In application development, prohibiting frequent access is a key security measure that can help you prevent various attacks, such as DDOS attacks. This article will introduce how to use Golang to write a simple program to prohibit frequent access to IP addresses.
Implementation ideas
The implementation method of prohibiting frequent access of IP addresses is mainly achieved by limiting the number of accesses to each IP address. The specific ideas are as follows:
Code implementation
The following is a code example using Golang to implement the above idea:
package main import ( "fmt" "net" "sync" "time" ) const ( MaxRequestsPerIP = 10 // 每个IP最大请求数 BlacklistTimeout = 60 * 5 // 黑名单超时时间(秒) ) type IPRequests struct { Requests int // 请求计数器 LastAccess time.Time // 最后一次访问时间 } var ( lock sync.RWMutex ipRequestMap = make(map[string]*IPRequests) blacklist = make(map[string]time.Time) ) // 判断IP是否在黑名单内 func isBlacklisted(ip string) bool { lock.RLock() defer lock.RUnlock() if blacklistedTime, ok := blacklist[ip]; ok { if time.Since(blacklistedTime) < time.Second*BlacklistTimeout { return true } else { // 超时,从黑名单中删除 lock.Lock() delete(blacklist, ip) lock.Unlock() } } return false } // 记录IP访问次数 func recordIPRequest(ip string) { lock.Lock() defer lock.Unlock() req, ok := ipRequestMap[ip] if !ok { req = &IPRequests{} ipRequestMap[ip] = req } req.Requests++ req.LastAccess = time.Now() // 如果IP访问次数过多,将其列入黑名单 if req.Requests > MaxRequestsPerIP { blacklist[ip] = time.Now() } } // 启动HTTP服务器 func StartHttpServer() { http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { ip, _, _ := net.SplitHostPort(r.RemoteAddr) // 如果IP地址在黑名单内,则拒绝访问 if isBlacklisted(ip) { http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden) return } // 记录IP地址的访问次数 recordIPRequest(ip) // 处理请求 fmt.Fprintf(w, "Hello, %s!", r.URL.Path[1:]) }) http.ListenAndServe(":8080", nil) } func main() { StartHttpServer() }
In the above code, we use a map (ipRequestMap) to record The number of visits to each IP address, a map (blacklist) to store blacklist information. When an IP address accesses our application, we first check whether the IP address is in the blacklist, and if so, return 403 Access Forbidden. If not, record the number of visits to the IP address. When the number of visits to an IP address exceeds the specified threshold (MaxRequestsPerIP), we blacklist the IP address and prohibit access to our application.
In the isBlacklisted() function, we determine whether an IP is in the blacklist. If so, return true, telling the StartHttpServer() function that we should reject requests from that IP. At the same time, if the IP has exceeded the blacklist timeout (BlacklistTimeout), it will be deleted from the blacklist.
In the recordIPRequest() function, we use RWMutex (RW mutex lock) to ensure concurrency safety. This function is used to record the number of times an IP address is accessed. If the IP reaches the limit we set, it will be blacklisted.
Summary
The method to use Golang to ban frequent IP access is very simple. We only need to implement a counter and a blacklist. But in practice, we need to set appropriate thresholds according to our own needs. In the example of this article, we use two thresholds: the maximum number of requests (MaxRequestsPerIP) and the blacklist timeout (BlacklistTimeout). In practice, you can set a more appropriate threshold according to the specific situation.
The above is the detailed content of How to implement ban on frequent IP access in Golang. For more information, please follow other related articles on the PHP Chinese website!