Go 基于主机地址的http请求速率限制
我使用Go开发了一个HTTP服务器。现在我想实现一个速率限制器,这样我可以检查来自特定IP的HTTP请求是否在1分钟内发送超过10个HTTP请求,我可以将该IP放入一个阻止列表中一段时间,比如(1小时)同时,同一用户在阻塞期间发送请求,我将从HTTP服务器发送429错误响应 我已经为此编写了一个代码,但在这方面我能够阻止IP地址,但在这方面,它解除了所有IP的1小时后的时间。我期待先到先解锁Go 基于主机地址的http请求速率限制,go,rate-limiting,Go,Rate Limiting,我使用Go开发了一个HTTP服务器。现在我想实现一个速率限制器,这样我可以检查来自特定IP的HTTP请求是否在1分钟内发送超过10个HTTP请求,我可以将该IP放入一个阻止列表中一段时间,比如(1小时)同时,同一用户在阻塞期间发送请求,我将从HTTP服务器发送429错误响应 我已经为此编写了一个代码,但在这方面我能够阻止IP地址,但在这方面,它解除了所有IP的1小时后的时间。我期待先到先解锁 Package main import ( "log" "net/http"
Package main
import (
"log"
"net/http"
"strings"
"time"
)
func main() {
fs := http.FileServer(http.Dir("./html/"))
http.Handle("/", fs)
log.Println("Listening..")
go clearLastRequestsIPs()
go clearBlockedIPs()
err := http.ListenAndServe(":8080", middleware(nil))
if err != nil {
log.Fatalln(err)
}
}
// Stores last requests IPs
var lastRequestsIPs []string
// Block IP for 1 hours
var blockedIPs []string
func middleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ipAddr := strings.Split(r.RemoteAddr, ":")[0]
if existsBlockedIP(ipAddr) {
http.Error(w, "", http.StatusTooManyRequests)
return
}
// how many requests the current IP made in last 5 mins
requestCounter := 0
for _, ip := range lastRequestsIPs {
if ip == ipAddr {
requestCounter++
}
}
if requestCounter >= 1000 {
blockedIPs = append(blockedIPs, ipAddr)
http.Error(w, "", http.StatusTooManyRequests)
return
}
lastRequestsIPs = append(lastRequestsIPs, ipAddr)
if next == nil {
http.DefaultServeMux.ServeHTTP(w, r)
return
}
next.ServeHTTP(w, r)
})
}
func existsBlockedIP(ipAddr string) bool {
for _, ip := range blockedIPs {
if ip == ipAddr {
return true
}
}
return false
}
func existsLastRequest(ipAddr string) bool {
for _, ip := range lastRequestsIPs {
if ip == ipAddr {
return true
}
}
return false
}
// Clears lastRequestsIPs array every 1 hrs
func clearLastRequestsIPs() {
for {
lastRequestsIPs = []string{}
time.Sleep(time.Hour * 1)
}
}
// Clears blockedIPs array every 1 hours
func clearBlockedIPs() {
for {
blockedIPs = []string{}
time.Sleep(time.Hour * 1)
}
}
您可以使用如下中间件:
type Limiter struct {
ipCount map[string]int
sync.Mutex
}
var limiter Limiter
func init() {
limiter.ipCount = make(map[string]int)
}
func limit(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Get the IP address for the current user.
ip, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
log.Println(err.Error())
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
return
}
// Get the # of times the visitor has visited in the last 60 seconds
limiter.Lock()
count, ok := limiter.ipCount[ip]
if !ok {
limiter.ipCount[ip] = 0
}
if count > 10 {
limiter.Unlock()
http.Error(w, http.StatusText(429), http.StatusTooManyRequests)
return
} else {
limiter.ipCount[ip]++
}
time.AfterFunc(time.Second * 60, func() {
limiter.Lock()
limiter.ipCount[ip]--
limiter.Unlock()
})
if limiter.ipCount[ip] == 10 {
// set it to 20 so the decrement timers will only decrease it to
// 10, and they stay blocked until the next timer resets it to 0
limiter.ipCount[ip] = 20
time.AfterFunc(time.Hour, func() {
limiter.Lock()
limiter.ipCount[ip] = 0
limiter.Unlock()
})
}
limiter.Unlock()
next.ServeHTTP(w, r)
})
}
使用golang.org/x/time/rate包中的
rate.NewLimiter()
。您没有存储IP被阻止或应该被解除阻止的时间。创建由IP和解除阻止时间组成的类型。将新阻止的IP放入该类型的数组(顺便说一句,应该通过互斥锁保护该数组!),每隔几秒钟在该数组上迭代一次,删除过期的阻止IP。这是一种非常幼稚的方法,但应该有效。正确的选择是为每个被阻止的IP设置一个时间计时器,在1h后将其移除。在服务器重新启动的情况下,您可能也希望保留被阻止的IP。此“if limiter.ipCount==10{”处的映射和int错误不匹配