diff --git a/monitor-service-other/src/main/java/com/monitor/other/maliciousip/job/MaliciousIpJob.java b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/job/MaliciousIpJob.java
index 783b209..3ffae4f 100644
--- a/monitor-service-other/src/main/java/com/monitor/other/maliciousip/job/MaliciousIpJob.java
+++ b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/job/MaliciousIpJob.java
@@ -13,6 +13,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import com.alibaba.fastjson.JSON;
import com.monitor.other.maliciousip.MaliciousIpBL;
+import com.monitor.other.maliciousip.service.impl.MaliciousIpToUic;
import com.monitor.other.maliciousip.util.IpWhiteListUtil;
import com.monitor.other.maliciousip.util.RedisReadUtil;
import com.monitor.other.maliciousip.util.RedisWriteUtil;
@@ -70,23 +71,28 @@ public class MaliciousIpJob {
}
List<MaliciousIpBL> listMaliciousIp;
List<MaliciousIpBL> listBlackListIp;
- String yoho_ip = YOHO_INTERNAL_IP;
listMaliciousIp = (List<MaliciousIpBL>) JSON.parseArray(ips_json, MaliciousIpBL.class);
if(CollectionUtils.isNotEmpty(listMaliciousIp)){
listBlackListIp = new ArrayList<>();
for (MaliciousIpBL maliciousIp : listMaliciousIp) {
//过滤白名单
- if(StringUtils.isNotBlank(yoho_ip) && StringUtils.isNoneBlank(maliciousIp.getIp())){
- if(IpWhiteListUtil.getIpWhiteList().contains(maliciousIp.getIp())){
- continue;
- }
- //过滤公司内部ip段
- String []arrIp = StringUtils.split(maliciousIp.getIp(),'.');
- String inIp = arrIp[0] + "." + arrIp[1];
- if(yoho_ip.indexOf(inIp) >= 0){
- continue;
+ if(IpWhiteListUtil.getIpWhiteList().contains(maliciousIp.getIp())){
+ continue;
+ }
+ //过滤公司内部ip段
+ String []arrIp = StringUtils.split(maliciousIp.getIp(),'.');
+ String inIp = arrIp[0] + "." + arrIp[1];
+ boolean isIn = false;
+ String []whiteIp = StringUtils.split(YOHO_INTERNAL_IP,'|');
+ for (String white : whiteIp) {
+ if(white.equals(inIp)){
+ isIn = true;
+ break;
}
}
+ if(isIn){
+ continue;
+ }
//敏感接口比例大于等于99%,且敏感接口QPS大于等于100的值,暂时默认放到黑名单
if((maliciousIp.getImpApiPrecent() >= PERCENT_MAX) && (maliciousIp.getImpCount() >= COUNT_MAX)){
diff --git a/monitor-service-other/src/main/java/com/monitor/other/maliciousip/service/impl/MaliciousIpServiceImpl.java b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/service/impl/MaliciousIpServiceImpl.java
index 2ee10cb..c679c8b 100644
--- a/monitor-service-other/src/main/java/com/monitor/other/maliciousip/service/impl/MaliciousIpServiceImpl.java
+++ b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/service/impl/MaliciousIpServiceImpl.java
@@ -82,7 +82,6 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
if(StringUtils.isBlank(ips_json)){
return response;
}
- String yoho_ip = YOHO_INTERNAL_IP;
listMaliciousIp = (List<MaliciousIp>) JSON.parseArray(ips_json, MaliciousIp.class);
List<MaliciousIp> newlistMaliciousIp = new ArrayList<MaliciousIp>();
if(CollectionUtils.isNotEmpty(listMaliciousIp)){
@@ -90,17 +89,23 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
Date date;
for (MaliciousIp maliciousIp : listMaliciousIp) {
//过滤白名单
- if(StringUtils.isNotBlank(yoho_ip) && StringUtils.isNoneBlank(maliciousIp.getIp())){
- if(IpWhiteListUtil.getIpWhiteList().contains(maliciousIp.getIp())){
- continue;
- }
- //过滤公司内部ip段
- String []arrIp = StringUtils.split(maliciousIp.getIp(),'.');
- String inIp = arrIp[0] + "." + arrIp[1];
- if(yoho_ip.indexOf(inIp) >= 0){
- continue;
+ if(IpWhiteListUtil.getIpWhiteList().contains(maliciousIp.getIp())){
+ continue;
+ }
+ //过滤公司内部ip段
+ String []arrIp = StringUtils.split(maliciousIp.getIp(),'.');
+ String inIp = arrIp[0] + "." + arrIp[1];
+ boolean isIn = false;
+ String []whiteIp = StringUtils.split(YOHO_INTERNAL_IP,'|');
+ for (String white : whiteIp) {
+ if(white.equals(inIp)){
+ isIn = true;
+ break;
}
}
+ if(isIn){
+ continue;
+ }
if(StringUtils.isBlank(maliciousIp.getTimestamp())){
continue;
}
@@ -295,20 +300,31 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
if(StringUtils.isBlank(ips_json)){
return response;
}
- String yoho_ip = configReader.getString(YOHO_WHITE_LIST_IP, YOHO_INTERNAL_IP);
listMaliciousIp = (List<MaliciousIpBL>) JSON.parseArray(ips_json, MaliciousIpBL.class);
List<MaliciousIpBL> newlistMaliciousIp = new ArrayList<>();
if(CollectionUtils.isNotEmpty(listMaliciousIp)){
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Date date;
for (MaliciousIpBL maliciousIp : listMaliciousIp) {
- if(StringUtils.isNotBlank(yoho_ip) && StringUtils.isNoneBlank(maliciousIp.getIp())){
- String []arrIp = StringUtils.split(maliciousIp.getIp(),'.');
- String inIp = arrIp[0] + "." + arrIp[1];
- if(yoho_ip.indexOf(inIp) >= 0){
- continue;
+ //过滤白名单
+ if(IpWhiteListUtil.getIpWhiteList().contains(maliciousIp.getIp())){
+ continue;
+ }
+ //过滤公司内部ip段
+ String []arrIp = StringUtils.split(maliciousIp.getIp(),'.');
+ String inIp = arrIp[0] + "." + arrIp[1];
+ boolean isIn = false;
+ String []whiteIp = StringUtils.split(YOHO_INTERNAL_IP,'|');
+ for (String white : whiteIp) {
+ if(white.equals(inIp)){
+ isIn = true;
+ break;
}
}
+ if(isIn){
+ continue;
+ }
+
if(StringUtils.isBlank(maliciousIp.getTimestamp())){
continue;
}
@@ -342,20 +358,30 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
if(StringUtils.isBlank(ips_json)){
return response;
}
- String yoho_ip = configReader.getString(YOHO_WHITE_LIST_IP, YOHO_INTERNAL_IP);
listMaliciousIp = (List<MaliciousIpCS>) JSON.parseArray(ips_json, MaliciousIpCS.class);
List<MaliciousIpCS> newlistMaliciousIp = new ArrayList<>();
if(CollectionUtils.isNotEmpty(listMaliciousIp)){
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Date date;
for (MaliciousIpCS maliciousIp : listMaliciousIp) {
- if(StringUtils.isNotBlank(yoho_ip) && StringUtils.isNoneBlank(maliciousIp.getIp())){
- String []arrIp = StringUtils.split(maliciousIp.getIp(),'.');
- String inIp = arrIp[0] + "." + arrIp[1];
- if(yoho_ip.indexOf(inIp) >= 0){
- continue;
+ //过滤白名单
+ if(IpWhiteListUtil.getIpWhiteList().contains(maliciousIp.getIp())){
+ continue;
+ }
+ //过滤公司内部ip段
+ String []arrIp = StringUtils.split(maliciousIp.getIp(),'.');
+ String inIp = arrIp[0] + "." + arrIp[1];
+ boolean isIn = false;
+ String []whiteIp = StringUtils.split(YOHO_INTERNAL_IP,'|');
+ for (String white : whiteIp) {
+ if(white.equals(inIp)){
+ isIn = true;
+ break;
}
}
+ if(isIn){
+ continue;
+ }
if(StringUtils.isBlank(maliciousIp.getTimestamp())){
continue;
}
diff --git a/monitor-service-other/src/main/java/com/monitor/other/maliciousip/service/impl/MaliciousIpToUic.java b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/service/impl/MaliciousIpToUic.java
new file mode 100644
index 0000000..0003f86
--- /dev/null
+++ b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/service/impl/MaliciousIpToUic.java
@@ -0,0 +1,77 @@
+package com.monitor.other.maliciousip.service.impl;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.RestTemplate;
+
+/**
+ * 恶意ip to Uic
+ *
+ * @author hui.xu
+ *
+ */
+@Service
+public class MaliciousIpToUic {
+ /**
+ * 日志接口
+ */
+ private Logger logger = LoggerFactory.getLogger(getClass());
+
+ /**
+ * 黑名单失效时间24小时
+ */
+ private static final int MALICIOUS_IP_EXPIRE = 24 * 60 * 60;
+
+ /**
+ * 添加恶意ip
+ */
+ @Value("${add.MaliciousIp}")
+ private String UIC_URL_ADD;
+
+ /**
+ * 溢出恶意ip
+ */
+ @Value("${remove.MaliciousIp}")
+ private String UIC_URL_REMOVE;
+
+ @Autowired
+ private RestTemplate restTemplate;
+
+ /**
+ * 添加恶意ip
+ *
+ * @param ip
+ */
+ public void addMaliciousIp(String ip) {
+ try {
+ if(StringUtils.isBlank(ip)){
+ return;
+ }
+ String url = String.format(UIC_URL_ADD + "?ip=%s&expiretime=%s", ip, MALICIOUS_IP_EXPIRE);
+ restTemplate.getForEntity(url, null);
+ } catch (Exception e) {
+ logger.error(String.format(" - MaliciousIpToUic - addMaliciousIp:{} - error", ip), e);
+ }
+ }
+
+ /**
+ * 溢出恶意
+ *
+ * @param ip
+ */
+ public void removeMaliciousIp(String ip) {
+ try {
+ if(StringUtils.isBlank(ip)){
+ return;
+ }
+ String url = String.format(UIC_URL_REMOVE + "?ip=%s", ip);
+ restTemplate.getForEntity(url, null);
+ } catch (Exception e) {
+ logger.error(String.format(" - MaliciousIpToUic - removeMaliciousIp:{} - error", ip), e);
+ }
+ }
+}
\ No newline at end of file
diff --git a/monitor-service-other/src/main/java/com/monitor/other/maliciousip/util/IpWhiteListUtil.java b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/util/IpWhiteListUtil.java
index 8b62ca7..b0b3506 100644
--- a/monitor-service-other/src/main/java/com/monitor/other/maliciousip/util/IpWhiteListUtil.java
+++ b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/util/IpWhiteListUtil.java
@@ -17,16 +17,10 @@ public class IpWhiteListUtil {
Ip_WhiteList.add("106.38.38.144");
Ip_WhiteList.add("106.38.38.28");
Ip_WhiteList.add("218.94.75.50");
- Ip_WhiteList.add("218.94.75.32");
Ip_WhiteList.add("218.94.75.58");
Ip_WhiteList.add("218.94.75.32");
Ip_WhiteList.add("54.223.94.23");
- Ip_WhiteList.add("54.222.135.182");
Ip_WhiteList.add("54.222.146.59");
- Ip_WhiteList.add("123.206.21.19");
- Ip_WhiteList.add("123.206.73.107");
- Ip_WhiteList.add("123.206.64.25");
- Ip_WhiteList.add("123.206.55.43");
Ip_WhiteList.add("139.199.35.21");
Ip_WhiteList.add("139.199.29.44");
Ip_WhiteList.add("54.222.135.182");
diff --git a/monitor-service-other/src/main/java/com/monitor/other/maliciousip/util/RedisWriteUtil.java b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/util/RedisWriteUtil.java
index 4956005..a3016a1 100644
--- a/monitor-service-other/src/main/java/com/monitor/other/maliciousip/util/RedisWriteUtil.java
+++ b/monitor-service-other/src/main/java/com/monitor/other/maliciousip/util/RedisWriteUtil.java
@@ -2,6 +2,8 @@ package com.monitor.other.maliciousip.util;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
@@ -10,6 +12,8 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.RedisTemplate;
+import com.monitor.other.maliciousip.service.impl.MaliciousIpToUic;
+
/**
* Redis 读 基本操作类
* @author hui.xu
@@ -21,6 +25,9 @@ public class RedisWriteUtil {
*/
private Logger logger = LoggerFactory.getLogger(getClass());
+ @Autowired
+ private MaliciousIpToUic maliciousIpToUic;
+
/**
* Redis String 类型
*/
@@ -47,8 +54,10 @@ public class RedisWriteUtil {
@Qualifier("qq2RedisWriteTemplate")
private RedisTemplate<String, String> qq2Template;
+ private ExecutorService executorService = Executors.newFixedThreadPool(50);
+
/**
- * 获取所有恶意ip集合
+ * 写入恶意ip
* @return
*/
public void setIps(String []ips) {
@@ -57,17 +66,29 @@ public class RedisWriteUtil {
return;
}
//此处用于拦截
- for (String ip : ips) {
+ for (String ip : ips) {
setInRedisApi(aws1Template, MALICIOUS_IP + ip);
setInRedisApi(aws2Template, MALICIOUS_IP + ip);
setInRedisApi(qq1Template, MALICIOUS_IP + ip);
setInRedisApi(qq2Template, MALICIOUS_IP + ip);
+
+ executorService.execute(new Runnable() {
+ @Override
+ public void run() {
+ //向uic中添加恶意ip
+ maliciousIpToUic.addMaliciousIp(MALICIOUS_IP + ip);
+ }
+ });
}
}catch(Exception e){
logger.error(" - RedisWriteUtil - setIps - error", e);
}
}
+ /**
+ * 移除恶意ip
+ * @param ips
+ */
public void delIp(String[] ips){
try{
if((null == ips) || (0 == ips.length)){
@@ -77,6 +98,14 @@ public class RedisWriteUtil {
Collection<String> keys = new ArrayList<String>();
for (int index = 0; index < ips.length; index ++){
keys.add(MALICIOUS_IP + ips[index]);
+ String ip = ips[index];
+ executorService.execute(new Runnable() {
+ @Override
+ public void run() {
+ //向uic中添加恶意ip
+ maliciousIpToUic.removeMaliciousIp(MALICIOUS_IP + ip);
+ }
+ });
}
//此处用于拦截
delInRedisApi(aws1Template, keys);
diff --git a/monitor-service-other/src/main/resources/META-INF/spring/spring-info.xml b/monitor-service-other/src/main/resources/META-INF/spring/spring-info.xml
index 38704c0..d347aa8 100644
--- a/monitor-service-other/src/main/resources/META-INF/spring/spring-info.xml
+++ b/monitor-service-other/src/main/resources/META-INF/spring/spring-info.xml
@@ -1,9 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
-
+ http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-3.1.xsd">
+
<bean id="dnsConfig" class="com.monitor.other.dns.common.DNSConfig">
<constructor-arg name="url" value="${dns.config.url}" />
<constructor-arg name="dnsApiUrl" value="${dns.config.api.url}" />
@@ -14,7 +17,7 @@
</bean>
<bean id="maliciousIpJob" class="com.monitor.other.maliciousip.job.MaliciousIpJob"
- init-method="init">
+ >
</bean>
<bean id="redisReadUtil" class="com.monitor.other.maliciousip.util.RedisReadUtil" />
@@ -106,4 +109,37 @@
p:keySerializer-ref="stringRedisSerializer" p:valueSerializer-ref="stringRedisSerializer"
p:hashKeySerializer-ref="stringRedisSerializer"
p:hashValueSerializer-ref="stringRedisSerializer" />
+
+ <!-- 配置RestTemplate -->
+ <!--Http client Factory-->
+ <bean id="httpClientFactory" class="org.springframework.http.client.SimpleClientHttpRequestFactory">
+ <property name="connectTimeout" value="${connectTimeout}" />
+ <property name="readTimeout" value="${readTimeout}" />
+ </bean>
+
+ <!--RestTemplate-->
+ <bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
+ <constructor-arg ref="httpClientFactory" />
+ <property name="messageConverters">
+ <list>
+ <bean class="org.springframework.http.converter.ByteArrayHttpMessageConverter" />
+ <bean class="org.springframework.http.converter.StringHttpMessageConverter">
+ <property name="supportedMediaTypes">
+ <list>
+ <value>text/plain;charset=UTF-8</value>
+ <value>text/html;charset=UTF-8</value>
+ <value>text/xml;charset=GBK</value>
+ <value>application/json;charset=UTF-8</value>
+ </list>
+ </property>
+ </bean>
+ <bean class="org.springframework.http.converter.ResourceHttpMessageConverter" />
+ <bean class="org.springframework.http.converter.FormHttpMessageConverter" />
+ <bean class="com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter">
+ <property name="supportedMediaTypes" value="application/json;charset=UTF-8" />
+ </bean>
+ </list>
+ </property>
+ </bean>
+ <!-- 配置RestTemplate -->
</beans>
\ No newline at end of file
diff --git a/monitor-service-web/src/main/resources/product/config.properties b/monitor-service-web/src/main/resources/product/config.properties
index 8f6b6b6..0b84136 100644
--- a/monitor-service-web/src/main/resources/product/config.properties
+++ b/monitor-service-web/src/main/resources/product/config.properties
@@ -26,4 +26,12 @@ malicious.ip.redis.write.qq.host1=10.66.0.3
malicious.ip.redis.write.qq.host2=10.66.0.2
malicious.ip.redis.write.aws.host1=172.31.20.188
malicious.ip.redis.write.aws.host2=172.31.20.187
-malicious.ip.redis.write.port=6379
\ No newline at end of file
+malicious.ip.redis.write.port=6379
+
+#restTemplate
+connectTimeout=5000
+readTimeout=10000
+
+#uic url
+add.MaliciousIp=http://uic.yohoops.org/uic/addMaliciousIp
+remove.MaliciousIp=http://uic.yohoops.org/uic/removeMaliciousIp
\ No newline at end of file
diff --git a/monitor-service-web/src/main/resources/test/config.properties b/monitor-service-web/src/main/resources/test/config.properties
index 8f8f4b2..8d0880e 100644
--- a/monitor-service-web/src/main/resources/test/config.properties
+++ b/monitor-service-web/src/main/resources/test/config.properties
@@ -28,4 +28,12 @@ malicious.ip.redis.write.qq.host1=192.168.102.22
malicious.ip.redis.write.qq.host2=192.168.102.22
malicious.ip.redis.write.aws.host1=192.168.102.22
malicious.ip.redis.write.aws.host2=192.168.102.22
-malicious.ip.redis.write.port=6379
\ No newline at end of file
+malicious.ip.redis.write.port=6379
+
+#restTemplate
+connectTimeout=5000
+readTimeout=10000
+
+#uic url
+add.MaliciousIp=http://172.16.6.237:8096/uic/addMaliciousIp
+remove.MaliciousIp=http://172.16.6.237:8096/uic/removeMaliciousIp
\ No newline at end of file
diff --git a/monitor-service-web/src/main/resources/test/databases.yml b/monitor-service-web/src/main/resources/test/databases.yml
index 7d84e69..7c0d062 100644
--- a/monitor-service-web/src/main/resources/test/databases.yml
+++ b/monitor-service-web/src/main/resources/test/databases.yml
@@ -1,8 +1,8 @@
datasources:
yh_ops:
servers:
- - 172.16.6.243:3306
- - 172.16.6.243:3306
+ - 172.16.6.61:3306
+ - 172.16.6.61:3306
username: root
password: t5/oMgwUCmO/GeMHBAQ2Cg==
diff --git a/monitor-service-web/src/main/resources/test/jdbc.properties b/monitor-service-web/src/main/resources/test/jdbc.properties
index 04faa8b..8a29678 100644
--- a/monitor-service-web/src/main/resources/test/jdbc.properties
+++ b/monitor-service-web/src/main/resources/test/jdbc.properties
@@ -1,5 +1,5 @@
#---------jdbc config----------
-local.jdbc.url=jdbc:mysql://172.16.6.243:3306/yh_ops?characterEncoding=utf-8&autoReconnect=true&zeroDateTimeBehavior=convertToNull
+local.jdbc.url=jdbc:mysql://172.16.6.61:3306/yh_ops?characterEncoding=utf-8&autoReconnect=true&zeroDateTimeBehavior=convertToNull
local.jdbc.user=root
local.jdbc.password=123456
#---------jdbc config----------
\ No newline at end of file