GithubBackup/IP-Sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security(agent): Webhook 引入 ThreadingMixIn 升级为多线程并发模型,彻底免疫 Slowloris 慢速网络耗尽攻击 (v3.0.3-part4)

Browse Source
This commit is contained in:
hotyue
2026-04-11 00:34:53 +00:00
parent 62deadda1e
commit 27ebcfd418
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
core/agent_daemon.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# ========================================================== # ==========================================================
# 脚本名称: agent_daemon.sh (受控节点 Webhook 守护进程 V2.0) # 脚本名称: agent_daemon.sh (受控节点 Webhook 守护进程 V3.0.3)
# 核心功能: 智能防打扰注册、进程自检、模块级路由分发(403拦截) # 核心功能: 智能防打扰注册、进程自检、模块级路由分发(403拦截)
# ========================================================== # ==========================================================
@@ -182,16 +182,18 @@ class AgentHandler(http.server.BaseHTTPRequestHandler):
pass pass
import socket import socket
# [v3.0.1修复] 自定义支持双栈/IPv6的 Server 类 # ================== [v3.0.3 变更: 引入多线程模型抵抗 Slowloris 攻击] ==================
class DualStackServer(socketserver.TCPServer): class ThreadedDualStackServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
allow_reuse_address = True # 开启端口复用,防止热重启时端口冲突
address_family = socket.AF_INET6 if socket.has_ipv6 else socket.AF_INET address_family = socket.AF_INET6 if socket.has_ipv6 else socket.AF_INET
try: try:
bind_addr = "::" if socket.has_ipv6 else "" bind_addr = "::" if socket.has_ipv6 else ""
with DualStackServer((bind_addr, PORT), AgentHandler) as httpd: with ThreadedDualStackServer((bind_addr, PORT), AgentHandler) as httpd:
httpd.serve_forever() httpd.serve_forever()
except Exception as e: except Exception as e:
sys.exit(1) sys.exit(1)
# ====================================================================================
EOF EOF
# --- [重点升级 3: 真正的静默后台启动] --- # --- [重点升级 3: 真正的静默后台启动] ---