JoshS/Cloudflare-WAF-To-AbuseIPDB
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

From now on, the code will no longer report WAF violations originating from your IP address

Browse source
This commit is contained in:
Sefinek 2024-09-05 16:46:22 +02:00
parent 0070379c5c
commit b59265218d
5 changed files with 47 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
index.js
View file

@ -1,14 +1,14 @@
require('dotenv').config(); require('dotenv').config();
const axios = require('axios'); const { axios, moduleVersion } = require('./services/axios.js');
const PAYLOAD = require('./scripts/payload.js'); const PAYLOAD = require('./scripts/payload.js');
const generateComment = require('./scripts/generateComment.js'); const generateComment = require('./scripts/generateComment.js');
const isImageRequest = require('./scripts/isImageRequest.js'); const isImageRequest = require('./scripts/isImageRequest.js');
const headers = require('./scripts/headers.js'); const headers = require('./scripts/headers.js');
const { logToCSV, readReportedIPs, wasImageRequestLogged } = require('./scripts/csv.js'); const { logToCSV, readReportedIPs, wasImageRequestLogged } = require('./scripts/csv.js');
const formatDelay = require('./scripts/formatDelay.js'); const formatDelay = require('./scripts/formatDelay.js');
const clientIp = require('./scripts/clientIp.js');
const log = require('./scripts/log.js'); const log = require('./scripts/log.js');
const { version } = require('./package.json');
const MAIN_DELAY = process.env.NODE_ENV === 'production' const MAIN_DELAY = process.env.NODE_ENV === 'production'
? 3 * 60 * 60 * 1000 ? 3 * 60 * 60 * 1000
@ -20,13 +20,13 @@ const MAX_URL_LENGTH = 2000;
const fetchBlockedIPs = async () => { const fetchBlockedIPs = async () => {
try { try {
const res = await axios.post('https://api.cloudflare.com/client/v4/graphql', PAYLOAD(), { headers: headers.CLOUDFLARE }); const { data, status } = await axios.post('https://api.cloudflare.com/client/v4/graphql', PAYLOAD(), { headers: headers.CLOUDFLARE });
if (res.data?.data) { const events = data?.data?.viewer?.zones[0]?.firewallEventsAdaptive;
const events = res.data.data.viewer.zones[0].firewallEventsAdaptive; if (events) {
log('info', `Fetched ${events.length} events from Cloudflare`); log('info', `Fetched ${events.length} events from Cloudflare`);
return events; return events;
} else { } else {
log('error', `Failed to retrieve data from Cloudflare. Status: ${res.status}`, res.data?.errors); log('error', `Failed to retrieve data from Cloudflare. Status: ${status}`, data?.errors);
return null; return null;
} }
} catch (err) { } catch (err) {
@ -54,6 +54,12 @@ const reportIP = async (event, url, country, cycleErrorCounts) => {
return false; return false;
} }
if (event.clientIP === clientIp.address) {
logToCSV(event.rayName, event.clientIP, url, 'Your IP address', country);
log('warn', `Your IP address (${event.clientIP}) was unexpectedly received from Cloudflare. URI: ${url}; Ignoring...`);
return false;
}
if (url.length > MAX_URL_LENGTH) { if (url.length > MAX_URL_LENGTH) {
logToCSV(event.rayName, event.clientIP, url, 'Failed - URL too long', country); logToCSV(event.rayName, event.clientIP, url, 'Failed - URL too long', country);
log('log', `URL too long ${event.clientIP}; URI: ${url};`); log('log', `URL too long ${event.clientIP}; URI: ${url};`);
@ -94,11 +100,12 @@ const reportIP = async (event, url, country, cycleErrorCounts) => {
} }
} }
log('info', 'Starting IP reporting process...'); log('info', 'Starting, please wait...');
await clientIp.fetchIPAddress();
let cycleId = 1; let cycleId = 1;
while (true) { while (true) {
log('info', `===================== New Reporting Cycle (v${version}) =====================`); log('info', `===================== New Reporting Cycle (v${moduleVersion}) =====================`);
const blockedIPEvents = await fetchBlockedIPs(); const blockedIPEvents = await fetchBlockedIPs();
if (!blockedIPEvents) { if (!blockedIPEvents) {

4
package-lock.json generated
View file

@ -1,11 +1,11 @@
{ {
"name": "cf-waf-abuseipdb", "name": "cf-waf-to-abuseipdb",
"version": "1.0.1", "version": "1.0.1",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "cf-waf-abuseipdb", "name": "cf-waf-to-abuseipdb",
"version": "1.0.1", "version": "1.0.1",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {

2
package.json
View file

@ -1,5 +1,5 @@
{ {
"name": "cf-waf-abuseipdb", "name": "cf-waf-to-abuseipdb",
"version": "1.0.1", "version": "1.0.1",
"description": "A Node.js project that enables automatic reporting of incidents detected by Cloudflare WAF to the AbuseIPDB database.", "description": "A Node.js project that enables automatic reporting of incidents detected by Cloudflare WAF to the AbuseIPDB database.",
"keywords": [ "keywords": [

22
scripts/clientIp.js Normal file
View file

@ -0,0 +1,22 @@
const { axios } = require('../services/axios.js');
const log = require('./log.js');
let address = null; // Holds the IP address
const refreshInterval = 360000; // 6 minutes
const fetchIPAddress = async () => {
try {
const { data } = await axios.get('https://api.sefinek.net/api/v2/ip');
if (data?.success) {
address = data.message;
} else {
log('error', 'Failed to retrieve your IP');
}
} catch (err) {
log('error', `Error fetching your IP: ${err.message}`);
}
};
setInterval(fetchIPAddress, refreshInterval);
module.exports = { fetchIPAddress, address };

7
services/axios.js Normal file
View file

@ -0,0 +1,7 @@
const axios = require('axios');
const { version } = require('../package.json');
axios.defaults.headers.common['User-Agent'] = `Mozilla/5.0 (compatible; CF-WAF-AbuseIPDB/${version}; +https://github.com/sefinek24/Node-Cloudflare-WAF-AbuseIPDB)`;
axios.defaults.timeout = 20000;
module.exports = { axios, moduleVersion: version };