Added Traefik-Support

compose.yml

@@ -2,6 +2,8 @@ services:
   flodpodmaster:
     image: git.send.nrw/sendnrw/flod-pod:latest
     container_name: ipblock-master
+    depends_on:
+      - redis
     networks:
       - flod_nw
     environment:

main.go

@@ -25,10 +25,9 @@ var rdb = redis.NewClient(&redis.Options{
 
 // URLs der Blocklisten
 var blocklistURLs = map[string]string{
-	"firehol":                        "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset",
 	"bitwire":                        "https://raw.githubusercontent.com/bitwire-it/ipblocklist/refs/heads/main/ip-list.txt",
-	"RU":                             "https://ipv64.net/blocklists/countries/ipv64_blocklist_RU.txt",
+	"ipv64_ru":                       "https://ipv64.net/blocklists/countries/ipv64_blocklist_RU.txt",
-	"CN":                             "https://ipv64.net/blocklists/countries/ipv64_blocklist_CN.txt",
+	"ipv64_cn":                       "https://ipv64.net/blocklists/countries/ipv64_blocklist_CN.txt",
 	"blocklist_de_ssh":               "https://lists.blocklist.de/lists/ssh.txt",
 	"blocklist_de_mail":              "https://lists.blocklist.de/lists/mail.txt",
 	"blocklist_de_apache":            "https://lists.blocklist.de/lists/apache.txt",
@@ -38,6 +37,7 @@ var blocklistURLs = map[string]string{
 	"blocklist_de_bots":              "https://lists.blocklist.de/lists/bots.txt",
 	"blocklist_de_strongips":         "https://lists.blocklist.de/lists/strongips.txt",
 	"blocklist_de_bruteforcelogin":   "https://lists.blocklist.de/lists/bruteforcelogin.txt",
+	"firehol_org_level1":             "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset",
 	"firehol_org_botscout_30d":       "https://iplists.firehol.org/files/botscout_30d.ipset",
 	"firehol_org_cleantalk_30d":      "https://iplists.firehol.org/files/cleantalk_30d.ipset",
 	"firehol_org_cleantalk_new_30d":  "https://iplists.firehol.org/files/cleantalk_new_30d.ipset",
@@ -95,6 +95,7 @@ func main() {
 	http.HandleFunc("/", handleGUI)
 	http.HandleFunc("/whitelist", handleWhitelist)
 	http.HandleFunc("/check/", handleCheck)
+	http.HandleFunc("/traefik", handleTraefik)
 	http.Handle("/metrics", promhttp.Handler())
 
 	fmt.Println("Server läuft auf :8080")
@@ -273,6 +274,45 @@ func handleCheck(w http.ResponseWriter, r *http.Request) {
 	})
 }
 
+// Check-Handler
+func handleTraefik(w http.ResponseWriter, r *http.Request) {
+	checkRequests.Inc()
+	ipStr := r.Header.Get("X-Forwarded-For")
+	if ipStr == "" {
+		ipStr = r.RemoteAddr
+	}
+	ip, err := netip.ParseAddr(ipStr)
+	if err != nil {
+		http.Error(w, "invalid IP", http.StatusBadRequest)
+		return
+	}
+
+	var cats []string
+	for a, _ := range blocklistURLs {
+		cats = append(cats, a)
+	}
+
+	//cats := []string{"firehol", "bitwire", "RU", "CN"}
+	matches, err := checkIP(ip, cats)
+	if err != nil {
+		http.Error(w, "server error", http.StatusInternalServerError)
+		return
+	}
+	if len(matches) > 0 {
+		checkBlocked.Inc()
+	} else {
+		wl, _ := rdb.Exists(ctx, "wl:"+ip.String()).Result()
+		if wl > 0 {
+			checkWhitelist.Inc()
+		}
+	}
+	if len(matches) > 0 {
+		http.Error(w, "blocked", http.StatusForbidden)
+		return
+	}
+	w.WriteHeader(http.StatusOK)
+}
+
 // Check-Logik
 func checkIP(ip netip.Addr, cats []string) ([]string, error) {
 	wl, err := rdb.Exists(ctx, "wl:"+ip.String()).Result()