forked from lolcat/4get
ASN whitelisting
This commit is contained in:
cynic
parent
6eabc3edf4
commit
815223b9dc
|
|
@ -41,6 +41,19 @@ class config{
|
|||
//["minecraft", 848]
|
||||
];
|
||||
|
||||
// the following refer to ASN whitelisting
|
||||
// if you enable ASN whitelisting, no other bot protection will be used
|
||||
// this doesn't work if you put it behind cloudflare
|
||||
const ASN_WHITELIST = 0;
|
||||
// the ASNs that should be allowed
|
||||
const ASN_WHITELIST_LIST = [
|
||||
//example:
|
||||
//["1337"]
|
||||
];
|
||||
// the whois server to hit up
|
||||
const WHOIS_SERVER = "whois.cymru.com";
|
||||
const WHOIS_PORT = 43;
|
||||
|
||||
// If this regex expression matches on the user agent, it blocks the request
|
||||
// Not useful at all against a targetted attack
|
||||
const HEADER_REGEX = '/bot|wget|curl|python-requests|scrapy|go-http-client|ruby|yahoo|spider|qwant/i';
|
||||
|
|
|
|||
|
|
@ -0,0 +1,35 @@
|
|||
<?php
|
||||
function check_asn($ip, $asns, $whois_server, $port){
|
||||
$data = $ip . "\n";
|
||||
|
||||
$socket = stream_socket_client("tcp://$whois_server:$port", $errno, $errstr);
|
||||
|
||||
if (!$socket){
|
||||
echo "yo shits fucked cant hit up the whois serber: $errstr ($errno)\n";
|
||||
exit();
|
||||
}
|
||||
|
||||
fwrite($socket, $data);
|
||||
|
||||
$response = "";
|
||||
while (!feof($socket)){
|
||||
$response .= fgets($socket, 128);
|
||||
}
|
||||
|
||||
fclose($socket);
|
||||
|
||||
$response = explode("\n", $response);
|
||||
if (count($response) < 2){
|
||||
echo "sup facilities exploded no response for ip: $errstr ($errno)\n";
|
||||
die();
|
||||
}
|
||||
$response = explode(" | ", $response[1]);
|
||||
|
||||
foreach ($asns as $asn){
|
||||
if ($asn == $response[0]){
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
?>
|
||||
|
|
@ -1,12 +1,21 @@
|
|||
<?php
|
||||
include "lib/asn.php";
|
||||
|
||||
class bot_protection{
|
||||
|
||||
public function __construct($frontend, $get, $filters, $page, $output){
|
||||
|
||||
// check if we want captcha
|
||||
if(config::BOT_PROTECTION !== 1){
|
||||
|
||||
// check if we're operating on an ASN whitelist
|
||||
if (config::ASN_WHITELIST == 1){
|
||||
$response = check_asn($_SERVER["REMOTE_ADDR"], config::ASN_WHITELIST_LIST, config::WHOIS_SERVER, config::WHOIS_PORT);
|
||||
if (!$response){
|
||||
http_response_code(401);
|
||||
echo json_encode([
|
||||
"status" => "the ASN whitelist is enabled, and you ain't on it."
|
||||
]);
|
||||
die();
|
||||
}
|
||||
else{
|
||||
apcu_inc("real_requests");
|
||||
if($output === true){
|
||||
$frontend->loadheader(
|
||||
|
|
@ -15,6 +24,13 @@ class bot_protection{
|
|||
$page
|
||||
);
|
||||
}
|
||||
}
|
||||
return;
|
||||
}
|
||||
// check if we want captcha
|
||||
if(config::BOT_PROTECTION !== 1){
|
||||
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue