frp Log duration of each connection

Log duration of each connection, which may be used to indentify Brute_Force_Attack inside frps sever. #2915

Apr 27 '22 09:04 berlin2123

I do not know how to check if it is a http connection. So any one help rewrite this code?

	if it_is_not_a_http_connection {
		xl.Info("connections closed, it remains [%d]seconds, [%s]", connection_duration, userConn.RemoteAddr().String() )
	}

Apr 28 '22 00:04 berlin2123

However, it will be better to add a new key_word in frps.ini to set what kind of connection should Log its connection time. example:

LogConnTime := "ssh, rdp"
Then, 
if it_is_a_type_inside_LogConnTime(such_as_its_name_is_"ssh_32"_or_"rdp_ddd“)  {
    xl.Info("connections closed, it remains [%d]seconds, [%s]", connection_duration, userConn.RemoteAddr().String() )
}

Apr 28 '22 00:04 berlin2123

If do not care about the size of log file, just Merge now. In fact, adding this to output log, doesn't make the logfile much too large.

Apr 28 '22 09:04 berlin2123

PRs go stale after 30d of inactivity. Stale PRs rot after an additional 7d of inactivity and eventually close.

May 29 '22 00:05 github-actions[bot]

Please Merge

May 29 '22 01:05 berlin2123

this is OK now.

log the duration of each connection for the connection type identified by its name
examples, setting this in frps.ini
   'log_duration_types = ssh,rdp', it will log the duration for connection name has string 'ssh' or 'rdp'.
   'log_duration_types = all',    it will log the duration for all connections.

Jun 12 '22 10:06 berlin2123

PRs go stale after 30d of inactivity. Stale PRs rot after an additional 7d of inactivity and eventually close.

Aug 18 '22 00:08 github-actions[bot]

@fatedier PULL or not? Do not waiting for the inactivity timeout and close.

Aug 18 '22 05:08 berlin2123

PRs go stale after 30d of inactivity. Stale PRs rot after an additional 7d of inactivity and eventually close.

Sep 19 '22 00:09 github-actions[bot]

Fail2ban identied many attack in my frps server:

[root@hostname ~]# grep Ban /var/log/fail2ban.log*
/var/log/fail2ban.log-20220911:2022-09-08 18:32:41,439 fail2ban.actions        [1328]: NOTICE  [frps-ssh] Ban 159.89.*.*
/var/log/fail2ban.log-20220918:2022-09-16 17:46:51,543 fail2ban.actions        [1328]: NOTICE  [frps-rdp] Ban 117.184.*.*

Sep 24 '22 03:09 berlin2123

@fatedier you can approval now. I chaged the files to fellow gofmt a few minus age.

Oct 13 '22 02:10 berlin2123

需求和理由 1、暴露服务到公网的需求：教会所有rdp/ssh等用户去使用stcp，并不现实。比如你的老板，导师，以及很少使用这些功能的朋友，同事。因此总会暴露部分服务到公网端口上，并承受相关风险。 2、服务端防护？Windows端的暴力破解防护，不知道在哪，日志发现，每隔2-3分钟就会出现一次rdp登录错误，持续几个小时，window防火墙没有丝毫反应。sshd端防护的话，需要proxy_protocol外加 mmproxy，配置繁杂。 3、frps服务器端，利用fail2ban 检测那些重复性的“持续时间很短”的frp连接，屏蔽容易很多，而且屏蔽掉那些暴力破解流量后，frps的资源占用也会少很多。

Oct 13 '22 03:10 berlin2123

PRs go stale after 30d of inactivity. Stale PRs rot after an additional 7d of inactivity and eventually close.

Nov 13 '22 00:11 github-actions[bot]

Any one who want to log the duration of each connection, could using the 'LogDuration'-named Tags in my forks : https://github.com/berlin2123/frp/tags

ReadME for user: (seeing the frps_full.ini file) log the duration of each connection for the connection type identified by its name examples, 'log_duration_types = ssh,rdp', it will log the duration for connection name has string 'ssh' or 'rdp'. 'log_duration_types = all', it will log the duration for all connections.

Nov 14 '22 02:11 berlin2123

PRs go stale after 30d of inactivity. Stale PRs rot after an additional 7d of inactivity and eventually close.

Dec 17 '22 00:12 github-actions[bot]