mirror of
https://github.com/TeaOSLab/EdgeAdmin.git
synced 2025-11-04 21:50:28 +08:00
DDoS防护增加秒级连接速率限制
This commit is contained in:
GoEdgeLab
@@ -102,12 +102,12 @@ func (this *IndexAction) RunPost(params struct {
|
||||
this.FailField("tcpMaxConnectionsPerIP", "TCP: 单IP TCP最大连接数不能小于"+types.String(nodeconfigs.DefaultTCPMinConnectionsPerIP))
|
||||
}
|
||||
|
||||
if tcpConfig.NewConnectionsRate > 0 && tcpConfig.NewConnectionsRate < nodeconfigs.DefaultTCPNewConnectionsMinRate {
|
||||
this.FailField("tcpNewConnectionsRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinRate))
|
||||
if tcpConfig.NewConnectionsMinutelyRate > 0 && tcpConfig.NewConnectionsMinutelyRate < nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate {
|
||||
this.FailField("tcpNewConnectionsMinutelyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate))
|
||||
}
|
||||
|
||||
if tcpConfig.DenyNewConnectionsRate > 0 && tcpConfig.DenyNewConnectionsRate < nodeconfigs.DefaultTCPDenyNewConnectionsMinRate {
|
||||
this.FailField("tcpDenyNewConnectionsRate", "TCP: 单IP TCP新连接速率黑名单连接速率不能小于"+types.String(nodeconfigs.DefaultTCPDenyNewConnectionsMinRate))
|
||||
if tcpConfig.NewConnectionsSecondlyRate > 0 && tcpConfig.NewConnectionsSecondlyRate < nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate {
|
||||
this.FailField("tcpNewConnectionsSecondlyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate))
|
||||
}
|
||||
|
||||
// Port
|
||||
|
||||
@@ -75,12 +75,12 @@ func (this *IndexAction) RunPost(params struct {
|
||||
this.FailField("tcpMaxConnectionsPerIP", "TCP: 单IP TCP最大连接数不能小于"+types.String(nodeconfigs.DefaultTCPMinConnectionsPerIP))
|
||||
}
|
||||
|
||||
if tcpConfig.NewConnectionsRate > 0 && tcpConfig.NewConnectionsRate < nodeconfigs.DefaultTCPNewConnectionsMinRate {
|
||||
this.FailField("tcpNewConnectionsRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinRate))
|
||||
if tcpConfig.NewConnectionsMinutelyRate > 0 && tcpConfig.NewConnectionsMinutelyRate < nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate {
|
||||
this.FailField("tcpNewConnectionsMinutelyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinMinutelyRate))
|
||||
}
|
||||
|
||||
if tcpConfig.DenyNewConnectionsRate > 0 && tcpConfig.DenyNewConnectionsRate < nodeconfigs.DefaultTCPDenyNewConnectionsMinRate {
|
||||
this.FailField("tcpDenyNewConnectionsRate", "TCP: 单IP TCP新连接速率黑名单连接速率不能小于"+types.String(nodeconfigs.DefaultTCPDenyNewConnectionsMinRate))
|
||||
if tcpConfig.NewConnectionsSecondlyRate > 0 && tcpConfig.NewConnectionsSecondlyRate < nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate {
|
||||
this.FailField("tcpNewConnectionsSecondlyRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinSecondlyRate))
|
||||
}
|
||||
|
||||
// Port
|
||||
|
||||
@@ -10,7 +10,9 @@ Vue.component("node-ddos-protection-config-box", {
|
||||
maxConnections: 0,
|
||||
maxConnectionsPerIP: 0,
|
||||
newConnectionsRate: 0,
|
||||
denyNewConnectionsRate: 0,
|
||||
newConnectionsRateBlockTimeout: 0,
|
||||
newConnectionsSecondlyRate: 0,
|
||||
newConnectionSecondlyRateBlockTimeout: 0,
|
||||
allowIPList: [],
|
||||
ports: []
|
||||
}
|
||||
@@ -25,7 +27,9 @@ Vue.component("node-ddos-protection-config-box", {
|
||||
maxConnections: 0,
|
||||
maxConnectionsPerIP: 0,
|
||||
newConnectionsRate: 0,
|
||||
denyNewConnectionsRate: 0,
|
||||
newConnectionsRateBlockTimeout: 0,
|
||||
newConnectionsSecondlyRate: 0,
|
||||
newConnectionSecondlyRateBlockTimeout: 0,
|
||||
allowIPList: [],
|
||||
ports: []
|
||||
}
|
||||
@@ -82,23 +86,12 @@ Vue.component("node-ddos-protection-config-box", {
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>单IP TCP新连接速率</td>
|
||||
<td>单IP TCP新连接速率<em>(分钟)</em></td>
|
||||
<td>
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpNewConnectionsRate" v-model="config.tcp.newConnectionsRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpNewConnectionsMinRate"></digit-input>
|
||||
<span class="ui label">个新连接/每分钟</span>
|
||||
</div>
|
||||
<p class="comment">单个IP可以创建TCP新连接的速率。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinRate}}。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>单IP TCP新连接速率黑名单</td>
|
||||
<td>
|
||||
<div class="ui fields">
|
||||
<div class="ui fields inline">
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<span class="ui label">超过</span>
|
||||
<digit-input name="tcpDenyNewConnectionsRate" v-model="config.tcp.denyNewConnectionsRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpDenyNewConnectionsMinRate"></digit-input>
|
||||
<digit-input name="tcpNewConnectionsRate" v-model="config.tcp.newConnectionsRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpNewConnectionsMinRate"></digit-input>
|
||||
<span class="ui label">个新连接/每分钟</span>
|
||||
</div>
|
||||
</div>
|
||||
@@ -107,13 +100,37 @@ Vue.component("node-ddos-protection-config-box", {
|
||||
</div>
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpDenyNewConnectionsRateTimeout" v-model="config.tcp.denyNewConnectionsRateTimeout" maxlength="6" size="6" style="width: 5em"></digit-input>
|
||||
<digit-input name="tcpNewConnectionsRateBlockTimeout" v-model="config.tcp.newConnectionsRateBlockTimeout" maxlength="6" size="6" style="width: 5em"></digit-input>
|
||||
<span class="ui label">秒</span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="comment">单个IP可以如果在单位时间内创建的TCP连接数超过这个值,就自动加入到<code-label>nftables</code-label>黑名单中。如果为0,则默认为{{defaultConfigs.tcpDenyNewConnectionsRate}};最小值为{{defaultConfigs.tcpDenyNewConnectionsMinRate}};默认屏蔽{{defaultConfigs.tcpDenyNewConnectionsRateTimeout}}秒。</p>
|
||||
<p class="comment">单个IP每分钟可以创建TCP新连接的数量。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsMinutelyRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinMinutelyRate}}。如果没有填写屏蔽时间,则只丢弃数据包。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>单IP TCP新连接速率<em>(秒钟)</em></td>
|
||||
<td>
|
||||
<div class="ui fields inline">
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpNewConnectionsSecondlyRate" v-model="config.tcp.newConnectionsSecondlyRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpNewConnectionsMinRate"></digit-input>
|
||||
<span class="ui label">个新连接/每秒钟</span>
|
||||
</div>
|
||||
</div>
|
||||
<div class="ui field" style="line-height: 2.4em">
|
||||
屏蔽
|
||||
</div>
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpNewConnectionsSecondlyRateBlockTimeout" v-model="config.tcp.newConnectionsSecondlyRateBlockTimeout" maxlength="6" size="6" style="width: 5em"></digit-input>
|
||||
<span class="ui label">秒</span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="comment">单个IP每秒钟可以创建TCP新连接的数量。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsSecondlyRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinSecondlyRate}}。如果没有填写屏蔽时间,则只丢弃数据包。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
||||
@@ -10,7 +10,9 @@ Vue.component("ns-node-ddos-protection-config-box", {
|
||||
maxConnections: 0,
|
||||
maxConnectionsPerIP: 0,
|
||||
newConnectionsRate: 0,
|
||||
denyNewConnectionsRate: 0,
|
||||
newConnectionsRateBlockTimeout: 0,
|
||||
newConnectionsSecondlyRate: 0,
|
||||
newConnectionSecondlyRateBlockTimeout: 0,
|
||||
allowIPList: [],
|
||||
ports: []
|
||||
}
|
||||
@@ -25,7 +27,9 @@ Vue.component("ns-node-ddos-protection-config-box", {
|
||||
maxConnections: 0,
|
||||
maxConnectionsPerIP: 0,
|
||||
newConnectionsRate: 0,
|
||||
denyNewConnectionsRate: 0,
|
||||
newConnectionsRateBlockTimeout: 0,
|
||||
newConnectionsSecondlyRate: 0,
|
||||
newConnectionSecondlyRateBlockTimeout: 0,
|
||||
allowIPList: [],
|
||||
ports: []
|
||||
}
|
||||
@@ -82,23 +86,12 @@ Vue.component("ns-node-ddos-protection-config-box", {
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>单IP TCP新连接速率</td>
|
||||
<td>单IP TCP新连接速率<em>(分钟)</em></td>
|
||||
<td>
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpNewConnectionsRate" v-model="config.tcp.newConnectionsRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpNewConnectionsMinRate"></digit-input>
|
||||
<span class="ui label">个新连接/每分钟</span>
|
||||
</div>
|
||||
<p class="comment">单个IP可以创建TCP新连接的速率。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinRate}}。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>单IP TCP新连接速率黑名单</td>
|
||||
<td>
|
||||
<div class="ui fields">
|
||||
<div class="ui fields inline">
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<span class="ui label">超过</span>
|
||||
<digit-input name="tcpDenyNewConnectionsRate" v-model="config.tcp.denyNewConnectionsRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpDenyNewConnectionsMinRate"></digit-input>
|
||||
<digit-input name="tcpNewConnectionsRate" v-model="config.tcp.newConnectionsRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpNewConnectionsMinRate"></digit-input>
|
||||
<span class="ui label">个新连接/每分钟</span>
|
||||
</div>
|
||||
</div>
|
||||
@@ -107,13 +100,37 @@ Vue.component("ns-node-ddos-protection-config-box", {
|
||||
</div>
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpDenyNewConnectionsRateTimeout" v-model="config.tcp.denyNewConnectionsRateTimeout" maxlength="6" size="6" style="width: 5em"></digit-input>
|
||||
<digit-input name="tcpNewConnectionsRateBlockTimeout" v-model="config.tcp.newConnectionsRateBlockTimeout" maxlength="6" size="6" style="width: 5em"></digit-input>
|
||||
<span class="ui label">秒</span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="comment">单个IP可以如果在单位时间内创建的TCP连接数超过这个值,就自动加入到<code-label>nftables</code-label>黑名单中。如果为0,则默认为{{defaultConfigs.tcpDenyNewConnectionsRate}};最小值为{{defaultConfigs.tcpDenyNewConnectionsMinRate}};默认屏蔽{{defaultConfigs.tcpDenyNewConnectionsRateTimeout}}秒。</p>
|
||||
<p class="comment">单个IP每分钟可以创建TCP新连接的数量。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsMinutelyRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinMinutelyRate}}。如果没有填写屏蔽时间,则只丢弃数据包。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>单IP TCP新连接速率<em>(秒钟)</em></td>
|
||||
<td>
|
||||
<div class="ui fields inline">
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpNewConnectionsSecondlyRate" v-model="config.tcp.newConnectionsSecondlyRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpNewConnectionsMinRate"></digit-input>
|
||||
<span class="ui label">个新连接/每秒钟</span>
|
||||
</div>
|
||||
</div>
|
||||
<div class="ui field" style="line-height: 2.4em">
|
||||
屏蔽
|
||||
</div>
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpNewConnectionsSecondlyRateBlockTimeout" v-model="config.tcp.newConnectionsSecondlyRateBlockTimeout" maxlength="6" size="6" style="width: 5em"></digit-input>
|
||||
<span class="ui label">秒</span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="comment">单个IP每秒钟可以创建TCP新连接的数量。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsSecondlyRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinSecondlyRate}}。如果没有填写屏蔽时间,则只丢弃数据包。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
||||
Reference in New Issue
Block a user