From a1a99c4823c83c73883ac55de772041497d06ad0 Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Wed, 31 Aug 2022 10:00:55 +0800 Subject: [PATCH] =?UTF-8?q?DDoS=E9=98=B2=E6=8A=A4=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E7=A7=92=E7=BA=A7=E8=BF=9E=E6=8E=A5=E9=80=9F=E7=8E=87=E9=99=90?= =?UTF-8?q?=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../node/settings/ddos-protection/index.go | 8 +-- .../cluster/settings/ddos-protection/index.go | 8 +-- .../node-ddos-protection-config-box.js | 55 ++++++++++++------- .../ns/ns-node-ddos-protection-config-box.js | 55 ++++++++++++------- 4 files changed, 80 insertions(+), 46 deletions(-) diff --git a/internal/web/actions/default/clusters/cluster/node/settings/ddos-protection/index.go b/internal/web/actions/default/clusters/cluster/node/settings/ddos-protection/index.go index 43c79ece..a61f7eef 100644 --- a/internal/web/actions/default/clusters/cluster/node/settings/ddos-protection/index.go +++ b/internal/web/actions/default/clusters/cluster/node/settings/ddos-protection/index.go @@ -102,12 +102,12 @@ func (this *IndexAction) RunPost(params struct { this.FailField("tcpMaxConnectionsPerIP", "TCP: 单IP TCP最大连接数不能小于"+types.String(nodeconfigs.DefaultTCPMinConnectionsPerIP)) } - if tcpConfig.NewConnectionsRate > 0 && tcpConfig.NewConnectionsRate < nodeconfigs.DefaultTCPNewConnectionsMinRate { - this.FailField("tcpNewConnectionsRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinRate)) + if tcpConfig.NewConnectionsMinutelyRate > 0 && tcpConfig.NewConnectionsMinutelyRate < nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate { + this.FailField("tcpNewConnectionsMinutelyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate)) } - if tcpConfig.DenyNewConnectionsRate > 0 && tcpConfig.DenyNewConnectionsRate < nodeconfigs.DefaultTCPDenyNewConnectionsMinRate { - this.FailField("tcpDenyNewConnectionsRate", "TCP: 单IP TCP新连接速率黑名单连接速率不能小于"+types.String(nodeconfigs.DefaultTCPDenyNewConnectionsMinRate)) + if tcpConfig.NewConnectionsSecondlyRate > 0 && tcpConfig.NewConnectionsSecondlyRate < nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate { + this.FailField("tcpNewConnectionsSecondlyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate)) } // Port diff --git a/internal/web/actions/default/clusters/cluster/settings/ddos-protection/index.go b/internal/web/actions/default/clusters/cluster/settings/ddos-protection/index.go index c8213b75..5c1119f9 100644 --- a/internal/web/actions/default/clusters/cluster/settings/ddos-protection/index.go +++ b/internal/web/actions/default/clusters/cluster/settings/ddos-protection/index.go @@ -75,12 +75,12 @@ func (this *IndexAction) RunPost(params struct { this.FailField("tcpMaxConnectionsPerIP", "TCP: 单IP TCP最大连接数不能小于"+types.String(nodeconfigs.DefaultTCPMinConnectionsPerIP)) } - if tcpConfig.NewConnectionsRate > 0 && tcpConfig.NewConnectionsRate < nodeconfigs.DefaultTCPNewConnectionsMinRate { - this.FailField("tcpNewConnectionsRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinRate)) + if tcpConfig.NewConnectionsMinutelyRate > 0 && tcpConfig.NewConnectionsMinutelyRate < nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate { + this.FailField("tcpNewConnectionsMinutelyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate)) } - if tcpConfig.DenyNewConnectionsRate > 0 && tcpConfig.DenyNewConnectionsRate < nodeconfigs.DefaultTCPDenyNewConnectionsMinRate { - this.FailField("tcpDenyNewConnectionsRate", "TCP: 单IP TCP新连接速率黑名单连接速率不能小于"+types.String(nodeconfigs.DefaultTCPDenyNewConnectionsMinRate)) + if tcpConfig.NewConnectionsSecondlyRate > 0 && tcpConfig.NewConnectionsSecondlyRate < nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate { + this.FailField("tcpNewConnectionsSecondlyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate)) } // Port diff --git a/web/public/js/components/cluster/node-ddos-protection-config-box.js b/web/public/js/components/cluster/node-ddos-protection-config-box.js index 97fcc1ec..a6f0c022 100644 --- a/web/public/js/components/cluster/node-ddos-protection-config-box.js +++ b/web/public/js/components/cluster/node-ddos-protection-config-box.js @@ -10,7 +10,9 @@ Vue.component("node-ddos-protection-config-box", { maxConnections: 0, maxConnectionsPerIP: 0, newConnectionsRate: 0, - denyNewConnectionsRate: 0, + newConnectionsRateBlockTimeout: 0, + newConnectionsSecondlyRate: 0, + newConnectionSecondlyRateBlockTimeout: 0, allowIPList: [], ports: [] } @@ -25,7 +27,9 @@ Vue.component("node-ddos-protection-config-box", { maxConnections: 0, maxConnectionsPerIP: 0, newConnectionsRate: 0, - denyNewConnectionsRate: 0, + newConnectionsRateBlockTimeout: 0, + newConnectionsSecondlyRate: 0, + newConnectionSecondlyRateBlockTimeout: 0, allowIPList: [], ports: [] } @@ -82,23 +86,12 @@ Vue.component("node-ddos-protection-config-box", { - 单IP TCP新连接速率 + 单IP TCP新连接速率(分钟) -
- - 个新连接/每分钟 -
-

单个IP可以创建TCP新连接的速率。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinRate}}。

- - - - 单IP TCP新连接速率黑名单 - -
+
- 超过 - + 个新连接/每分钟
@@ -107,13 +100,37 @@ Vue.component("node-ddos-protection-config-box", {
- +
- -

单个IP可以如果在单位时间内创建的TCP连接数超过这个值,就自动加入到nftables黑名单中。如果为0,则默认为{{defaultConfigs.tcpDenyNewConnectionsRate}};最小值为{{defaultConfigs.tcpDenyNewConnectionsMinRate}};默认屏蔽{{defaultConfigs.tcpDenyNewConnectionsRateTimeout}}秒。

+ +

单个IP每分钟可以创建TCP新连接的数量。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsMinutelyRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinMinutelyRate}}。如果没有填写屏蔽时间,则只丢弃数据包。

+ + + + 单IP TCP新连接速率(秒钟) + +
+
+
+ + 个新连接/每秒钟 +
+
+
+ 屏蔽 +
+
+
+ + +
+
+
+ +

单个IP每秒钟可以创建TCP新连接的数量。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsSecondlyRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinSecondlyRate}}。如果没有填写屏蔽时间,则只丢弃数据包。

diff --git a/web/public/js/components/ns/ns-node-ddos-protection-config-box.js b/web/public/js/components/ns/ns-node-ddos-protection-config-box.js index 1a14c90b..605f420d 100644 --- a/web/public/js/components/ns/ns-node-ddos-protection-config-box.js +++ b/web/public/js/components/ns/ns-node-ddos-protection-config-box.js @@ -10,7 +10,9 @@ Vue.component("ns-node-ddos-protection-config-box", { maxConnections: 0, maxConnectionsPerIP: 0, newConnectionsRate: 0, - denyNewConnectionsRate: 0, + newConnectionsRateBlockTimeout: 0, + newConnectionsSecondlyRate: 0, + newConnectionSecondlyRateBlockTimeout: 0, allowIPList: [], ports: [] } @@ -25,7 +27,9 @@ Vue.component("ns-node-ddos-protection-config-box", { maxConnections: 0, maxConnectionsPerIP: 0, newConnectionsRate: 0, - denyNewConnectionsRate: 0, + newConnectionsRateBlockTimeout: 0, + newConnectionsSecondlyRate: 0, + newConnectionSecondlyRateBlockTimeout: 0, allowIPList: [], ports: [] } @@ -82,23 +86,12 @@ Vue.component("ns-node-ddos-protection-config-box", { - 单IP TCP新连接速率 + 单IP TCP新连接速率(分钟) -
- - 个新连接/每分钟 -
-

单个IP可以创建TCP新连接的速率。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinRate}}。

- - - - 单IP TCP新连接速率黑名单 - -
+
- 超过 - + 个新连接/每分钟
@@ -107,13 +100,37 @@ Vue.component("ns-node-ddos-protection-config-box", {
- +
- -

单个IP可以如果在单位时间内创建的TCP连接数超过这个值,就自动加入到nftables黑名单中。如果为0,则默认为{{defaultConfigs.tcpDenyNewConnectionsRate}};最小值为{{defaultConfigs.tcpDenyNewConnectionsMinRate}};默认屏蔽{{defaultConfigs.tcpDenyNewConnectionsRateTimeout}}秒。

+ +

单个IP每分钟可以创建TCP新连接的数量。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsMinutelyRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinMinutelyRate}}。如果没有填写屏蔽时间,则只丢弃数据包。

+ + + + 单IP TCP新连接速率(秒钟) + +
+
+
+ + 个新连接/每秒钟 +
+
+
+ 屏蔽 +
+
+
+ + +
+
+
+ +

单个IP每秒钟可以创建TCP新连接的数量。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsSecondlyRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinSecondlyRate}}。如果没有填写屏蔽时间,则只丢弃数据包。