66 lines
No EOL
3.1 KiB
JavaScript
66 lines
No EOL
3.1 KiB
JavaScript
exports.CONFIG = {
|
|
MAIN: {
|
|
NODE_ENV: 'production', // Environment mode: 'production' or 'development'
|
|
CLOUDFLARE_ZONE_ID: '00000000000000000000000000000000', // API key for Cloudflare access
|
|
CLOUDFLARE_API_KEY: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', // https://dash.cloudflare.com/profile/api-tokens
|
|
ABUSEIPDB_API_KEY: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', // API key for reporting malicious IPs to AbuseIPDB
|
|
RUN_ON_START: true, // Should the reporting function run immediately after the script starts?
|
|
IPv6_SUPPORT: true, // Specifies whether the device has been assigned an IPv6 address.
|
|
},
|
|
|
|
CYCLES: {
|
|
// CRON: Schedule for running cron jobs for reporting to AbuseIPDB.
|
|
REPORT_SCHEDULE: '0 */2 * * *',
|
|
|
|
// The minimum time (in hours) that must pass after reporting an IP address before it can be reported again.
|
|
// The required time is >= 15 minutes, according to AbuseIPDB API limits.
|
|
REPORTED_IP_COOLDOWN: 6 * 60 * 60 * 1000,
|
|
|
|
// The maximum URI length that can be reported to AbuseIPDB.
|
|
// If Cloudflare returns a longer URI, the API request will fail.
|
|
MAX_URL_LENGTH: 780,
|
|
|
|
// Additional delay (in milliseconds) after each successful IP report to avoid overloading the AbuseIPDB API.
|
|
SUCCESS_COOLDOWN: 20,
|
|
|
|
// CRON: Interval for refreshing your IP address. Default: every 6 hours
|
|
// This ensures that WAF violations originating from your IP address are not reported to AbuseIPDB.
|
|
IP_REFRESH_SCHEDULE: '0 */6 * * *',
|
|
},
|
|
|
|
SEFINEK_API: {
|
|
// Report IP addresses to api.sefinek.net to support the development of the repository at https://github.com/sefinek/Malicious-IP-Addresses. SECRET_TOKEN is required if true.
|
|
REPORT_TO_SEFIN_API: false,
|
|
|
|
// Secret key for api.sefinek.net
|
|
SECRET_TOKEN: '',
|
|
|
|
// How often should the log (reported_ips.csv) be analyzed and sent to the Sefinek API?
|
|
REPORT_SCHEDULE: '0 */1 * * *',
|
|
},
|
|
};
|
|
|
|
exports.GENERATE_COMMENT = ({ action, clientAsn, clientASNDescription, clientRequestHTTPProtocol, clientRequestHTTPMethodName, clientRequestHTTPHost, clientRequestPath, clientRequestQuery, datetime, rayName, ruleId, userAgent, source, clientCountryName }) => {
|
|
const fields = [
|
|
{ label: 'Action taken', value: action?.toUpperCase() },
|
|
{ label: 'ASN', value: `${clientAsn} (${clientASNDescription})` },
|
|
{ label: 'Protocol', value: `${clientRequestHTTPProtocol} (${clientRequestHTTPMethodName} method)` },
|
|
// { label: 'Zone', value: clientRequestHTTPHost },
|
|
{ label: 'Endpoint', value: clientRequestPath },
|
|
{ label: 'Query', value: clientRequestQuery },
|
|
{ label: 'Timestamp', value: datetime },
|
|
// { label: 'Ray ID', value: rayName },
|
|
// { label: 'Rule ID', value: ruleId },
|
|
{ label: 'UA', value: userAgent || 'Empty string' },
|
|
];
|
|
|
|
const reportLines = fields
|
|
.filter(({ value }) => value)
|
|
.map(({ label, value }) => `${label}: ${value}`);
|
|
|
|
return `Triggered Cloudflare WAF (${source}) from ${clientCountryName}.
|
|
${reportLines.join('\n')}
|
|
|
|
This report was generated by:
|
|
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB`; // Please do not remove the repository URL. I'd really appreciate it (:
|
|
}; |