waf

command module
v0.0.0-...-92b3b32 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 22, 2020 License: GPL-3.0 Imports: 10 Imported by: 0

README

waf

Simple golang tcp reverse proxy with filter

Since added the limitation of connection per ip,

it could easily block the non-proxies tcp/http flood.

Proxied tcp/http flood need some time to block.

Function

  • Anti-cc
    • Limit the connections per ip
    • Limit the packets per connection
    • Limit the packets per second of every ip
  • Block IP system
    • Auto block ip trigger the limitation
    • Unblock all ip every 30 second(might be change)
    • Unban the blocked ip until you want
  • Check validity of request
    • Under development
  • Block injection
    • Unfinished
  • Filter the sensitive url
    • Unfinished
  • Log system
    • Under development

Usage

You can change the setting:

	// You can edit this
	waf_port                 = "0.0.0.0:80"     //your waf address
	real_port                = "localhost:1337" //your real address
	pps_per_ip_limit         = 10               //Limit the packets per second of ip
	connection_limit         = 10               //Limit the connections of ip
	banned_time      float64 = 60               //Blocking time of the banned ip

Then build it and use it

TODO

  • Anti-cc
  • Block IP system
  • Check validity of request
  • Block injection
  • Filter the sensitive url
  • Log system

Experiment

Tested with 1400+ socks4 proxies, it takes some time to block all the ips.

Attack side (4c8g) using socks4 cc

Server side (2c2g) using apache2 http server

Documentation

Overview

Coded by Leeon123 Date: 2020/9/20 18:01 It is not only for http server, also for other tcp server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.