ASN whitelisting
This commit is contained in:
parent
6eabc3edf4
commit
815223b9dc
|
@ -41,6 +41,19 @@ class config{
|
||||||
//["minecraft", 848]
|
//["minecraft", 848]
|
||||||
];
|
];
|
||||||
|
|
||||||
|
// the following refer to ASN whitelisting
|
||||||
|
// if you enable ASN whitelisting, no other bot protection will be used
|
||||||
|
// this doesn't work if you put it behind cloudflare
|
||||||
|
const ASN_WHITELIST = 0;
|
||||||
|
// the ASNs that should be allowed
|
||||||
|
const ASN_WHITELIST_LIST = [
|
||||||
|
//example:
|
||||||
|
//["1337"]
|
||||||
|
];
|
||||||
|
// the whois server to hit up
|
||||||
|
const WHOIS_SERVER = "whois.cymru.com";
|
||||||
|
const WHOIS_PORT = 43;
|
||||||
|
|
||||||
// If this regex expression matches on the user agent, it blocks the request
|
// If this regex expression matches on the user agent, it blocks the request
|
||||||
// Not useful at all against a targetted attack
|
// Not useful at all against a targetted attack
|
||||||
const HEADER_REGEX = '/bot|wget|curl|python-requests|scrapy|go-http-client|ruby|yahoo|spider|qwant/i';
|
const HEADER_REGEX = '/bot|wget|curl|python-requests|scrapy|go-http-client|ruby|yahoo|spider|qwant/i';
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
<?php
|
||||||
|
function check_asn($ip, $asns, $whois_server, $port){
|
||||||
|
$data = $ip . "\n";
|
||||||
|
|
||||||
|
$socket = stream_socket_client("tcp://$whois_server:$port", $errno, $errstr);
|
||||||
|
|
||||||
|
if (!$socket){
|
||||||
|
echo "yo shits fucked cant hit up the whois serber: $errstr ($errno)\n";
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
fwrite($socket, $data);
|
||||||
|
|
||||||
|
$response = "";
|
||||||
|
while (!feof($socket)){
|
||||||
|
$response .= fgets($socket, 128);
|
||||||
|
}
|
||||||
|
|
||||||
|
fclose($socket);
|
||||||
|
|
||||||
|
$response = explode("\n", $response);
|
||||||
|
if (count($response) < 2){
|
||||||
|
echo "sup facilities exploded no response for ip: $errstr ($errno)\n";
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
$response = explode(" | ", $response[1]);
|
||||||
|
|
||||||
|
foreach ($asns as $asn){
|
||||||
|
if ($asn == $response[0]){
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
?>
|
|
@ -1,12 +1,21 @@
|
||||||
<?php
|
<?php
|
||||||
|
include "lib/asn.php";
|
||||||
|
|
||||||
class bot_protection{
|
class bot_protection{
|
||||||
|
|
||||||
public function __construct($frontend, $get, $filters, $page, $output){
|
public function __construct($frontend, $get, $filters, $page, $output){
|
||||||
|
|
||||||
// check if we want captcha
|
// check if we're operating on an ASN whitelist
|
||||||
if(config::BOT_PROTECTION !== 1){
|
if (config::ASN_WHITELIST == 1){
|
||||||
|
$response = check_asn($_SERVER["REMOTE_ADDR"], config::ASN_WHITELIST_LIST, config::WHOIS_SERVER, config::WHOIS_PORT);
|
||||||
|
if (!$response){
|
||||||
|
http_response_code(401);
|
||||||
|
echo json_encode([
|
||||||
|
"status" => "the ASN whitelist is enabled, and you ain't on it."
|
||||||
|
]);
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
else{
|
||||||
apcu_inc("real_requests");
|
apcu_inc("real_requests");
|
||||||
if($output === true){
|
if($output === true){
|
||||||
$frontend->loadheader(
|
$frontend->loadheader(
|
||||||
|
@ -15,6 +24,13 @@ class bot_protection{
|
||||||
$page
|
$page
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// check if we want captcha
|
||||||
|
if(config::BOT_PROTECTION !== 1){
|
||||||
|
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue