JoshS/Cloudflare-WAF-To-AbuseIPDB
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Whitelist

Browse source
This commit is contained in:
Sefinek 2024-11-10 01:44:19 +01:00
parent d00d32d229
commit e165737fb0
4 changed files with 21 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
index.js
View file

@ -10,7 +10,7 @@ const headers = require('./scripts/headers.js');
const { logToCSV, readReportedIPs, wasImageRequestLogged } = require('./services/csv.js');
const formatDelay = require('./scripts/formatDelay.js');
const clientIp = require('./services/clientIp.js');
const whitelist = require('./whitelist.js');
const whitelist = require('./scripts/whitelist.js');
const log = require('./scripts/log.js');
const fetchBlockedIPs = async () => {
@ -18,8 +18,15 @@ const fetchBlockedIPs = async () => {
const { data, status } = await axios.post('https://api.cloudflare.com/client/v4/graphql', PAYLOAD(), { headers: headers.CLOUDFLARE });
const events = data?.data?.viewer?.zones[0]?.firewallEventsAdaptive;
if (events) {
log('log', `Fetched ${events.length} events from Cloudflare`);
return events;
const filtered = events.filter(x =>
x.ip !== clientIp.getAddress() &&
!whitelist.subdomains.some(subdomain => x.clientRequestHTTPHost.includes(subdomain)) && // Subdomains
!whitelist.useragents.some(ua => x.userAgent.includes(ua)) && // User-agents
!whitelist.endpoints.some(endpoint => x.clientRequestPath.includes(endpoint))// Endpoints
);
log('log', `Fetched ${events.length} (filtered ${filtered.length}) events from Cloudflare`);
return filtered;
} else {
throw new Error(`Failed to retrieve data from Cloudflare (status ${status}); ${JSON.stringify(data?.errors)}`);
}
@ -131,7 +138,7 @@ const reportIP = async (event, uri, country, hostname, endpoint, cycleErrorCount
continue;
}
if (whitelist.includes(event.clientRequestPath)) return log('log', `Skipping ${event.clientRequestPath}...`);
if (whitelist.endpoints.includes(event.clientRequestPath)) return log('log', `Skipping ${event.clientRequestPath}...`);
const reportedIPs = readReportedIPs();
const { recentlyReported, timeDifference, reason } = isIPReportedRecently(event.rayName, ip, reportedIPs);

5
scripts/whitelist.js Normal file
View file

@ -0,0 +1,5 @@
const subdomains = ['api.', 'cdn.'];
const useragents = ['Chrome/129', 'Chrome/130', 'Chrome/131', 'Chrome/132', 'Chrome/133', 'StellaLauncher'];
const endpoints = ['/api/', '//video', '//js', '//images', '//imgs', 'favicon.ico'];
module.exports = { subdomains, useragents, endpoints };

12
services/sefinekAPI.js
View file

@ -2,6 +2,7 @@ const { axios } = require('./axios.js');
const { readReportedIPs, updateSefinekAPIInCSV } = require('./csv.js');
const log = require('../scripts/log.js');
const clientIp = require('./clientIp.js');
const whitelist = require('../scripts/whitelist.js');
const API_URL = `${process.env.SEFINEK_API_URL}/cloudflare-waf-abuseipdb/post`;
@ -9,11 +10,10 @@ module.exports = async () => {
const reportedIPs = readReportedIPs().filter(x =>
x.status === 'REPORTED' &&
x.ip !== clientIp.getAddress() &&
!x.endpoint.includes('/api') && // API requests
!['//video', '//js', '//images', '//imgs', 'favicon.ico'].some(endpoint => x.endpoint.includes(endpoint)) && // Endpoints
['api.', 'cdn.'].some(prefix => x.hostname.startsWith(prefix)) && // Domains
x.hostname !== 'blocklist.sefinek.net' && // Domain
!['Chrome/129', 'Chrome/130', 'Chrome/131', 'Chrome/132', 'Chrome/133', 'StellaLauncher'].some(agent => x.useragent.includes(agent)) && // User-agents
!whitelist.subdomains.some(subdomain => x.clientRequestHTTPHost.includes(subdomain)) && // Subdomains
!whitelist.useragents.some(ua => x.userAgent.includes(ua)) && // User-agents
!whitelist.endpoints.some(endpoint => x.clientRequestPath.includes(endpoint)) && // Endpoints
!(/crawler|spider|bot/gi).test(x.useragent) && // Bots
!x.sefinekAPI
);
@ -39,9 +39,7 @@ module.exports = async () => {
country: ip.country,
timestamp: ip.timestamp,
})),
}, {
headers: { 'Authorization': process.env.SEFINEK_API_SECRET },
});
}, { headers: { 'Authorization': process.env.SEFINEK_API_SECRET } });
log('log', `Successfully sent ${uniqueLogs.length} logs to Sefinek API. Status: ${res.status}`);

5
whitelist.js
View file

@ -1,5 +0,0 @@
module.exports = [
'/weryfikacja',
'/verification',
'/download',
];