github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

v3.1 

Meet Web application firewall!
pull/42/head
Aidaho12 6 years ago
parent
914d04eede
commit
f272ec4ca2
14 changed files with 296 additions and 33 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      README.md
  2. 10
      app/add.py
  3. 41
      app/funct.py
  4. 7
      app/options.py
  5. 3
      app/ovw.py
  6. 6
      app/scripts/install_haproxy.sh
  7. 15
      app/scripts/syn_flood_protect.sh
  8. 188
      app/scripts/waf.sh
  9. 3
      app/templates/add.html
  10. 2
      app/templates/base.html
  11. 4
      app/templates/ihap.html
  12. 5
      app/templates/ovw.html
  13. 27
      inc/script.js
  14. 12
      inc/users.js

4
README.md
Unescape View File

@ -33,7 +33,7 @@ Support the project
21. Alerting about HAProxy service state
22. Metrics incoming connections
23. Web acceleration settings
24. Some functions WAF
24. Web application firewall
![alt text](image/haproxy-wi-metrics.jpeg "Merics")
@ -107,7 +107,7 @@ Login http://haproxy-wi-server/users.py, and add: users, groups and servers. Def
![alt text](image/haproxy-wi-admin-area.jpeg "Admin area")
For Runtime API enable state file on HAproxt servers and need install socat on all haproxy servers, and configre HAProxy:
For Runtime API, Metrics and Alerting enable state file and stat socket on HAproxt servers and need install socat on all haproxy servers, and configre HAProxy:
```
global
stats socket *:1999 level admin

10
app/add.py
Unescape View File

@ -36,6 +36,7 @@ print(output_from_parsed_template)
hap_configs_dir = funct.get_config_var('configs', 'haproxy_save_configs_dir')
cert_path = sql.get_setting('cert_path')
haproxy_dir = sql.get_setting('haproxy_dir')
if form.getvalue('mode') is not None:
serv = form.getvalue('serv')
@ -111,7 +112,7 @@ if form.getvalue('mode') is not None:
options_split += " option http-pretend-keepalive\n"
if form.getvalue('blacklist') is not None:
options_split += " tcp-request connection reject if { src -f /etc/haproxy/black/"+form.getvalue('blacklist')+" }\n"
options_split += " tcp-request connection reject if { src -f "+haproxy_dir+"/black/"+form.getvalue('blacklist')+" }\n"
if form.getvalue('cookie'):
cookie = " cookie "+form.getvalue('cookie_name')
@ -166,7 +167,12 @@ if form.getvalue('mode') is not None:
cache_s = " http-request cache-use "+end_name+"\n http-response cache-store "+end_name+"\n"
cache_set = "cache "+end_name+"\n total-max-size 4\n max-age 240\n"
config_add = name + "\n" + bind + mode + "\n" + balance + options_split + filter + compression_s + cache_s + backend + servers_split + "\n" + cache_set
waf = ""
if form.getvalue('waf') is not None:
waf = " filter spoe engine modsecurity config "+haproxy_dir+"/spoe-modsecurity.conf\n"
waf += " http-request deny if { var(txn.modsec.code) -m int gt 0 }\n"
config_add = name + "\n" + bind + mode + "\n" + balance + options_split + filter + compression_s + cache_s + waf + backend + servers_split + "\n" + cache_set
cfg = hap_configs_dir + serv + "-" + funct.get_data('config') + ".cfg"
funct.get_config(serv, cfg)

41
app/funct.py
Unescape View File

@ -275,6 +275,9 @@ def install_haproxy(serv, **kwargs):
if kwargs.get('syn_flood') == "1":
syn_flood_protect(serv)
if kwargs.get('waf') == "1":
waf_install(serv)
os.system("rm -f %s" % script)
def syn_flood_protect(serv, **kwargs):
@ -296,6 +299,34 @@ def syn_flood_protect(serv, **kwargs):
os.system("rm -f %s" % script)
def waf_install(serv, **kwargs):
import sql
script = "waf.sh"
tmp_config_path = sql.get_setting('tmp_config_path')
proxy = sql.get_setting('proxy')
haproxy_dir = sql.get_setting('haproxy_dir')
ver = check_haproxy_version(serv)
os.system("cp scripts/%s ." % script)
commands = [ "chmod +x "+tmp_config_path+script+" && " +tmp_config_path+script +" PROXY=" + proxy+
" HAPROXY_PATH="+haproxy_dir +" VERSION="+ver ]
upload(serv, tmp_config_path, script)
ssh_command(serv, commands, print_out="1")
os.system("rm -f %s" % script)
def check_haproxy_version(serv):
import sql
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
ver = ""
cmd="echo 'show info' |nc %s %s |grep Version |awk '{print $2}'" % (serv, haproxy_sock_port)
output, stderr = subprocess_execute(cmd)
for line in output:
ver = line
return ver
def upload(serv, path, file, **kwargs):
full_path = path + file
@ -399,7 +430,7 @@ def server_status(stdout):
proc_count = ""
for line in stdout:
if "Ncat: Connection refused." not in line:
if "Ncat: " not in line:
for k in line:
proc_count = k.split(":")[1]
else:
@ -417,8 +448,6 @@ def ssh_command(serv, commands, **kwargs):
if kwargs.get("ip") == "1":
show_ip(stdout)
elif kwargs.get("compare") == "1":
compare(stdout)
elif kwargs.get("show_log") == "1":
show_log(stdout)
elif kwargs.get("server_status") == "1":
@ -448,7 +477,9 @@ def subprocess_execute(cmd):
def show_backends(serv, **kwargs):
import json
cmd='echo "show backend" |nc %s 1999' % serv
import sql
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
cmd='echo "show backend" |nc %s %s' % (serv, haproxy_sock_port)
output, stderr = subprocess_execute(cmd)
ret = ""
for line in output:
@ -492,5 +523,3 @@ def get_files(**kwargs):
else:
return files

7
app/options.py
Unescape View File

@ -254,7 +254,7 @@ if form.getvalue('servaction') is not None:
command = [ cmd ]
if enable != "show":
print('<center><h3>You %s %s on HAproxy %s. <a href="viewsttats.py?serv=%s" title="View stat" target="_blank">Look it</a> or <a href="edit.py" title="Edit">Edit something else</a></h3><br />' % (enable, backend, serv, serv))
print('<center><h3>You %s %s on HAproxy %s. <a href="viewsttats.py?serv=%s" title="View stat" target="_blank">Look it</a> or <a href="edit.py" title="Edit">Edit something else</a></h3><br />' % (enable, backend, serv, serv))
funct.ssh_command(serv, command, show_log="1")
action = 'edit.py ' + enable + ' ' + backend
@ -374,7 +374,7 @@ if form.getvalue('masteradd'):
os.system("rm -f %s" % script)
if form.getvalue('haproxyaddserv'):
funct.install_haproxy(form.getvalue('haproxyaddserv'), syn_flood=form.getvalue('syn_flood'))
funct.install_haproxy(form.getvalue('haproxyaddserv'), syn_flood=form.getvalue('syn_flood'), waf=form.getvalue('waf'))
if form.getvalue('table_metrics'):
import http.cookies
@ -475,8 +475,7 @@ if form.getvalue('metrics'):
show(grid)
if form.getvalue('get_hap_v'):
commands = [ "haproxy -v |grep ver|awk '{print $3}'" ]
output = funct.ssh_command(serv, commands)
output = funct.check_haproxy_version(serv)
print(output)
if form.getvalue('bwlists'):

3
app/ovw.py
Unescape View File

@ -17,12 +17,13 @@ def get_overview():
listhap = sql.get_dick_permit()
commands = [ "ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % haproxy_config_path ]
commands1 = [ "ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l" ]
servers = []
for server in listhap:
server_status = ()
cmd = 'echo "show info" |nc %s %s |grep -e "Process_num"' % (server[2], haproxy_sock_port)
server_status = (server[1],server[2], funct.server_status(funct.subprocess_execute(cmd)), funct.ssh_command(server[2], commands))
server_status = (server[1],server[2], funct.server_status(funct.subprocess_execute(cmd)), funct.ssh_command(server[2], commands), funct.ssh_command(server[2], commands1))
servers.append(server_status)
template = template.render(service_status = servers, role = sql.get_user_role_by_uuid(user_id.value))

6
app/scripts/install_haproxy.sh
Unescape View File

@ -35,14 +35,14 @@ fi
if hash apt-get 2>/dev/null; then
sudo apt-get install haproxy socat -y
else
sudo wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm
wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm
sudo yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y
fi
if [ $? -eq 1 ]
then
sudo yum install wget socat -y > /dev/null
sudo wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm
wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm
sudo yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y
fi
if [ $? -eq 1 ]
@ -103,7 +103,7 @@ sudo sed -i 's/#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf
sudo sed -i 's/#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf
sudo firewall-cmd --zone=public --add-port=8085/tcp --permanent
sudo sudo firewall-cmd --reload
sudo firewall-cmd --reload
sudo setenforce 0
sudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
sudo systemctl enable haproxy

15
app/scripts/syn_flood_protect.sh
Unescape View File

@ -1,8 +1,9 @@
#!/bin/bash
if [[ $1 == "enable" ]]; then
if grep -q "net.ipv4.tcp_syncookie = 1" /etc/sysctl.conf; then
if sudo grep -q "net.ipv4.tcp_syncookies = 1" /etc/sysctl.conf; then
echo "SYN flood protectd allready enabled"
exit 1
else
sudo bash -c cat <<EOF >> /etc/sysctl.conf
# Protection SYN flood
@ -11,16 +12,16 @@ net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_max_syn_backlog = 1024
EOF
sudo sysctl -w net.ipv4.tcp_syncookies=1
sudo sysctl -w net.ipv4.conf.all.rp_filter=1
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=1024
sudo sysctl -w net.ipv4.tcp_synack_retries=3
sudo sysctl -w net.ipv4.tcp_syncookies=1
sudo sysctl -w net.ipv4.conf.all.rp_filter=1
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=1024
sudo sysctl -w net.ipv4.tcp_synack_retries=3
fi
fi
if [[ $1 == "disable" ]]; then
sed -i 's/net.ipv4.tcp_max_syn_backlog = 1024/net.ipv4.tcp_max_syn_backlog = 256/' /etc/sysctl.conf
sed -i 's/net.ipv4.tcp_synack_retries = 3/net.ipv4.tcp_synack_retries = 5/' /etc/sysctl.conf
sudo sed -i 's/net.ipv4.tcp_max_syn_backlog = 1024/net.ipv4.tcp_max_syn_backlog = 256/' /etc/sysctl.conf
sudo sed -i 's/net.ipv4.tcp_synack_retries = 3/net.ipv4.tcp_synack_retries = 5/' /etc/sysctl.conf
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=256
sudo sysctl -w net.ipv4.tcp_synack_retries=5
fi

188
app/scripts/waf.sh
Unescape View File

@ -0,0 +1,188 @@
#!/bin/bash
for ARGUMENT in "$@"
do
KEY=$(echo $ARGUMENT | cut -f1 -d=)
VALUE=$(echo $ARGUMENT | cut -f2 -d=)
case "$KEY" in
PROXY) PROXY=${VALUE} ;;
VERSION) VERSION=${VALUE} ;;
HAPROXY_PATH) HAPROXY_PATH=${VALUE} ;;
*)
esac
done
VERSION_MAJ=$(echo $VERSION | awk -F"." '{print $1"."$2}')
if [[ $PROXY != "" ]]
then
export http_proxy="$PROXY"
export https_proxy="$PROXY"
echo "Exporting proxy"
fi
if [ -f $HAPROXY_PATH/waf/modsecurity.conf ];then
echo -e 'error: Haproxy WAF already installed. You can edit config<a href="/app/config.py" title="Edit HAProxy config">here</a> <br /><br />'
exit 1
fi
wget -O /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm http://rpmfind.net/linux/centos/7.5.1804/os/x86_64/Packages/yajl-devel-2.0.4-4.el7.x86_64.rpm
wget -O /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm http://mirror.centos.org/centos/7/os/x86_64/Packages/libevent-devel-2.0.21-4.el7.x86_64.rpm
wget -O /tmp/modsecurity-2.9.2.tar.gz https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz
sudo yum install /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm httpd-devel libxml2-devel gcc curl-devel -y
if [ $? -eq 1 ]; then
echo -e "Can't download waf application. Check Internet connection"
exit 1
fi
cd /tmp
sudo tar xf modsecurity-2.9.2.tar.gz
cd /tmp/modsecurity-2.9.2
sudo ./configure --prefix=/tmp/modsecurity-2.9.2 --enable-standalone-module --disable-mlogc --enable-pcre-study --without-lua --enable-pcre-jit
sudo make
sudo make -C standalone install
if [ $? -eq 1 ]; then
echo -e "Can't compile waf application"
exit 1
fi
sudo mkdir -p /tmp/modsecurity-2.9.2/INSTALL/include
sudo cp standalone/.libs/* /tmp/modsecurity-2.9.2/INSTALL/include
sudo cp standalone/* /tmp/modsecurity-2.9.2/INSTALL/include
sudo cp apache2/*.h /tmp/modsecurity-2.9.2/INSTALL/include
wget -O /tmp/haproxy-$VERSION.tar.gz http://www.haproxy.org/download/$VERSION_MAJ/src/haproxy-$VERSION.tar.gz
if [ $? -eq 1 ]; then
echo -e "Can't download Haproxy application. Check Internet connection"
exit 1
fi
cd /tmp
sudo tar xf /tmp/haproxy-$VERSION.tar.gz
sudo mkdir $HAPROXY_PATH/waf
sudo mkdir $HAPROXY_PATH/waf/bin
sudo mkdir $HAPROXY_PATH/waf/rules
cd /tmp/haproxy-$VERSION/contrib/modsecurity
sudo make MODSEC_INC=/tmp/modsecurity-2.9.2/INSTALL/include MODSEC_LIB=/tmp/modsecurity-2.9.2/INSTALL/include APACHE2_INC=/usr/include/httpd/ APR_INC=/usr/include/apr-1
if [ $? -eq 1 ]; then
echo -e "Can't compile waf application"
exit 1
fi
sudo mv /tmp/haproxy-$VERSION/contrib/modsecurity/modsecurity $HAPROXY_PATH/waf/bin
wget -O $HAPROXY_PATH/waf/modsecurity.conf https://github.com/SpiderLabs/ModSecurity/raw/v2/master/modsecurity.conf-recommended
sudo bash -c cat << EOF >> $HAPROXY_PATH/waf/modsecurity.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_10_ignore_static.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_10_setup.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_11_avs_traffic.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_11_brute_force.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_11_dos_protection.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_13_xml_enabler.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_16_authentication_tracking.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_16_scanner_integration.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_16_username_tracking.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_16_username_tracking.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_20_protocol_violations.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_21_protocol_anomalies.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_23_request_limits.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_25_cc_known.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_25_cc_track_pan.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_30_http_policy.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_35_bad_robots.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_40_generic_attacks.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_40_http_parameter_pollution.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_41_sql_injection_attacks.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_41_xss_attacks.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_42_comment_spam.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_42_tight_security.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_45_trojans.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_46_av_scanning.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_46_scanner_integration.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_46_slr_et_xss_attacks.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_46_slr_et_lfi_attacks.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_46_slr_et_sqli_attacks.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_47_common_exceptions.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_49_inbound_blocking.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_50_outbound.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_55_marketing.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_56_pvi_checks.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_59_outbound_blocking.conf
Include $HAPROXY_PATH/waf/rules/modsecurity_crs_60_correlation.conf
EOF
wget -O $HAPROXY_PATH/waf/unicode.mapping https://github.com/SpiderLabs/ModSecurity/raw/v2/master/unicode.mapping
wget -O /tmp/owasp.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/2.2.9.tar.gz
cd /tmp/
sudo tar xf /tmp/owasp.tar.gz
sudo mv /tmp/owasp-modsecurity-crs-2.2.9/modsecurity_crs_10_setup.conf.example $HAPROXY_PATH/waf/rules/modsecurity_crs_10_setup.conf
sudo mv /tmp/owasp-modsecurity-crs-2.2.9/*rules/* $HAPROXY_PATH/waf/rules/
sudo sed -i 's/#SecAction/SecAction/' $HAPROXY_PATH/waf/rules/modsecurity_crs_10_setup.conf
sudo rm -f /tmp/owasp.tar.gz
sudo bash -c cat << EOF > /etc/systemd/system/multi-user.target.wants/waf.service
[Unit]
Description=Defender WAF
After=syslog.target network.target
[Service]
ExecStart=$HAPROXY_PATH/waf/bin/modsecurity -n 4 -f $HAPROXY_PATH/waf/modsecurity.conf
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=waf
[Install]
WantedBy=multi-user.target
EOF
sudo bash -c cat << EOF > /etc/rsyslog.d/waf.conf
if $programname startswith 'waf' then /var/log/waf.log
& stop
EOF
sudo bash -c cat << EOF > $HAPROXY_PATH/spoe-modsecurity.conf
[modsecurity]
spoe-agent modsecurity-agent
messages check-request
option var-prefix modsec
timeout hello 100ms
timeout idle 30s
timeout processing 15ms
use-backend spoe-modsecurity
spoe-message check-request
args unique-id method path query req.ver req.hdrs_bin req.body_size req.body
event on-frontend-http-request
EOF
if sudo grep -q "backend spoe-modsecurity" $HAPROXY_PATH/haproxy.cfg; then
echo -e "Backend for WAF exists"
else
sudo bash -c cat << EOF >> $HAPROXY_PATH/haproxy.cfg
backend spoe-modsecurity
mode tcp
timeout connect 5s
timeout server 3m
server waf 127.0.0.1:12345 check
EOF
fi
sudo systemctl daemon-reload
sudo systemctl enable waf
sudo systemctl restart waf
sudo rm -f /tmp/libevent-devel-2.0.21-4.el7.x86_64.rpm
sudo rm -f /tmp/modsecurity-2.9.2.tar.gz
sudo rm -f /tmp/yajl-devel-2.0.4-4.el7.x86_64.rpm
sudo rm -rf /tmp/haproxy-$VERSION
sudo rm -rf /tmp/haproxy-$VERSION.tar.gz
sudo rm -rf /tmp/modsecurity-2.9.2
if [ $? -eq 1 ]; then
echo "error: Can't start Haproxy WAF service <br /><br />"
exit 1
fi
echo "success"

3
app/templates/add.html
Unescape View File

@ -89,6 +89,7 @@
<label for="slow_atack" title="Slow atack protect">Slow atack</label><input type="checkbox" id="slow_atack">
<label for="ddos" title="DDOS atack protect">DDOS</label><input type="checkbox" id="ddos">
<label for="blacklist_checkbox" title="Enable SSL Offloading">Blacklist</label><input type="checkbox" id="blacklist_checkbox">
<label for="waf" title="Web application firewall">WAF</label><input type="checkbox" id="waf" name="waf" value="1">
</span>
<div id="blacklist-hide" style="display: none;">
<br /><span class="tooltip tooltipTop">Enter the name of the blacklist, or press down:</span><br />
@ -518,6 +519,7 @@
</table>
<div id="ajax-ssl"></div>
</div>
{% if add %}
<div class="alert alert-success">
<h3>{{ add }} was success added</h3>
@ -529,6 +531,7 @@
<center><pre id="dialog-confirm-body"></pre></center>
</div>
<input type="hidden" id="group" value="{{ group }}">
<script>
$( ".force_close" ).selectmenu({
width: 180

2
app/templates/base.html
Unescape View File

@ -98,7 +98,7 @@
</ul>
</nav>
<div class="copyright-menu">
HAproxy-WI v3.0
HAproxy-WI v3.1
<br>
<a href="https://www.patreon.com/haproxy_wi" title="Donate" target="_blank" style="color: #fff; margin-left: 30px; color: red;" class="patreon"> Patreon</a>
</div>

4
app/templates/ihap.html
Unescape View File

@ -6,6 +6,7 @@
<td class="padding10 first-collumn" style="width: 350px;">Note</td>
<td class="padding10 first-collumn">Server</td>
<td style="width: 150px;">SYN flood protect</td>
<td style="width: 150px;"><span title="Web application firewall">WAF(?)</span></td>
<td></td>
</tr>
<tr>
@ -23,6 +24,9 @@
<td>
<label for="syn_flood" title="Enable SYN flood protect"><input type="checkbox" id="syn_flood" checked>
</td>
<td>
<label for="waf" title="Enable SYN flood protect"><input type="checkbox" id="waf">
</td>
<td>
<a class="ui-button ui-widget ui-corner-all" id="install" title="Install HAProxy">Install</a>
</td>

5
app/templates/ovw.html
Unescape View File

@ -97,7 +97,10 @@
<td class="padding10 second-collumn">
HAproxy status
</td>
<td class="padding10 third-collumn">
<td class="padding10">
WAF status
</td>
<td class="padding10 second-collumn">
Action
</td>
<td class="padding10">

27
inc/script.js
Unescape View File

@ -1006,13 +1006,17 @@ $( function() {
cur_url = cur_url[0].split('#');
if (cur_url[0] == "/app/add.py") {
$("#cache").checkboxradio( "disable" );
$("#waf").checkboxradio( "disable" );
$( "#serv" ).on('selectmenuchange',function() {
change_select_acceleration("");
change_select_waf("");
});
$("#cache2").checkboxradio( "disable" );
$("#waf2").checkboxradio( "disable" );
$( "#serv2" ).on('selectmenuchange',function() {
change_select_acceleration(2);
change_select_acceleration("2");
change_select_waf("2");
});
$("#cache3").checkboxradio( "disable" );
@ -1202,6 +1206,7 @@ function change_select_acceleration(id) {
},
type: "GET",
success: function( data ) {
console.log(data)
if(parseFloat(data) < parseFloat('1.8')) {
$("#cache"+id).checkboxradio( "disable" );
} else {
@ -1210,7 +1215,25 @@ function change_select_acceleration(id) {
}
} );
}
function change_select_waf(id) {
$.ajax( {
url: "options.py",
data: {
get_hap_v: 1,
serv: $('#serv'+id+' option:selected').val(),
token: $('#token').val()
},
type: "GET",
success: function( data ) {
console.log(data)
if(parseFloat(data) < parseFloat('1.7')) {
$("#waf"+id).checkboxradio( "disable" );
} else {
$("#waf"+id).checkboxradio( "enable" );
}
}
} );
}
function replace_text(id_textarea, text_var) {
var str = $(id_textarea).val();
var len = str.length;

12
inc/users.js
Unescape View File

@ -87,9 +87,9 @@ $( function() {
type: "GET",
success: function( data ) {
data = data.replace(/\s+/g,' ');
if (data.indexOf('error') != '-1' || data.indexOf('alert') != '-1' || data.indexOf('Failed') != '-1') {
if (data.indexOf('error') != '-1') {
$("#ajax").html('<div class="alert alert-danger">'+data+'</data>');
} else if (data.indexOf('success') != '-1' ){
} else if (data.indexOf('success') != '-1'){
$('.alert-danger').remove();
$("#ajax").html('<div class="alert alert-success">All is ready!</data>');
}
@ -100,24 +100,30 @@ $( function() {
$('#install').click(function() {
$("#ajax").html('')
var syn_flood = 0;
var waf = 0;
if ($('#syn_flood').is(':checked')) {
syn_flood = '1';
}
if ($('#waf').is(':checked')) {
waf = '1';
}
$("#ajax").html('<div class="alert alert-warning">Please don\'t close and don\'t represh page. Wait until the work is completed. This may take some time </div>');
$.ajax( {
url: "options.py",
data: {
haproxyaddserv: $('#haproxyaddserv').val(),
syn_flood: syn_flood,
waf: waf,
token: $('#token').val()
},
type: "GET",
success: function( data ) {
data = data.replace(/\s+/g,' ');
if (data.indexOf('error') != '-1' || data.indexOf('alert') != '-1' || data.indexOf('Failed') != '-1') {
if (data.indexOf('error') != '-1' || data.indexOf('Failed') != '-1') {
$("#ajax").html('<div class="alert alert-danger">'+data+'</data>');
} else if (data.indexOf('success') != '-1' ){
$('.alert-danger').remove();
$('.alert-warning').remove();
$("#ajax").html('<div class="alert alert-success">'+data+'</data>');
}
}

Write Preview
Loading…
Cancel
Save