package main import ( "flag" "fmt" "git.openprivacy.ca/openprivacy/log" "io/ioutil" "net/http" "strconv" "strings" "sync" "time" ) const MaxLength = 8192 const SameCookieTimeLimitMins = 10 type Ip2LastSeen map[string]time.Time var cookiesToIps sync.Map // map [ cookie string] Ip2LastSeen var counter *Counter func main() { var listenPort = flag.Int("listenPort", 5999, "port to listen on for incoming HTTP connections") var proxyPort = flag.Int("proxyPort", 6000, "port to forward connections to that pass the filter") var logLevel = flag.String("logLevel", "warn", "debug, info, warn, or err") flag.Parse() if *logLevel == "debug" { log.SetLevel(log.LevelDebug) } else if *logLevel == "info" { log.SetLevel(log.LevelInfo) } else if *logLevel == "warn" { log.SetLevel(log.LevelWarn) } else if *logLevel == "err" { log.SetLevel(log.LevelError) } log.Infof("Starting ddosFilter on %v -> %v...\n", *listenPort, *proxyPort) counter = NewCounter() go logger() listen(*listenPort, *proxyPort) } func logger() { for { time.Sleep(5*time.Second) log.Infof("Thread count: %v\n", counter.String()) } } func listen(listenPort, proxyPort int) { http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { counter.Add(); filter(w, r, listenPort, proxyPort); counter.Sub()}) addr := "127.0.0.1:" + strconv.Itoa(listenPort) err := http.ListenAndServe(addr, nil) if err != nil { log.Errorf("ListenAndServe on %v failed: %v\n", addr, err) return } } func filter(res http.ResponseWriter, req *http.Request, listenPort, proxyPort int) { ip := req.RemoteAddr //log.Debugf("%v: Request %v %v\n", ip, req.Host, req.URL) cookie, err := req.Cookie("i_like_gogits") log.Debugf("ip: %v cookie: %v\n", ip, cookie) if err != nil { pass(res, req, listenPort, proxyPort) return } ips, ok := cookiesToIps.Load(cookie) if !ok { ips := Ip2LastSeen{ip: time.Now()} cookiesToIps.Store(cookie, ips) pass(res, req, listenPort, proxyPort) return } ipsMap := ips.(Ip2LastSeen) var mostRecent string = "" for ip, lastSeen := range ipsMap { if mostRecent == "" || lastSeen.After(ipsMap[mostRecent]) { mostRecent = ip } } ipsMap[ip] = time.Now() cookiesToIps.Store(cookie, ipsMap) if mostRecent == "" || mostRecent == ip { pass(res, req, listenPort, proxyPort) return } timeDiff := time.Now().Sub(ipsMap[mostRecent]) if timeDiff.Minutes() > SameCookieTimeLimitMins { pass(res, req, listenPort, proxyPort) return } log.Infof("different IP in the last %v minutes, 404ing\n", SameCookieTimeLimitMins) res.WriteHeader(http.StatusNotFound) fmt.Fprint(res, "404 - suspected botnet") } // https://medium.com/@mlowicki/http-s-proxy-in-golang-in-less-than-100-lines-of-code-6a51c2f2c38c /*func copyHeader(dst, src *http.Header) { for k, vv := range src { for _, v := range vv { dst.Add(k, v) } } }*/ //https://stackoverflow.com/questions/23164547/golang-reverseproxy-not-working func copyHeader(source http.Header, dest *http.Header){ for n, v := range source { for _, vv := range v { dest.Add(n, vv) } } } func pass(res http.ResponseWriter, req *http.Request, listenPort, proxyPort int) { //log.Debugf("Request pass to proxy") //log.Infof("orig: %v\n", req.Host) req.Host = strings.Replace(req.Host, strconv.Itoa(listenPort), strconv.Itoa(proxyPort), 1) //req.Host = "git.danballard.com" req.URL.Host = req.Host //"git.danballard.com" req.URL.Scheme = "http" //log.Infof("req: %v\n", req) var transport http.Transport resp, err := transport.RoundTrip(req) if err != nil { log.Errorf("Error fetching: %v\n", err.Error()) http.Error(res, err.Error(), http.StatusServiceUnavailable) return } defer resp.Body.Close() body, err := ioutil.ReadAll(resp.Body) if err != nil { log.Error(err) return } dH := res.Header() copyHeader(resp.Header, &dH) dH.Add("Requested-Host", req.Host) res.WriteHeader(resp.StatusCode) /*n, err := */ res.Write(body) //log.Infof("res.write n: %v err: %v\n", n, err) }