public bool OpenRateLimit(string url, int threshold, int period, out AuditLogEntity errorLog) { var zoneTableId = ZoneBusiness.GetZoneByZoneId(_zoneId).TableID; errorLog = null; var ratelimit = GetRateLimitRule(url, threshold, period); if (null != ratelimit) { ratelimit.Disabled = false; var response = UpdateRateLimit(ratelimit); if (!response.success) { errorLog = new AuditLogEntity(zoneTableId, LogLevel.Error, $"Open rate limiting rule of Cloudflare failure,the reason is:[{(null != response.errors && response.errors.Length > 0 ? response.errors[0].message : "No error message from Cloudflare.")}].<br />"); } return(response.success); } else { var response = CreateRateLimit(new CloudflareRateLimitRule(url, threshold, period, $"[Auto Prevention] {url}")); if (!response.success) { errorLog = new AuditLogEntity(zoneTableId, LogLevel.Error, $"Create rate limiting rule of Cloudflare failure,the reason is:[{(response.errors !=null && response.errors .Length > 0 ? response.errors[0].message : "No error message from Cloudflare.")}].<br />"); } return(response.success); } }
private void TestingEnvironment() { List <SmtpQueue> smtpQueues = SmtpQueueBusiness.GetList(); SmtpQueue lastReport = smtpQueues.OrderBy(a => a.Id).LastOrDefault(); DateTime date = Convert.ToDateTime(DateTime.Now.AddDays(-1).ToString("MM/dd/yyyy 00:00:00")); string title = date.ToString("MM/dd/yyyy 23"); if (lastReport != null && lastReport.Title == title) { //已经生成了报表 } else { string lastTitle = lastReport?.Title; if (string.IsNullOrEmpty(lastTitle)) { title = date.ToString("MM/dd/yyyy HH"); } else { DateTime lastDate = DateTime.Parse(lastTitle.Contains(" ") ? lastTitle + ":00:00" : lastTitle); date = lastDate.AddHours(1); title = date.ToString("MM/dd/yyyy HH"); } //// 每天9开始统计前一天的数据 //if (DateTime.Now > Convert.ToDateTime(DateTime.Now.ToString("yyyy-MM-dd 09:00:00"))) //{ List <ZoneEntity> zoneEntities = ZoneBusiness.GetZoneList().Where(a => a.IfEnable).ToList(); if (zoneEntities != null && zoneEntities.Count > 0) { foreach (ZoneEntity zone in zoneEntities) { CreateActiveReportZoneTesting(zone, date); } //插入邮件发送队列 SmtpQueueBusiness.Add(new SmtpQueue { Title = title, Status = 0, CreatedTime = DateTime.Now, SendedTime = DateTime.Now, Remark = "", }); } } //} }
public List <CloudflareLog> GetLogs(DateTime start, DateTime end, double sample, out bool retry) { var zoneTableId = ZoneBusiness.GetZoneByZoneId(_zoneId).TableID; retry = false; var cloudflareLogs = new List <CloudflareLog>(); try { string fields = "RayID,ClientIP,ClientRequestHost,ClientRequestMethod,ClientRequestURI,EdgeEndTimestamp,EdgeResponseBytes,EdgeResponseStatus,EdgeStartTimestamp,CacheResponseStatus,ClientRequestBytes,CacheCacheStatus,OriginResponseStatus,OriginResponseTime"; string startTime = GetUTCTimeString(start); string endTime = GetUTCTimeString(end); string url = "{5}/zones/{0}/logs/received?start={1}&end={2}&fields={3}&sample={4}"; url = string.Format(url, _zoneId, startTime, endTime, fields, sample, _apiUrlPrefix); string content = HttpGet(url, 240); if (content.Contains(@"""success"":false")) { if (content.Contains("429 Too Many Requests")) { retry = true; } else { var errorResponse = JsonConvert.DeserializeObject <CloudflareLogErrorResponse>(content); AuditLogBusiness.Add(new AuditLogEntity(zoneTableId, LogLevel.Error, $"Got logs failure, the reason is:[{ (errorResponse.Errors.Count > 0 ? errorResponse.Errors[0].Message : "No error message from Cloudflare.")}].")); } } else { content = content.Replace("\"}", "\"},"); cloudflareLogs = JsonConvert.DeserializeObject <List <CloudflareLog> >($"[{content}]"); cloudflareLogs.RemoveAll(x => (null != x.CacheCacheStatus && x.CacheCacheStatus.ToLower().Equals("hit")) || 0 == x.OriginResponseStatus); } return(cloudflareLogs); } catch (Exception ex) { retry = true; AuditLogBusiness.Add(new AuditLogEntity(zoneTableId, LogLevel.Error, $"Got logs failure, the reason is:[{ex.Message}]. <br />stack trace:{ex.StackTrace}].")); return(cloudflareLogs); } }
private string GeneratedMail(string title) { StringBuilder mail = new StringBuilder(); SmtpQueue smtpQueue = SmtpQueueBusiness.GetByTitle(title); if (smtpQueue != null && smtpQueue.Id > 0) { mail.AppendLine("<div id=\"mail\">"); List <ActionReport> actionReports = ActionReportBusiness.GetListByTitle(title); List <ZoneEntity> zoneEntities = ZoneBusiness.GetZoneList().Where(a => a.IfEnable).ToList(); foreach (ZoneEntity zone in zoneEntities) { List <ActionReport> subActionReports = actionReports.Where(a => a.ZoneId == zone.ZoneId && a.Mode == "Action").ToList(); string body = CreateMainZone(zone.ZoneName, subActionReports); mail.Append(body); } mail.AppendLine("</div>"); } return(mail.ToString()); }
private void ProductionEnvironment() { List <SmtpQueue> smtpQueues = SmtpQueueBusiness.GetList(); SmtpQueue lastReport = smtpQueues.OrderBy(a => a.Id).LastOrDefault(); DateTime date = DateTime.Now.AddDays(-1); string title = date.ToString("MM/dd/yyyy"); if (lastReport != null && lastReport.Title == title) { //已经生成了报表 } else { //// 每天9开始统计前一天的数据 //if (DateTime.Now > Convert.ToDateTime(DateTime.Now.ToString("yyyy-MM-dd 09:00:00"))) //{ List <ZoneEntity> zoneEntities = ZoneBusiness.GetZoneList().Where(a => a.IfEnable).ToList(); if (zoneEntities != null && zoneEntities.Count > 0) { foreach (ZoneEntity zone in zoneEntities) { CreateActiveReportZoneProduction(zone, date); } //插入邮件发送队列 SmtpQueueBusiness.Add(new SmtpQueue { Title = title, Status = 0, CreatedTime = DateTime.Now, SendedTime = DateTime.Now, Remark = "", }); } } //} }
private void Analyze(AnalyzeResult analyzeResult) { if (analyzeResult != null && analyzeResult.result != null) { List <AuditLogEntity> auditLogEntities = new List <AuditLogEntity>(); string key = "AnalyzeRatelimit_GetZoneList_Key"; List <ZoneEntity> zoneList = Utils.GetMemoryCache(key, () => { return(ZoneBusiness.GetZoneList()); }, 1440); string zoneID = analyzeResult.ZoneId; var zone = zoneList.FirstOrDefault(a => a.ZoneId == zoneID); if (zone != null) { string authEmail = zone.AuthEmail; string authKey = zone.AuthKey; var cloudflare = new CloudFlareApiService(zone.ZoneId, zone.AuthEmail, zone.AuthKey); //发送警报 Warn(analyzeResult); //开启RateLimit var logs = OpenRageLimit(zone, cloudflare, analyzeResult); auditLogEntities.AddRange(logs); //Ban IP //logs = BanIp(zone, cloudflare, analyzeResult); //auditLogEntities.AddRange(logs); //记录日志 InsertLogs(auditLogEntities); } } }
private void Warn(AnalyzeResult analyzeResult) { // 发送警报 ZoneBusiness.UpdateAttackFlag(true, analyzeResult.ZoneId); }