From b59265218d8a1126cc3eb36768ddbaa659e0503f Mon Sep 17 00:00:00 2001 From: Sefinek Date: Thu, 5 Sep 2024 16:46:22 +0200 Subject: [PATCH] From now on, the code will no longer report WAF violations originating from your IP address --- index.js | 23 +++++++++++++++-------- package-lock.json | 4 ++-- package.json | 2 +- scripts/clientIp.js | 22 ++++++++++++++++++++++ services/axios.js | 7 +++++++ 5 files changed, 47 insertions(+), 11 deletions(-) create mode 100644 scripts/clientIp.js create mode 100644 services/axios.js diff --git a/index.js b/index.js index 2538f7e..9b9a569 100644 --- a/index.js +++ b/index.js @@ -1,14 +1,14 @@ require('dotenv').config(); -const axios = require('axios'); +const { axios, moduleVersion } = require('./services/axios.js'); const PAYLOAD = require('./scripts/payload.js'); const generateComment = require('./scripts/generateComment.js'); const isImageRequest = require('./scripts/isImageRequest.js'); const headers = require('./scripts/headers.js'); const { logToCSV, readReportedIPs, wasImageRequestLogged } = require('./scripts/csv.js'); const formatDelay = require('./scripts/formatDelay.js'); +const clientIp = require('./scripts/clientIp.js'); const log = require('./scripts/log.js'); -const { version } = require('./package.json'); const MAIN_DELAY = process.env.NODE_ENV === 'production' ? 3 * 60 * 60 * 1000 @@ -20,13 +20,13 @@ const MAX_URL_LENGTH = 2000; const fetchBlockedIPs = async () => { try { - const res = await axios.post('https://api.cloudflare.com/client/v4/graphql', PAYLOAD(), { headers: headers.CLOUDFLARE }); - if (res.data?.data) { - const events = res.data.data.viewer.zones[0].firewallEventsAdaptive; + const { data, status } = await axios.post('https://api.cloudflare.com/client/v4/graphql', PAYLOAD(), { headers: headers.CLOUDFLARE }); + const events = data?.data?.viewer?.zones[0]?.firewallEventsAdaptive; + if (events) { log('info', `Fetched ${events.length} events from Cloudflare`); return events; } else { - log('error', `Failed to retrieve data from Cloudflare. Status: ${res.status}`, res.data?.errors); + log('error', `Failed to retrieve data from Cloudflare. Status: ${status}`, data?.errors); return null; } } catch (err) { @@ -54,6 +54,12 @@ const reportIP = async (event, url, country, cycleErrorCounts) => { return false; } + if (event.clientIP === clientIp.address) { + logToCSV(event.rayName, event.clientIP, url, 'Your IP address', country); + log('warn', `Your IP address (${event.clientIP}) was unexpectedly received from Cloudflare. URI: ${url}; Ignoring...`); + return false; + } + if (url.length > MAX_URL_LENGTH) { logToCSV(event.rayName, event.clientIP, url, 'Failed - URL too long', country); log('log', `URL too long ${event.clientIP}; URI: ${url};`); @@ -94,11 +100,12 @@ const reportIP = async (event, url, country, cycleErrorCounts) => { } } - log('info', 'Starting IP reporting process...'); + log('info', 'Starting, please wait...'); + await clientIp.fetchIPAddress(); let cycleId = 1; while (true) { - log('info', `===================== New Reporting Cycle (v${version}) =====================`); + log('info', `===================== New Reporting Cycle (v${moduleVersion}) =====================`); const blockedIPEvents = await fetchBlockedIPs(); if (!blockedIPEvents) { diff --git a/package-lock.json b/package-lock.json index 13c751d..79f0e72 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,11 +1,11 @@ { - "name": "cf-waf-abuseipdb", + "name": "cf-waf-to-abuseipdb", "version": "1.0.1", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "cf-waf-abuseipdb", + "name": "cf-waf-to-abuseipdb", "version": "1.0.1", "license": "MIT", "dependencies": { diff --git a/package.json b/package.json index 61eaf15..3f0091b 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "name": "cf-waf-abuseipdb", + "name": "cf-waf-to-abuseipdb", "version": "1.0.1", "description": "A Node.js project that enables automatic reporting of incidents detected by Cloudflare WAF to the AbuseIPDB database.", "keywords": [ diff --git a/scripts/clientIp.js b/scripts/clientIp.js new file mode 100644 index 0000000..daea44c --- /dev/null +++ b/scripts/clientIp.js @@ -0,0 +1,22 @@ +const { axios } = require('../services/axios.js'); +const log = require('./log.js'); + +let address = null; // Holds the IP address +const refreshInterval = 360000; // 6 minutes + +const fetchIPAddress = async () => { + try { + const { data } = await axios.get('https://api.sefinek.net/api/v2/ip'); + if (data?.success) { + address = data.message; + } else { + log('error', 'Failed to retrieve your IP'); + } + } catch (err) { + log('error', `Error fetching your IP: ${err.message}`); + } +}; + +setInterval(fetchIPAddress, refreshInterval); + +module.exports = { fetchIPAddress, address }; \ No newline at end of file diff --git a/services/axios.js b/services/axios.js new file mode 100644 index 0000000..640f674 --- /dev/null +++ b/services/axios.js @@ -0,0 +1,7 @@ +const axios = require('axios'); +const { version } = require('../package.json'); + +axios.defaults.headers.common['User-Agent'] = `Mozilla/5.0 (compatible; CF-WAF-AbuseIPDB/${version}; +https://github.com/sefinek24/Node-Cloudflare-WAF-AbuseIPDB)`; +axios.defaults.timeout = 20000; + +module.exports = { axios, moduleVersion: version }; \ No newline at end of file