mirror of
https://github.com/TeaOSLab/EdgeAdmin.git
synced 2025-11-11 18:30:25 +08:00
DDoS防护增加单IP TCP新连接速率黑名单
This commit is contained in:
GoEdgeLab
@@ -106,6 +106,10 @@ func (this *IndexAction) RunPost(params struct {
|
||||
this.FailField("tcpNewConnectionsRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinRate))
|
||||
}
|
||||
|
||||
if tcpConfig.DenyNewConnectionsRate > 0 && tcpConfig.DenyNewConnectionsRate < nodeconfigs.DefaultTCPDenyNewConnectionsMinRate {
|
||||
this.FailField("tcpDenyNewConnectionsRate", "TCP: 单IP TCP新连接速率黑名单连接速率不能小于"+types.String(nodeconfigs.DefaultTCPDenyNewConnectionsMinRate))
|
||||
}
|
||||
|
||||
// Port
|
||||
for _, portConfig := range tcpConfig.Ports {
|
||||
if portConfig.Port > 65535 {
|
||||
|
||||
@@ -79,6 +79,10 @@ func (this *IndexAction) RunPost(params struct {
|
||||
this.FailField("tcpNewConnectionsRate", "TCP: 单IP连接速率不能小于"+types.String(nodeconfigs.DefaultTCPNewConnectionsMinRate))
|
||||
}
|
||||
|
||||
if tcpConfig.DenyNewConnectionsRate > 0 && tcpConfig.DenyNewConnectionsRate < nodeconfigs.DefaultTCPDenyNewConnectionsMinRate {
|
||||
this.FailField("tcpDenyNewConnectionsRate", "TCP: 单IP TCP新连接速率黑名单连接速率不能小于"+types.String(nodeconfigs.DefaultTCPDenyNewConnectionsMinRate))
|
||||
}
|
||||
|
||||
// Port
|
||||
for _, portConfig := range tcpConfig.Ports {
|
||||
if portConfig.Port > 65535 {
|
||||
|
||||
@@ -10,6 +10,7 @@ Vue.component("node-ddos-protection-config-box", {
|
||||
maxConnections: 0,
|
||||
maxConnectionsPerIP: 0,
|
||||
newConnectionsRate: 0,
|
||||
denyNewConnectionsRate: 0,
|
||||
allowIPList: [],
|
||||
ports: []
|
||||
}
|
||||
@@ -24,6 +25,7 @@ Vue.component("node-ddos-protection-config-box", {
|
||||
maxConnections: 0,
|
||||
maxConnectionsPerIP: 0,
|
||||
newConnectionsRate: 0,
|
||||
denyNewConnectionsRate: 0,
|
||||
allowIPList: [],
|
||||
ports: []
|
||||
}
|
||||
@@ -89,6 +91,31 @@ Vue.component("node-ddos-protection-config-box", {
|
||||
<p class="comment">单个IP可以创建TCP新连接的速率。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinRate}}。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>单IP TCP新连接速率黑名单</td>
|
||||
<td>
|
||||
<div class="ui fields">
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<span class="ui label">超过</span>
|
||||
<digit-input name="tcpDenyNewConnectionsRate" v-model="config.tcp.denyNewConnectionsRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpDenyNewConnectionsMinRate"></digit-input>
|
||||
<span class="ui label">个新连接/每分钟</span>
|
||||
</div>
|
||||
</div>
|
||||
<div class="ui field" style="line-height: 2.4em">
|
||||
屏蔽
|
||||
</div>
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpDenyNewConnectionsRateTimeout" v-model="config.tcp.denyNewConnectionsRateTimeout" maxlength="6" size="6" style="width: 5em"></digit-input>
|
||||
<span class="ui label">秒</span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="comment">单个IP可以如果在单位时间内创建的TCP连接数超过这个值,就自动加入到<code-label>nftables</code-label>黑名单中。如果为0,则默认为{{defaultConfigs.tcpDenyNewConnectionsRate}};最小值为{{defaultConfigs.tcpDenyNewConnectionsMinRate}};默认屏蔽{{defaultConfigs.tcpDenyNewConnectionsRateTimeout}}秒。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>TCP端口列表</td>
|
||||
<td>
|
||||
|
||||
@@ -10,6 +10,7 @@ Vue.component("ns-node-ddos-protection-config-box", {
|
||||
maxConnections: 0,
|
||||
maxConnectionsPerIP: 0,
|
||||
newConnectionsRate: 0,
|
||||
denyNewConnectionsRate: 0,
|
||||
allowIPList: [],
|
||||
ports: []
|
||||
}
|
||||
@@ -24,6 +25,7 @@ Vue.component("ns-node-ddos-protection-config-box", {
|
||||
maxConnections: 0,
|
||||
maxConnectionsPerIP: 0,
|
||||
newConnectionsRate: 0,
|
||||
denyNewConnectionsRate: 0,
|
||||
allowIPList: [],
|
||||
ports: []
|
||||
}
|
||||
@@ -89,6 +91,31 @@ Vue.component("ns-node-ddos-protection-config-box", {
|
||||
<p class="comment">单个IP可以创建TCP新连接的速率。如果为0,则默认为{{defaultConfigs.tcpNewConnectionsRate}};最小值为{{defaultConfigs.tcpNewConnectionsMinRate}}。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>单IP TCP新连接速率黑名单</td>
|
||||
<td>
|
||||
<div class="ui fields">
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<span class="ui label">超过</span>
|
||||
<digit-input name="tcpDenyNewConnectionsRate" v-model="config.tcp.denyNewConnectionsRate" maxlength="6" size="6" style="width: 6em" :min="defaultConfigs.tcpDenyNewConnectionsMinRate"></digit-input>
|
||||
<span class="ui label">个新连接/每分钟</span>
|
||||
</div>
|
||||
</div>
|
||||
<div class="ui field" style="line-height: 2.4em">
|
||||
屏蔽
|
||||
</div>
|
||||
<div class="ui field">
|
||||
<div class="ui input right labeled">
|
||||
<digit-input name="tcpDenyNewConnectionsRateTimeout" v-model="config.tcp.denyNewConnectionsRateTimeout" maxlength="6" size="6" style="width: 5em"></digit-input>
|
||||
<span class="ui label">秒</span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p class="comment">单个IP可以如果在单位时间内创建的TCP连接数超过这个值,就自动加入到<code-label>nftables</code-label>黑名单中。如果为0,则默认为{{defaultConfigs.tcpDenyNewConnectionsRate}};最小值为{{defaultConfigs.tcpDenyNewConnectionsMinRate}};默认屏蔽{{defaultConfigs.tcpDenyNewConnectionsRateTimeout}}秒。</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>TCP端口列表</td>
|
||||
<td>
|
||||
|
||||
@@ -52,7 +52,7 @@
|
||||
<second-menu v-if="logs.length > 0">
|
||||
<a href="" class="item" @click.prevent="updatePageRead()">[本页已读]</a>
|
||||
<a href="" class="item" @click.prevent="updateAllRead()">[全部已读]</a>
|
||||
<a href="" class="item" @click.prevent="updateNodeRead(firstUnreadNode.id)" v-if="firstUnreadNode != null">["{{firstUnreadNode.name}}"已读]</a>
|
||||
<a href="" class="item" @click.prevent="updateNodeRead(firstUnreadNode.id)" v-if="firstUnreadNode != null">["{{firstUnreadNode.name}}"节点已读]</a>
|
||||
</second-menu>
|
||||
</div>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user