included all map access inside locks, add blocked ip list
This commit is contained in:
parent
ec7ad148cf
commit
1857b4da76
51
main.go
51
main.go
|
@ -17,7 +17,13 @@ const SameCookieTimeLimitMins = 10
|
||||||
|
|
||||||
type Ip2LastSeen map[string]time.Time
|
type Ip2LastSeen map[string]time.Time
|
||||||
|
|
||||||
var cookiesToIps sync.Map // map [ cookie string] Ip2LastSeen
|
var cookiesToIps map[string]Ip2LastSeen // map [ cookie string] Ip2LastSeen
|
||||||
|
var cookiesLock sync.Mutex
|
||||||
|
|
||||||
|
var blocklistedIps map[string]bool
|
||||||
|
var blocklistLock sync.Mutex
|
||||||
|
|
||||||
|
|
||||||
var counter *Counter
|
var counter *Counter
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
@ -36,6 +42,9 @@ func main() {
|
||||||
}
|
}
|
||||||
log.Infof("Starting ddosFilter on %v -> %v...\n", *listenPort, *proxyPort)
|
log.Infof("Starting ddosFilter on %v -> %v...\n", *listenPort, *proxyPort)
|
||||||
|
|
||||||
|
cookiesToIps = map[string]Ip2LastSeen{}
|
||||||
|
blocklistedIps = map[string]bool{}
|
||||||
|
|
||||||
counter = NewCounter()
|
counter = NewCounter()
|
||||||
go logger()
|
go logger()
|
||||||
listen(*listenPort, *proxyPort)
|
listen(*listenPort, *proxyPort)
|
||||||
|
@ -68,6 +77,16 @@ func filter(res http.ResponseWriter, req *http.Request, listenPort, proxyPort in
|
||||||
ip = realIp
|
ip = realIp
|
||||||
}
|
}
|
||||||
|
|
||||||
|
blocklistLock.Lock()
|
||||||
|
blocked, ok := blocklistedIps[ip]
|
||||||
|
blocklistLock.Unlock()
|
||||||
|
if ok && blocked {
|
||||||
|
log.Debugln("blocked ip, 404ing")
|
||||||
|
res.WriteHeader(http.StatusNotFound)
|
||||||
|
fmt.Fprint(res, "404 - suspected botnet")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
//log.Debugf("%v: Request %v %v\n", ip, req.Host, req.URL)
|
//log.Debugf("%v: Request %v %v\n", ip, req.Host, req.URL)
|
||||||
cookieObj, err := req.Cookie("i_like_gogits")
|
cookieObj, err := req.Cookie("i_like_gogits")
|
||||||
log.Debugf("ip: %v cookie: %v\n", ip, cookieObj)
|
log.Debugf("ip: %v cookie: %v\n", ip, cookieObj)
|
||||||
|
@ -78,41 +97,45 @@ func filter(res http.ResponseWriter, req *http.Request, listenPort, proxyPort in
|
||||||
|
|
||||||
cookie := cookieObj.Value
|
cookie := cookieObj.Value
|
||||||
|
|
||||||
ips, ok := cookiesToIps.Load(cookie)
|
cookiesLock.Lock()
|
||||||
|
ips, ok := cookiesToIps[cookie]
|
||||||
|
cookiesLock.Unlock()
|
||||||
|
|
||||||
if !ok {
|
if !ok {
|
||||||
ips := Ip2LastSeen{ip: time.Now()}
|
ips := Ip2LastSeen{ip: time.Now()}
|
||||||
cookiesToIps.Store(cookie, ips)
|
cookiesLock.Lock()
|
||||||
|
cookiesToIps[cookie] = ips
|
||||||
|
cookiesLock.Unlock()
|
||||||
pass(res, req, listenPort, proxyPort)
|
pass(res, req, listenPort, proxyPort)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
ipsMap := ips.(Ip2LastSeen)
|
|
||||||
if len(ipsMap) > 1 {
|
|
||||||
log.Info("More than 1 IP for cookie: %v %v\n", cookie, ipsMap)
|
|
||||||
}
|
|
||||||
var mostRecent string = ""
|
var mostRecent string = ""
|
||||||
|
cookiesLock.Lock()
|
||||||
for ip, lastSeen := range ipsMap {
|
for ip, lastSeen := range ips {
|
||||||
if mostRecent == "" || lastSeen.After(ipsMap[mostRecent]) {
|
if mostRecent == "" || lastSeen.After(ips[mostRecent]) {
|
||||||
mostRecent = ip
|
mostRecent = ip
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
ips[ip] = time.Now()
|
||||||
ipsMap[ip] = time.Now()
|
cookiesToIps[cookie] = ips
|
||||||
cookiesToIps.Store(cookie, ipsMap)
|
cookiesLock.Unlock()
|
||||||
|
|
||||||
if mostRecent == "" || mostRecent == ip {
|
if mostRecent == "" || mostRecent == ip {
|
||||||
pass(res, req, listenPort, proxyPort)
|
pass(res, req, listenPort, proxyPort)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
timeDiff := time.Now().Sub(ipsMap[mostRecent])
|
timeDiff := time.Now().Sub(ips[mostRecent])
|
||||||
if timeDiff.Minutes() > SameCookieTimeLimitMins {
|
if timeDiff.Minutes() > SameCookieTimeLimitMins {
|
||||||
pass(res, req, listenPort, proxyPort)
|
pass(res, req, listenPort, proxyPort)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Infof("different IP in the last %v minutes, 404ing\n", SameCookieTimeLimitMins)
|
log.Infof("different IP in the last %v minutes, 404ing\n", SameCookieTimeLimitMins)
|
||||||
|
blocklistLock.Lock()
|
||||||
|
blocklistedIps[ip] = true
|
||||||
|
blocklistLock.Unlock()
|
||||||
res.WriteHeader(http.StatusNotFound)
|
res.WriteHeader(http.StatusNotFound)
|
||||||
fmt.Fprint(res, "404 - suspected botnet")
|
fmt.Fprint(res, "404 - suspected botnet")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue