ASN whitelisting

This commit is contained in:
cynic 2024-10-11 17:09:21 -04:00
parent 6eabc3edf4
commit 815223b9dc
3 changed files with 72 additions and 8 deletions

View File

@ -40,6 +40,19 @@ class config{
//["fumo_plushies", 1006],
//["minecraft", 848]
];
// the following refer to ASN whitelisting
// if you enable ASN whitelisting, no other bot protection will be used
// this doesn't work if you put it behind cloudflare
const ASN_WHITELIST = 0;
// the ASNs that should be allowed
const ASN_WHITELIST_LIST = [
//example:
//["1337"]
];
// the whois server to hit up
const WHOIS_SERVER = "whois.cymru.com";
const WHOIS_PORT = 43;
// If this regex expression matches on the user agent, it blocks the request
// Not useful at all against a targetted attack

35
lib/asn.php Normal file
View File

@ -0,0 +1,35 @@
<?php
function check_asn($ip, $asns, $whois_server, $port){
$data = $ip . "\n";
$socket = stream_socket_client("tcp://$whois_server:$port", $errno, $errstr);
if (!$socket){
echo "yo shits fucked cant hit up the whois serber: $errstr ($errno)\n";
exit();
}
fwrite($socket, $data);
$response = "";
while (!feof($socket)){
$response .= fgets($socket, 128);
}
fclose($socket);
$response = explode("\n", $response);
if (count($response) < 2){
echo "sup facilities exploded no response for ip: $errstr ($errno)\n";
die();
}
$response = explode(" | ", $response[1]);
foreach ($asns as $asn){
if ($asn == $response[0]){
return true;
}
}
return false;
}
?>

View File

@ -1,20 +1,36 @@
<?php
include "lib/asn.php";
class bot_protection{
public function __construct($frontend, $get, $filters, $page, $output){
// check if we're operating on an ASN whitelist
if (config::ASN_WHITELIST == 1){
$response = check_asn($_SERVER["REMOTE_ADDR"], config::ASN_WHITELIST_LIST, config::WHOIS_SERVER, config::WHOIS_PORT);
if (!$response){
http_response_code(401);
echo json_encode([
"status" => "the ASN whitelist is enabled, and you ain't on it."
]);
die();
}
else{
apcu_inc("real_requests");
if($output === true){
$frontend->loadheader(
$get,
$filters,
$page
);
}
}
return;
}
// check if we want captcha
if(config::BOT_PROTECTION !== 1){
apcu_inc("real_requests");
if($output === true){
$frontend->loadheader(
$get,
$filters,
$page
);
}
return;
}