From fa11422748065c95924bd2a44b6b3bb908c06c47 Mon Sep 17 00:00:00 2001 From: kirari04 Date: Tue, 11 Jun 2024 22:36:03 +0200 Subject: [PATCH] Implemented ui part for rate limit --- .gitignore | 6 ++++++ src/reverseproxy.go | 23 +++++++++++++++++++++++ src/web/components/httprp.html | 4 ++++ src/web/components/rules.html | 25 +++++++++++++++++++++++++ 4 files changed, 58 insertions(+) diff --git a/.gitignore b/.gitignore index 26006a7..532fdbe 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,9 @@ docker/ImagePublisher.sh src/mod/acme/test/stackoverflow.pem /tools/dns_challenge_update/code-gen/acmedns /tools/dns_challenge_update/code-gen/lego +src/tmp/localhost.key +src/tmp/localhost.pem +src/www/html/index.html +src/sys.uuid +src/zoraxy +src/log/zr_2024-6.log diff --git a/src/reverseproxy.go b/src/reverseproxy.go index 81ffa35..fa980a9 100644 --- a/src/reverseproxy.go +++ b/src/reverseproxy.go @@ -233,6 +233,26 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) { requireBasicAuth := (rba == "true") + // Require Rate Limiting? + rl, _ := utils.PostPara(r, "rate") + if rl == "" { + rl = "false" + } + requireRateLimit := (rl == "true") + rlnum, _ := utils.PostPara(r, "ratenum") + if rlnum == "" { + rlnum = "0" + } + proxyRateLimit, err := strconv.ParseInt(rlnum, 10, 64) + if err != nil { + utils.SendErrorResponse(w, "invalid rate limit number") + return + } + if proxyRateLimit <= 0 { + utils.SendErrorResponse(w, "rate limit number must be greater than 0") + return + } + // Bypass WebSocket Origin Check strbpwsorg, _ := utils.PostPara(r, "bpwsorg") if strbpwsorg == "" { @@ -313,6 +333,9 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) { BasicAuthExceptionRules: []*dynamicproxy.BasicAuthExceptionRule{}, DefaultSiteOption: 0, DefaultSiteValue: "", + // Rate Limit + RequireRateLimit: requireRateLimit, + RateLimit: proxyRateLimit, } preparedEndpoint, err := dynamicProxyRouter.PrepareProxyRoute(&thisProxyEndpoint) diff --git a/src/web/components/httprp.html b/src/web/components/httprp.html index b96dedc..e9e4f49 100644 --- a/src/web/components/httprp.html +++ b/src/web/components/httprp.html @@ -20,6 +20,7 @@ Destination Virtual Directory Basic Auth + Rate Limit Actions @@ -107,6 +108,9 @@ ${subd.RequireBasicAuth?``:``} + + ${subd.RequireRateLimit?` ${subd.RateLimit}req/s`:``} +
diff --git a/src/web/components/rules.html b/src/web/components/rules.html index 6a4faad..9a8474e 100644 --- a/src/web/components/rules.html +++ b/src/web/components/rules.html @@ -73,6 +73,17 @@
+
+
+ + +
+
+
+ + + The Rate Limit is applied to the whole proxy endpoint. If the number of requests exceeds the limit, the proxy will return a 429 error code. +
@@ -147,6 +158,8 @@ var skipTLSValidation = $("#skipTLSValidation")[0].checked; var bypassGlobalTLS = $("#bypassGlobalTLS")[0].checked; var requireBasicAuth = $("#requireBasicAuth")[0].checked; + var proxyRateLimit = $("#proxyRateLimit").val(); + var requireRateLimit = $("#requireRateLimit")[0].checked; var skipWebSocketOriginCheck = $("#skipWebsocketOriginCheck")[0].checked; var accessRuleToUse = $("#newProxyRuleAccessFilter").val(); @@ -176,6 +189,8 @@ bpwsorg: skipWebSocketOriginCheck, bypassGlobalTLS: bypassGlobalTLS, bauth: requireBasicAuth, + rate: requireRateLimit, + ratenum: proxyRateLimit, cred: JSON.stringify(credentials), access: accessRuleToUse, }, @@ -264,6 +279,16 @@ } $("#requireBasicAuth").on('change', toggleBasicAuth); toggleBasicAuth(); + + function toggleRateLimit() { + if ($("#requireRateLimit").parent().checkbox("is checked")) { + $("#proxyRateLimit").parent().removeClass("disabled"); + } else { + $("#proxyRateLimit").parent().addClass("disabled"); + } + } + $("#requireRateLimit").on('change', toggleRateLimit); + toggleRateLimit(); /*