github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v2.6.3 

SYN flood protect
pull/26/head
Aidaho12 2018-07-17 09:21:08 +06:00
parent 77ae8d1c40
commit 45aef7050b
8 changed files with 72 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/funct.py
View File

@ -271,7 +271,7 @@ def diff_config(oldcfg, cfg):
print('<center><div class="alert alert-danger">Can\'t read write change to log. %s</div></center>' % stderr)
pass
def install_haproxy(serv):
def install_haproxy(serv, **kwargs):
script = "install_haproxy.sh"
tmp_config_path = get_config_var('haproxy', 'tmp_config_path')
proxy = get_config_var('main', 'proxy')
@ -285,6 +285,27 @@ def install_haproxy(serv):
upload(serv, tmp_config_path, script)
ssh_command(serv, commands)
if kwargs.get('syn_flood') == "1":
syn_flood_protect(serv)
os.system("rm -f %s" % script)
def syn_flood_protect(serv, **kwargs):
script = "syn_flood_protect.sh"
tmp_config_path = get_config_var('haproxy', 'tmp_config_path')
if kwargs.get('enable') == "0":
enable = "disable"
else:
enable = "enable"
os.system("cp scripts/%s ." % script)
commands = [ "chmod +x "+tmp_config_path+script, tmp_config_path+script+ " "+enable ]
upload(serv, tmp_config_path, script)
ssh_command(serv, commands)
os.system("rm -f %s" % script)
def upload(serv, path, file, **kwargs):

7
app/options.py
View File

@ -302,12 +302,17 @@ if form.getvalue('master'):
interface = form.getvalue('interface')
vrrpip = form.getvalue('vrrpip')
hap = form.getvalue('hap')
syn_flood = form.getvalue('syn_flood')
tmp_config_path = funct.get_config_var('haproxy', 'tmp_config_path')
script = "install_keepalived.sh"
if hap == "1":
funct.install_haproxy(master)
funct.install_haproxy(slave)
if syn_flood == "1":
funct.syn_flood_protect(master)
funct.syn_flood_protect(slave)
os.system("cp scripts/%s ." % script)
@ -346,4 +351,4 @@ if form.getvalue('masteradd'):
os.system("rm -f %s" % script)
if form.getvalue('haproxyaddserv'):
funct.install_haproxy(form.getvalue('haproxyaddserv'))
funct.install_haproxy(form.getvalue('haproxyaddserv'), syn_flood=form.getvalue('syn_flood'))

2
app/scripts/install_haproxy.sh
View File

@ -47,7 +47,7 @@ defaults
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout http-request 5s
timeout queue 1m
timeout connect 10s
timeout client 1m

22
app/scripts/syn_flood_protect.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
if [[ $1 == "enable" ]]; then
sudo bash -c cat <<EOF >> /etc/sysctl.conf
# Protection SYN flood
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_max_syn_backlog = 1024
EOF
sudo sysctl -w net.ipv4.tcp_syncookies=1
sudo sysctl -w net.ipv4.conf.all.rp_filter=1
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=1024
sudo sysctl -w net.ipv4.tcp_synack_retries=3
fi
if [[ $1 == "disable" ]]; then
sed -i 's/net.ipv4.tcp_max_syn_backlog = 1024/net.ipv4.tcp_max_syn_backlog = 256/' /etc/sysctl.conf
sed -i 's/net.ipv4.tcp_synack_retries = 3/net.ipv4.tcp_synack_retries = 5/' /etc/sysctl.conf
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=256
sudo sysctl -w net.ipv4.tcp_synack_retries=5
fi

2
app/templates/base.html
View File

@ -97,7 +97,7 @@
</ul>
</nav>
<div class="copyright-menu">
HAproxy-WI v2.6.2.2
HAproxy-WI v2.6.3
<br>
<a href="https://www.patreon.com/haproxy_wi" title="Donate" target="_blank" style="color: #fff; margin-left: 30px; color: red;" class="patreon"> Patreon</a>
</div>

4
app/templates/ha.html
View File

@ -9,6 +9,7 @@
<td>VRRP interface</td>
<td>VRRP IP</td>
<td><span title="Haproxy-WI will try install haproxy-1.18.5, if it does not work then haproxy-1.15">Install HAProxy(?)</span></td>
<td>SYN flood protect</td>
<td></td>
</tr>
<tr>
@ -37,6 +38,9 @@
<td>
<label for="hap"></label><input type="checkbox" id="hap">
</td>
<td>
<label for="syn_flood" title="Enable SYN flood protect"><input type="checkbox" id="syn_flood" checked>
</td>
<td>
<a class="ui-button ui-widget ui-corner-all" id="create" title="Create HA configuration">Create</a>
</td>

8
app/templates/ihap.html
View File

@ -3,8 +3,9 @@
<script src="/inc/users.js"></script>
<table class="overview">
<tr class="overviewHead">
<td class="padding10 first-collumn">Note</td>
<td>Server</td>
<td class="padding10 first-collumn" style="width: 350px;">Note</td>
<td class="padding10 first-collumn">Server</td>
<td style="width: 150px;">SYN flood protect</td>
<td></td>
</tr>
<tr>
@ -19,6 +20,9 @@
{% endfor %}
</select>
</td>
<td>
<label for="syn_flood" title="Enable SYN flood protect"><input type="checkbox" id="syn_flood" checked>
</td>
<td>
<a class="ui-button ui-widget ui-corner-all" id="install" title="Install HAProxy">Install</a>
</td>

10
inc/users.js
View File

@ -18,8 +18,12 @@ $( function() {
var ipformat = /^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
$('#create').click(function() {
var hap = 0;
var syn_flood = 0;
if ($('#hap').is(':checked')) {
hap = '1';
}
if ($('#syn_flood').is(':checked')) {
syn_flood = '1';
}
$("#ajax").html('')
if( $("#master").val() == "" || $("#slave").val() == "" || $("#interface").val() == "" ||
@ -37,6 +41,7 @@ $( function() {
interface: $("#interface").val(),
vrrpip: $('#vrrp-ip').val(),
hap: hap,
syn_flood: syn_flood,
token: $('#token').val()
},
type: "GET",
@ -92,10 +97,15 @@ $( function() {
});
$('#install').click(function() {
$("#ajax").html('')
var syn_flood = 0;
if ($('#syn_flood').is(':checked')) {
syn_flood = '1';
}
$.ajax( {
url: "options.py",
data: {
haproxyaddserv: $('#haproxyaddserv').val(),
syn_flood: syn_flood,
token: $('#token').val()
},
type: "GET",