From 042bbc1c27ac51cc1961cc74441ba695381d294f Mon Sep 17 00:00:00 2001 From: jbergner Date: Sun, 15 Jun 2025 22:20:29 +0200 Subject: [PATCH] Added Traefik-Support --- compose.yml | 2 ++ main.go | 46 +++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/compose.yml b/compose.yml index 4a267b1..4850f4b 100644 --- a/compose.yml +++ b/compose.yml @@ -2,6 +2,8 @@ services: flodpodmaster: image: git.send.nrw/sendnrw/flod-pod:latest container_name: ipblock-master + depends_on: + - redis networks: - flod_nw environment: diff --git a/main.go b/main.go index 6ba32a2..29b09b0 100644 --- a/main.go +++ b/main.go @@ -25,10 +25,9 @@ var rdb = redis.NewClient(&redis.Options{ // URLs der Blocklisten var blocklistURLs = map[string]string{ - "firehol": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset", "bitwire": "https://raw.githubusercontent.com/bitwire-it/ipblocklist/refs/heads/main/ip-list.txt", - "RU": "https://ipv64.net/blocklists/countries/ipv64_blocklist_RU.txt", - "CN": "https://ipv64.net/blocklists/countries/ipv64_blocklist_CN.txt", + "ipv64_ru": "https://ipv64.net/blocklists/countries/ipv64_blocklist_RU.txt", + "ipv64_cn": "https://ipv64.net/blocklists/countries/ipv64_blocklist_CN.txt", "blocklist_de_ssh": "https://lists.blocklist.de/lists/ssh.txt", "blocklist_de_mail": "https://lists.blocklist.de/lists/mail.txt", "blocklist_de_apache": "https://lists.blocklist.de/lists/apache.txt", @@ -38,6 +37,7 @@ var blocklistURLs = map[string]string{ "blocklist_de_bots": "https://lists.blocklist.de/lists/bots.txt", "blocklist_de_strongips": "https://lists.blocklist.de/lists/strongips.txt", "blocklist_de_bruteforcelogin": "https://lists.blocklist.de/lists/bruteforcelogin.txt", + "firehol_org_level1": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset", "firehol_org_botscout_30d": "https://iplists.firehol.org/files/botscout_30d.ipset", "firehol_org_cleantalk_30d": "https://iplists.firehol.org/files/cleantalk_30d.ipset", "firehol_org_cleantalk_new_30d": "https://iplists.firehol.org/files/cleantalk_new_30d.ipset", @@ -95,6 +95,7 @@ func main() { http.HandleFunc("/", handleGUI) http.HandleFunc("/whitelist", handleWhitelist) http.HandleFunc("/check/", handleCheck) + http.HandleFunc("/traefik", handleTraefik) http.Handle("/metrics", promhttp.Handler()) fmt.Println("Server läuft auf :8080") @@ -273,6 +274,45 @@ func handleCheck(w http.ResponseWriter, r *http.Request) { }) } +// Check-Handler +func handleTraefik(w http.ResponseWriter, r *http.Request) { + checkRequests.Inc() + ipStr := r.Header.Get("X-Forwarded-For") + if ipStr == "" { + ipStr = r.RemoteAddr + } + ip, err := netip.ParseAddr(ipStr) + if err != nil { + http.Error(w, "invalid IP", http.StatusBadRequest) + return + } + + var cats []string + for a, _ := range blocklistURLs { + cats = append(cats, a) + } + + //cats := []string{"firehol", "bitwire", "RU", "CN"} + matches, err := checkIP(ip, cats) + if err != nil { + http.Error(w, "server error", http.StatusInternalServerError) + return + } + if len(matches) > 0 { + checkBlocked.Inc() + } else { + wl, _ := rdb.Exists(ctx, "wl:"+ip.String()).Result() + if wl > 0 { + checkWhitelist.Inc() + } + } + if len(matches) > 0 { + http.Error(w, "blocked", http.StatusForbidden) + return + } + w.WriteHeader(http.StatusOK) +} + // Check-Logik func checkIP(ip netip.Addr, cats []string) ([]string, error) { wl, err := rdb.Exists(ctx, "wl:"+ip.String()).Result()