TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-12-02 14:00:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

计算CC的时候不再跨时间范围累积

Browse Source
This commit is contained in:
刘祥超
2022-05-12 21:48:33 +08:00
parent 84a5d38b0b
commit 45620dcdb7
7 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/nodes/client_conn.go
View File

@@ -137,7 +137,7 @@ func (this *ClientConn) increaseSYNFlood(synFloodConfig *firewallconfigs.SYNFloo
var ip = this.RawIP() var ip = this.RawIP()
if len(ip) > 0 && !iplibrary.IsInWhiteList(ip) && (!synFloodConfig.IgnoreLocal || !utils.IsLocalIP(ip)) { if len(ip) > 0 && !iplibrary.IsInWhiteList(ip) && (!synFloodConfig.IgnoreLocal || !utils.IsLocalIP(ip)) {
var timestamp = utils.NextMinuteUnixTime() var timestamp = utils.NextMinuteUnixTime()
var result = ttlcache.SharedCache.IncreaseInt64("SYN_FLOOD:"+ip, 1, timestamp) var result = ttlcache.SharedCache.IncreaseInt64("SYN_FLOOD:"+ip, 1, timestamp, true)
var minAttempts = synFloodConfig.MinAttempts var minAttempts = synFloodConfig.MinAttempts
if minAttempts < 5 { if minAttempts < 5 {
minAttempts = 5 minAttempts = 5

4
internal/ttlcache/cache.go
View File

@@ -91,7 +91,7 @@ func (this *Cache) Write(key string, value interface{}, expiredAt int64) (ok boo
}) })
} }
func (this *Cache) IncreaseInt64(key string, delta int64, expiredAt int64) int64 { func (this *Cache) IncreaseInt64(key string, delta int64, expiredAt int64, extend bool) int64 {
if this.isDestroyed { if this.isDestroyed {
return 0 return 0
} }
@@ -107,7 +107,7 @@ func (this *Cache) IncreaseInt64(key string, delta int64, expiredAt int64) int64
} }
uint64Key := HashKey([]byte(key)) uint64Key := HashKey([]byte(key))
pieceIndex := uint64Key % this.countPieces pieceIndex := uint64Key % this.countPieces
return this.pieces[pieceIndex].IncreaseInt64(uint64Key, delta, expiredAt) return this.pieces[pieceIndex].IncreaseInt64(uint64Key, delta, expiredAt, extend)
} }
func (this *Cache) Read(key string) (item *Item) { func (this *Cache) Read(key string) (item *Item) {

6
internal/ttlcache/cache_test.go
View File

@@ -65,14 +65,14 @@ func TestCache_IncreaseInt64(t *testing.T) {
var unixTime = time.Now().Unix() var unixTime = time.Now().Unix()
{ {
cache.IncreaseInt64("a", 1, unixTime+3600) cache.IncreaseInt64("a", 1, unixTime+3600, false)
var item = cache.Read("a") var item = cache.Read("a")
t.Log(item) t.Log(item)
a.IsTrue(item.Value == int64(1)) a.IsTrue(item.Value == int64(1))
a.IsTrue(item.expiredAt == unixTime+3600) a.IsTrue(item.expiredAt == unixTime+3600)
} }
{ {
cache.IncreaseInt64("a", 1, unixTime+3600+1) cache.IncreaseInt64("a", 1, unixTime+3600+1, true)
var item = cache.Read("a") var item = cache.Read("a")
t.Log(item) t.Log(item)
a.IsTrue(item.Value == int64(2)) a.IsTrue(item.Value == int64(2))
@@ -83,7 +83,7 @@ func TestCache_IncreaseInt64(t *testing.T) {
t.Log(cache.Read("b")) t.Log(cache.Read("b"))
} }
{ {
cache.IncreaseInt64("b", 1, time.Now().Unix()+3600+3) cache.IncreaseInt64("b", 1, time.Now().Unix()+3600+3, false)
t.Log(cache.Read("b")) t.Log(cache.Read("b"))
} }
} }

4
internal/ttlcache/piece.go
View File

@@ -39,13 +39,15 @@ func (this *Piece) Add(key uint64, item *Item) (ok bool) {
return true return true
} }
func (this *Piece) IncreaseInt64(key uint64, delta int64, expiredAt int64) (result int64) { func (this *Piece) IncreaseInt64(key uint64, delta int64, expiredAt int64, extend bool) (result int64) {
this.locker.Lock() this.locker.Lock()
item, ok := this.m[key] item, ok := this.m[key]
if ok && item.expiredAt > time.Now().Unix() { if ok && item.expiredAt > time.Now().Unix() {
result = types.Int64(item.Value) + delta result = types.Int64(item.Value) + delta
item.Value = result item.Value = result
if extend {
item.expiredAt = expiredAt item.expiredAt = expiredAt
}
this.expiresList.Add(key, expiredAt) this.expiresList.Add(key, expiredAt)
} else { } else {
if len(this.m) < this.maxItems { if len(this.m) < this.maxItems {

2
internal/waf/captcha_validator.go
View File

@@ -167,7 +167,7 @@ func (this *CaptchaValidator) validate(actionConfig *CaptchaAction, maxFails int
} else { } else {
// 增加计数 // 增加计数
if maxFails > 0 && failBlockTimeout > 0 { if maxFails > 0 && failBlockTimeout > 0 {
var countFails = ttlcache.SharedCache.IncreaseInt64("CAPTCHA:FAILS:"+request.WAFRemoteIP(), 1, time.Now().Unix()+300) var countFails = ttlcache.SharedCache.IncreaseInt64("CAPTCHA:FAILS:"+request.WAFRemoteIP(), 1, time.Now().Unix()+300, true)
if int(countFails) >= maxFails { if int(countFails) >= maxFails {
SharedIPBlackList.RecordIP(IPTypeAll, firewallconfigs.FirewallScopeService, request.WAFServerId(), request.WAFRemoteIP(), time.Now().Unix()+int64(failBlockTimeout), policyId, false, groupId, setId, "CAPTCHA验证连续失败") SharedIPBlackList.RecordIP(IPTypeAll, firewallconfigs.FirewallScopeService, request.WAFServerId(), request.WAFRemoteIP(), time.Now().Unix()+int64(failBlockTimeout), policyId, false, groupId, setId, "CAPTCHA验证连续失败")
return false return false

2
internal/waf/checkpoints/cc.go
View File

@@ -114,7 +114,7 @@ func (this *CCCheckpoint) RequestValue(req requests.Request, param string, optio
if len(key) == 0 { if len(key) == 0 {
key = req.WAFRemoteIP() key = req.WAFRemoteIP()
} }
value = this.cache.IncreaseInt64(key, int64(1), time.Now().Unix()+period) value = this.cache.IncreaseInt64(key, int64(1), time.Now().Unix()+period, false)
} }
return return

2
internal/waf/checkpoints/cc2.go
View File

@@ -38,7 +38,7 @@ func (this *CC2Checkpoint) RequestValue(req requests.Request, param string, opti
threshold = 1000 threshold = 1000
} }
value = ccCache.IncreaseInt64("WAF-CC-"+strings.Join(keyValues, "@"), 1, time.Now().Unix()+period) value = ccCache.IncreaseInt64("WAF-CC-"+strings.Join(keyValues, "@"), 1, time.Now().Unix()+period, false)
return return
} }