + MinAttempts: 10, + TimeoutSeconds: 600, + IgnoreLocal: true, + } + } + this.Data["firewallPolicy"] = maps.Map{ "id": firewallPolicy.Id, "name": firewallPolicy.Name, @@ -56,6 +66,7 @@ func (this *UpdateAction) RunGet(params struct { "mode": firewallPolicy.Mode, "blockOptions": firewallPolicy.BlockOptions, "useLocalFirewall": firewallPolicy.UseLocalFirewall, + "synFloodConfig": firewallPolicy.SYNFlood, } // 预置分组 @@ -89,6 +100,7 @@ func (this *UpdateAction) RunPost(params struct { IsOn bool Mode string UseLocalFirewall bool + SynFloodJSON []byte Must *actions.Must }) { @@ -115,6 +127,7 @@ func (this *UpdateAction) RunPost(params struct { BlockOptionsJSON: params.BlockOptionsJSON, Mode: params.Mode, UseLocalFirewall: params.UseLocalFirewall, + SynFloodJSON: params.SynFloodJSON, }) if err != nil { this.ErrorPage(err) diff --git a/internal/web/actions/default/servers/init.go b/internal/web/actions/default/servers/init.go index ad09c24c..0425486e 100644 --- a/internal/web/actions/default/servers/init.go +++ b/internal/web/actions/default/servers/init.go @@ -10,6 +10,7 @@ import ( func init() { TeaGo.BeforeStart(func(server *TeaGo.Server) { server. + Data("teaMenu", "servers"). Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)). Helper(NewHelper()). Prefix("/servers"). diff --git a/internal/web/actions/default/servers/iplists/index.go b/internal/web/actions/default/servers/iplists/index.go index feb30386..cbc6e91f 100644 --- a/internal/web/actions/default/servers/iplists/index.go +++ b/internal/web/actions/default/servers/iplists/index.go @@ -133,6 +133,16 @@ func (this *IndexAction) RunGet(params struct { } } + // node + var sourceNodeMap = maps.Map{"id": 0} + if item.SourceNode != nil && item.SourceNode.NodeCluster != nil { + sourceNodeMap = maps.Map{ + "id": item.SourceNode.Id, + "name": item.SourceNode.Name, + "clusterId": item.SourceNode.NodeCluster.Id, + } + } + itemMaps = append(itemMaps, maps.Map{ "id": item.Id, "ipFrom": item.IpFrom, @@ -149,6 +159,7 @@ func (this *IndexAction) RunGet(params struct { "sourceGroup": sourceGroupMap, "sourceSet": sourceSetMap, "sourceServer": sourceServerMap, + "sourceNode": sourceNodeMap, "list": listMap, "policy": policyMap, }) diff --git a/web/public/js/components/iplist/ip-list-table.js b/web/public/js/components/iplist/ip-list-table.js index 5cf284ff..0c757c51 100644 --- a/web/public/js/components/iplist/ip-list-table.js +++ b/web/public/js/components/iplist/ip-list-table.js @@ -172,6 +172,9 @@ Vue.component("ip-list-table", { {{item.sourcePolicy.name}} » {{item.sourceGroup.name}} » {{item.sourceSet.name}} {{item.sourcePolicy.name}} » {{item.sourceGroup.name}} » {{item.sourceSet.name}} +
+ {{item.sourceNode.name}} +
日志   diff --git a/web/public/js/components/server/firewall-syn-flood-config-box.js b/web/public/js/components/server/firewall-syn-flood-config-box.js new file mode 100644 index 00000000..1044af42 --- /dev/null +++ b/web/public/js/components/server/firewall-syn-flood-config-box.js @@ -0,0 +1,92 @@ +Vue.component("firewall-syn-flood-config-box", { + props: ["v-syn-flood-config"], + data: function () { + let config = this.vSynFloodConfig + if (config == null) { + config = { + isOn: false, + minAttempts: 10, + timeoutSeconds: 600, + ignoreLocal: true + } + } + return { + config: config, + isEditing: false, + minAttempts: config.minAttempts, + timeoutSeconds: config.timeoutSeconds + } + }, + methods: { + edit: function () { + this.isEditing = !this.isEditing + } + }, + watch: { + minAttempts: function (v) { + let count = parseInt(v) + if (isNaN(count)) { + count = 10 + } + if (count < 3) { + count = 3 + } + this.config.minAttempts = count + }, + timeoutSeconds: function (v) { + let seconds = parseInt(v) + if (isNaN(seconds)) { + seconds = 10 + } + if (seconds < 60) { + seconds = 60 + } + this.config.timeoutSeconds = seconds + } + }, + template: `
+ + + + 已启用 / 空连接次数:{{config.minAttempts}}次/分钟 / 封禁时间:{{config.timeoutSeconds}}秒 / 忽略局域网访问 + + 未启用 + + + + + + + + + + + + + + + + + + + + +
是否启用 + +

启用后,WAF将会尝试自动检测并阻止SYN Flood攻击。此功能需要节点已安装并启用Firewalld。

+
空连接次数 +
+ + 次/分钟 +
+

超过此数字的"空连接"将被视为SYN Flood攻击,为了防止误判,此数值默认不小于3。

+
封禁时间 +
+ + +
+
忽略局域网访问 + +
+
` +}) \ No newline at end of file diff --git a/web/public/js/components/server/http-firewall-block-options.js b/web/public/js/components/server/http-firewall-block-options.js index 6198cba4..3ff7b0bb 100644 --- a/web/public/js/components/server/http-firewall-block-options.js +++ b/web/public/js/components/server/http-firewall-block-options.js @@ -4,7 +4,8 @@ Vue.component("http-firewall-block-options", { return { blockOptions: this.vBlockOptions, statusCode: this.vBlockOptions.statusCode, - timeout: this.vBlockOptions.timeout + timeout: this.vBlockOptions.timeout, + isEditing: false } }, watch: { @@ -25,9 +26,15 @@ Vue.component("http-firewall-block-options", { } } }, + methods: { + edit: function () { + this.isEditing = !this.isEditing + } + }, template: `
- - + + 状态码:{{statusCode}} / 提示内容:[{{blockOptions.body.length}}字符][无] / 超时时间:{{timeout}}秒 +
+ + + + + + + + - - - - - - - - + + + + + + + +
状态码 diff --git a/web/views/@default/servers/components/waf/policy.html b/web/views/@default/servers/components/waf/policy.html index 66ab51ed..dfbff4de 100644 --- a/web/views/@default/servers/components/waf/policy.html +++ b/web/views/@default/servers/components/waf/policy.html @@ -59,6 +59,39 @@

可以在合适的时候自动使用系统自带防火墙进行防御。
SYN Flood防御 + 未启用 + + + + + + + + + + + + + + + + + +
是否启用 + 启用 +
空连接次数 + {{firewallPolicy.synFlood.minAttempts}}次/分钟 +
封禁时间 + {{firewallPolicy.synFlood.timeoutSeconds}}秒 +
忽略局域网访问 + Y + N +
+
描述 diff --git a/web/views/@default/servers/components/waf/update.html b/web/views/@default/servers/components/waf/update.html index 50bc0d69..8a13feab 100644 --- a/web/views/@default/servers/components/waf/update.html +++ b/web/views/@default/servers/components/waf/update.html @@ -43,26 +43,32 @@

开启后,可以在合适的时候自动使用系统自带防火墙进行防御。

SYN Flood防御 + +
描述 - -
是否启用 -
- - -
-
描述 + +
是否启用 +
+ + +
+