TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-11-08 16:00:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

调整CC2参数,增加单IP请求数限制

Browse Source
This commit is contained in:
刘祥超
2021-09-23 15:01:12 +08:00
parent 6b33fb52e0
commit 16c729085e
1 changed files with 59 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
pkg/serverconfigs/firewallconfigs/http_firewall_template.go
View File

@@ -445,8 +445,8 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
{ {
set := &HTTPFirewallRuleSet{} set := &HTTPFirewallRuleSet{}
set.IsOn = true set.IsOn = true
set.Name = "CC请求数" set.Name = "CC单URL请求数"
set.Description = "限制单IP在一定时间内的请求数" set.Description = "限制单IP在一定时间内对单URL的请求数"
set.Code = "8001" set.Code = "8001"
set.Connector = HTTPFirewallRuleConnectorAnd set.Connector = HTTPFirewallRuleConnectorAnd
set.Actions = []*HTTPFirewallActionConfig{ set.Actions = []*HTTPFirewallActionConfig{
@@ -458,11 +458,66 @@ func HTTPFirewallTemplate() *HTTPFirewallPolicy {
IsOn: true, IsOn: true,
Param: "${cc2}", Param: "${cc2}",
Operator: HTTPFirewallRuleOperatorGt, Operator: HTTPFirewallRuleOperatorGt,
Value: "1000", Value: "120",
CheckpointOptions: map[string]interface{}{ CheckpointOptions: map[string]interface{}{
"keys": []string{"${remoteAddr}", "${requestPath}"}, "keys": []string{"${remoteAddr}", "${requestPath}"},
"period": "60", "period": "60",
"threshold": 1000, "threshold": 120,
},
IsCaseInsensitive: false,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorNotIPRange,
Value: `127.0.0.1/8`,
IsCaseInsensitive: false,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorNotIPRange,
Value: `192.168.0.1/16`,
IsCaseInsensitive: false,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorNotIPRange,
Value: `10.0.0.1/8`,
IsCaseInsensitive: false,
})
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${remoteAddr}",
Operator: HTTPFirewallRuleOperatorNotIPRange,
Value: `172.16.0.1/12`,
IsCaseInsensitive: false,
})
group.AddRuleSet(set)
}
{
set := &HTTPFirewallRuleSet{}
set.IsOn = true
set.Name = "CC请求数"
set.Description = "限制单IP在一定时间内的总体请求数"
set.Code = "8001"
set.Connector = HTTPFirewallRuleConnectorAnd
set.Actions = []*HTTPFirewallActionConfig{
{
Code: HTTPFirewallActionBlock,
},
}
set.AddRule(&HTTPFirewallRule{
IsOn: true,
Param: "${cc2}",
Operator: HTTPFirewallRuleOperatorGt,
Value: "1200",
CheckpointOptions: map[string]interface{}{
"keys": []string{"${remoteAddr}"},
"period": "60",
"threshold": 1200,
}, },
IsCaseInsensitive: false, IsCaseInsensitive: false,
}) })