JoshS/Cloudflare-WAF-To-AbuseIPDB
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

1.1.3

Browse source
This commit is contained in:
Sefinek 2024-09-14 13:18:11 +02:00
parent 8b8fc14dd1
commit 35b163c871
5 changed files with 15 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
index.js
View file

@ -48,19 +48,19 @@ const isIPReportedRecently = (rayId, ip, reportedIPs) => {
const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErrorCounts) => { const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErrorCounts) => {
const uri = `${hostname}${endpoint}`; const uri = `${hostname}${endpoint}`;
if (!uri) { if (!uri) {
logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'MISSING_URI'); logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'MISSING_URI');
log('warn', `Missing URL ${event.clientIP}; URI: ${uri}`); log('warn', `Missing URL ${event.clientIP}; URI: ${uri}`);
return false; return false;
} }
if (event.clientIP === clientIp.address) { if (event.clientIP === clientIp.address) {
logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'YOUR_IP_ADDRESS'); logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'YOUR_IP_ADDRESS');
log('log', `Your IP address (${event.clientIP}) was unexpectedly received from Cloudflare. URI: ${uri}; Ignoring...`); log('log', `Your IP address (${event.clientIP}) was unexpectedly received from Cloudflare. URI: ${uri}; Ignoring...`);
return false; return false;
} }
if (uri.length > MAX_URL_LENGTH) { if (uri.length > MAX_URL_LENGTH) {
logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'URI_TOO_LONG'); logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'URI_TOO_LONG');
log('log', `URL too long ${event.clientIP}; URI: ${uri}`); log('log', `URL too long ${event.clientIP}; URI: ${uri}`);
return false; return false;
} }
@ -72,13 +72,13 @@ const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErro
comment: generateComment(event) comment: generateComment(event)
}, { headers: headers.ABUSEIPDB }); }, { headers: headers.ABUSEIPDB });
logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'REPORTED'); logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'REPORTED');
log('log', `Reported ${event.clientIP}; URI: ${uri}`); log('log', `Reported ${event.clientIP}; URI: ${uri}`);
return true; return true;
} catch (err) { } catch (err) {
if (err.response?.status === 429) { if (err.response?.status === 429) {
logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'TOO_MANY_REQUESTS'); logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'TOO_MANY_REQUESTS');
log('log', `Rate limited while reporting ${event.clientIP} (${event.rayName}); Endpoint: ${endpoint}`); log('log', `Rate limited while reporting ${event.clientIP} (${event.rayName}); Endpoint: ${endpoint}`);
cycleErrorCounts.blocked++; cycleErrorCounts.blocked++;
} else { } else {

4
package-lock.json generated
View file

@ -1,12 +1,12 @@
{ {
"name": "cf-waf-to-abuseipdb", "name": "cf-waf-to-abuseipdb",
"version": "1.1.2", "version": "1.1.3",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "cf-waf-to-abuseipdb", "name": "cf-waf-to-abuseipdb",
"version": "1.1.2", "version": "1.1.3",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"axios": "^1.7.7", "axios": "^1.7.7",

2
package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "cf-waf-to-abuseipdb", "name": "cf-waf-to-abuseipdb",
"version": "1.1.2", "version": "1.1.3",
"description": "A Node.js project that enables automatic reporting of incidents detected by Cloudflare WAF to the AbuseIPDB database.", "description": "A Node.js project that enables automatic reporting of incidents detected by Cloudflare WAF to the AbuseIPDB database.",
"keywords": [ "keywords": [
"abuseipdb", "abuseipdb",

11
scripts/csv.js
View file

@ -4,7 +4,7 @@ const log = require('./log.js');
const CSV_FILE_PATH = path.join(__dirname, '..', 'reported_ips.csv'); const CSV_FILE_PATH = path.join(__dirname, '..', 'reported_ips.csv');
const MAX_CSV_SIZE_BYTES = 4 * 1024 * 1024; // 4 MB const MAX_CSV_SIZE_BYTES = 4 * 1024 * 1024; // 4 MB
const CSV_HEADER = 'Timestamp,CF RayID,IP,Country,Hostname,Endpoint,User-Agent,Action,SefinekAPI\n'; const CSV_HEADER = 'Timestamp,CF RayID,IP,Country,Hostname,Endpoint,User-Agent,Action taken,Status,Sefinek API\n';
if (!fs.existsSync(CSV_FILE_PATH)) fs.writeFileSync(CSV_FILE_PATH, CSV_HEADER); if (!fs.existsSync(CSV_FILE_PATH)) fs.writeFileSync(CSV_FILE_PATH, CSV_HEADER);
@ -21,9 +21,9 @@ const escapeCSVValue = value => {
return value || ''; return value || '';
}; };
const logToCSV = (rayId, ip, country, hostname, endpoint, useragent, action, sefinekAPI) => { const logToCSV = (rayId, ip, country = 'N/A', hostname, endpoint, useragent, actionTaken = 'N/A', status = 'N/A', sefinekAPI) => {
checkCSVSize(); checkCSVSize();
const logLine = `${new Date().toISOString()},${rayId},${ip},${country || 'N/A'},${hostname},${escapeCSVValue(endpoint)},${escapeCSVValue(useragent)},${action},${sefinekAPI || false}`; const logLine = `${new Date().toISOString()},${rayId},${ip},${country},${hostname},${escapeCSVValue(endpoint)},${escapeCSVValue(useragent)},${actionTaken.toUpperCase()},${status},${sefinekAPI || false}`;
fs.appendFileSync(CSV_FILE_PATH, logLine + '\n'); fs.appendFileSync(CSV_FILE_PATH, logLine + '\n');
}; };
@ -48,7 +48,8 @@ const readReportedIPs = () => {
endpoint: parts[5], endpoint: parts[5],
useragent: parts[6].replace(/(^"|"$)/g, ''), useragent: parts[6].replace(/(^"|"$)/g, ''),
action: parts[7], action: parts[7],
sefinekAPI: parts[8] === 'true' status: parts[8],
sefinekAPI: parts[9] === 'true'
}; };
}) })
.filter(item => item !== null); .filter(item => item !== null);
@ -66,7 +67,7 @@ const updateSefinekAPIInCSV = (rayId, reportedToSefinekAPI) => {
const updatedLines = lines.map(line => { const updatedLines = lines.map(line => {
const parts = line.split(/,(?=(?:[^"]*"[^"]*")*[^"]*$)/g); const parts = line.split(/,(?=(?:[^"]*"[^"]*")*[^"]*$)/g);
if (parts.length >= 9 && parts[1] === rayId) { if (parts.length >= 9 && parts[1] === rayId) {
parts[8] = reportedToSefinekAPI; parts[9] = reportedToSefinekAPI;
return parts.join(','); return parts.join(',');
} }
return line; return line;

2
scripts/sefinekAPI.js
View file

@ -5,7 +5,7 @@ const log = require('./log.js');
const SEFINEK_API_URL = process.env.SEFINEK_API_URL || `${process.env.NODE_ENV === 'production' ? 'https://api.sefinek.net' : 'http://127.0.0.1:4010'}/api/v2/cloudflare-waf-abuseipdb/post`; const SEFINEK_API_URL = process.env.SEFINEK_API_URL || `${process.env.NODE_ENV === 'production' ? 'https://api.sefinek.net' : 'http://127.0.0.1:4010'}/api/v2/cloudflare-waf-abuseipdb/post`;
module.exports = async () => { module.exports = async () => {
const reportedIPs = readReportedIPs().filter(ip => ip.action === 'REPORTED' && !ip.sefinekAPI); const reportedIPs = readReportedIPs().filter(ip => ip.status === 'REPORTED' && !ip.sefinekAPI);
if (reportedIPs.length === 0) return log('log', 'No IPs with `action Reported` and `SefinekAPI false` to send to Sefinek API'); if (reportedIPs.length === 0) return log('log', 'No IPs with `action Reported` and `SefinekAPI false` to send to Sefinek API');
const uniqueLogs = reportedIPs.reduce((acc, ip) => { const uniqueLogs = reportedIPs.reduce((acc, ip) => {