go实现自带webui支持限流人机验证爬虫防护sql注入xss攻击的waf web防火墙应用管理系统代码
代码语言:golang
所属分类:其他
代码描述:go实现自带webui支持限流人机验证爬虫防护sql注入xss攻击的waf web防火墙应用管理系统代码
代码标签: go 自带 webui 支持 限流 人机 验证 爬虫 防护 sql注入 xss 攻击 waf web
下面为部分代码预览,完整代码请点击下载或在bfwstudio webide中打开
package main
import (
"crypto/md5"
"encoding/json"
"fmt"
"image"
"image/color"
"image/draw"
"image/png"
"io/ioutil"
"log"
"math"
"math/rand"
"net/http"
"net/http/httputil"
"net/url"
"os"
"regexp"
"strconv"
"strings"
"sync"
"time"
"golang.org/x/image/font"
"golang.org/x/image/font/basicfont"
"golang.org/x/image/math/fixed"
)
// ============ 数据结构定义 ============
type Admin struct {
Username string `json:"username"`
Password string `json:"password"` // MD5存储
}
type ProxyTarget struct {
ID string `json:"id"`
Domain string `json:"domain"` // 监听域名
Target string `json:"target"` // 目标地址
Enabled bool `json:"enabled"` // 是否启用
CreatedAt time.Time `json:"created_at"`
RequestCount int64 `json:"request_count"`
BlockCount int64 `json:"block_count"`
}
type SessionData struct {
Username string
LoginTime time.Time
}
type Statistics struct {
TotalRequests int64 `json:"total_requests"`
BlockedCount int64 `json:"blocked_count"`
AttackTypes map[string]int64 `json:"attack_types"`
}
type Config struct {
Admin Admin `json:"admin"`
ProxyTargets map[string]ProxyTarget `json:"proxy_targets"`
EnableWAF bool `json:"enable_waf"`
EnableBot bool `json:"enable_bot"`
RateLimit int `json:"rate_limit"` // 每秒请求数
RateLimitBurst int `json:"rate_limit_burst"` // 峰值
EnableHumanVerification bool `json:"enable_human_verification"` // 启用人机验证
Statistics Statistics `json:"statistics"`
}
// ============ 全局变量 ============
var (
config Config
sessions = make(map[string]SessionData)
configFile = "waf_config.json"
rateLimiter = make(map[string]*TokenBucket)
captchaStore = make(map[string]string)
whitelistedIPs = make(map[string]time.Time) // 人机验证白名单
mu sync.RWMutex
sessionMu sync.RWMutex
limiterMu sync.RWMutex
whitelistMu sync.RWMutex
)
// ============ 令牌桶限流器 ============
type TokenBucket struct {
tokens float64
capacity float64
rate float64
lastTime time.Time
mu sync.Mutex
}
func NewTokenBucket(rate, capacity float64) *TokenBucket {
return &TokenBucket{
tokens: capacity,
capacity: capacity,
rate: rate,
lastTime: time.Now(),
}
}
func (tb *TokenBucket) Allow() bool {
tb.mu.Lock()
defer tb.mu.Unlock()
now := time.Now()
elapsed := now.Sub(tb.lastTime).Seconds()
tb.tokens += elapsed * tb.rate
if tb.tokens > tb.capacity {
tb.tokens = tb.capacity
}
tb.lastTime = now
if tb.tokens >= 1.0 {
tb.tokens -= 1.0
return true
}
return false
}
// ============ WAF规则引擎 ============
var wafRules = []struct {
Name string
Pattern *regexp.Regexp
}{
{"SQL_Injection", regexp.MustCompile(`(?i)(union.*select|select.*from|insert.*into|delete.*from|drop.*table|exec.*\(|script.*>)`)},
{"XSS", regexp.MustCompile(`(?i)(<script|javascript:|onerror=|onload=|<iframe|eval\()`)},
{"Path_Traversal", regexp.MustCompile(`(\.\./|\.\.\\|/etc/passwd|/windows/win\.ini)`)},
{"Command_Injection", regexp.MustCompile(`(?i)(;|\||&|` + "`" + `)(\s)*(ls|cat|wget|curl|chmod|bash|sh|cmd|powershell)`)},
{"XXE", regexp.MustCompile(`(?i)(<!entity|<!doctype.*\[)`)},
}
func checkWAF(r *http.Request) (bool, string) {
if !config.EnableWAF {
return true, ""
}
// 检查URL
for _, rule := range wafRules {
if rule.Pattern.MatchString(r.URL.String()) {
return false, rule.Name
}
}
// 检查POST数据
if r.Method == "POST" {
body, _ := ioutil.ReadAll(r.Body)
// 重要的:读取后要重新装回去
r.Body = ioutil.NopCloser(strings.NewReader(string(body)))
for _, rule := range wafRules {
if rule.Pattern.MatchString(string(body)) {
return false, rule.Name
}
}
}
// 检查Headers
for _, values := range r.Header {
for _, value := range values {
fo.........完整代码请登录后点击上方下载按钮下载查看
其他语言代码库
Html代码库
Python代码库
Java代码库
Php代码库
Phpcli代码库
Golang代码库
C#代码库
Nodejs代码库
C代码库
C++代码库
Sql代码库
R代码库
Rust代码库
Ruby代码库
Dart代码库
Vb代码库
D代码库
F#代码库
Typescript代码库
Coffeescript代码库
Julia代码库
Kotlin代码库
Perl代码库
Groovy代码库
Lua代码库
Vala代码库
Ocaml代码库
Assembly代码库
Objectc代码库
Scala代码库
Erlang代码库
Pascal代码库
Swift代码库
Fortran代码库
Bash代码库
Clojure代码库
Ada代码库
Elixir代码库
Cobol代码库
Haskell代码库
Nim代码库
Racket代码库
Lisp代码库
网友评论0