Simple golang tcp reverse proxy with filter
Since added the limitation of connection per ip,
it could easily block the non-proxies tcp/http flood.
Proxied tcp/http flood need some time to block.
- Anti-cc
- Limit the connections per ip
- Limit the packets per connection
- Limit the packets per second of every ip
- Block IP system
- Auto block ip trigger the limitation
Unblock all ip every 30 second(might be change)- Unban the blocked ip until you want
- Check validity of request
- Under development
- Block injection
- Unfinished
- Filter the sensitive url
- Unfinished
- Log system
- Under development
You can change the setting:
// You can edit this
waf_port = "0.0.0.0:80" //your waf address
real_port = "localhost:1337" //your real address
pps_per_ip_limit = 10 //Limit the packets per second of ip
connection_limit = 10 //Limit the connections of ip
banned_time float64 = 60 //Blocking time of the banned ip
Then build it and use it
- Anti-cc
- Block IP system
- Check validity of request
- Block injection
- Filter the sensitive url
- Log system
Tested with 1400+ socks4 proxies, it takes some time to block all the ips.
Attack side (4c8g) using socks4 cc
Server side (2c2g) using apache2 http server
