mirror of
https://github.com/aljazceru/njump.git
synced 2025-12-18 14:54:24 +01:00
block cloudflare requests, someone was making a million meaningless requests.
This commit is contained in:
fiatjaf
61
ipblock.go
Normal file
61
ipblock.go
Normal file
@@ -0,0 +1,61 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func ipblock(next http.Handler) func(w http.ResponseWriter, r *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
ip := net.ParseIP(r.Header.Get("CF-Connecting-IP"))
|
||||
if ip != nil {
|
||||
for _, ipnet := range cloudflareRanges {
|
||||
if ipnet.Contains(ip) {
|
||||
// cloudflare is not allowed
|
||||
log.Debug().Stringer("ip", ip).Msg("cloudflare (attacker) ip blocked")
|
||||
http.Redirect(w, r, "https://njump.me/", 302)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
var cloudflareRanges []*net.IPNet
|
||||
|
||||
func updateCloudflareRangesRoutine() {
|
||||
for {
|
||||
newRanges := make([]*net.IPNet, 0, 30)
|
||||
|
||||
for _, url := range []string{
|
||||
"https://www.cloudflare.com/ips-v6/",
|
||||
"https://www.cloudflare.com/ips-v4/",
|
||||
} {
|
||||
resp, err := http.Get(url)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("failed to fetch cloudflare ips")
|
||||
continue
|
||||
}
|
||||
data, _ := io.ReadAll(resp.Body)
|
||||
resp.Body.Close()
|
||||
for _, line := range strings.Split(strings.TrimSpace(string(data)), "\n") {
|
||||
_, ipnet, err := net.ParseCIDR(strings.TrimSpace(line))
|
||||
if err != nil {
|
||||
log.Error().Str("line", line).Err(err).Msg("failed to parse cloudflare ip range")
|
||||
continue
|
||||
}
|
||||
newRanges = append(newRanges, ipnet)
|
||||
}
|
||||
}
|
||||
if len(newRanges) > 0 {
|
||||
cloudflareRanges = newRanges
|
||||
}
|
||||
|
||||
time.Sleep(time.Hour * 24)
|
||||
}
|
||||
}
|
||||
7
main.go
7
main.go
@@ -144,7 +144,12 @@ func main() {
|
||||
mux.HandleFunc("/{code}", renderEvent)
|
||||
mux.HandleFunc("/{$}", renderHomepage)
|
||||
|
||||
corsHandler := cors.Default().Handler(relay)
|
||||
corsHandler := cors.Default().Handler(
|
||||
http.HandlerFunc(
|
||||
ipblock(relay),
|
||||
),
|
||||
)
|
||||
go updateCloudflareRangesRoutine()
|
||||
|
||||
log.Print("listening at http://0.0.0.0:" + s.Port)
|
||||
server := &http.Server{Addr: "0.0.0.0:" + s.Port, Handler: corsHandler}
|
||||
|
||||
Reference in New Issue
Block a user