Added Traefik-Support
All checks were successful
release-tag / release-image (push) Successful in 1m38s
All checks were successful
release-tag / release-image (push) Successful in 1m38s
This commit is contained in:
@@ -2,6 +2,8 @@ services:
|
||||
flodpodmaster:
|
||||
image: git.send.nrw/sendnrw/flod-pod:latest
|
||||
container_name: ipblock-master
|
||||
depends_on:
|
||||
- redis
|
||||
networks:
|
||||
- flod_nw
|
||||
environment:
|
||||
|
||||
46
main.go
46
main.go
@@ -25,10 +25,9 @@ var rdb = redis.NewClient(&redis.Options{
|
||||
|
||||
// URLs der Blocklisten
|
||||
var blocklistURLs = map[string]string{
|
||||
"firehol": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset",
|
||||
"bitwire": "https://raw.githubusercontent.com/bitwire-it/ipblocklist/refs/heads/main/ip-list.txt",
|
||||
"RU": "https://ipv64.net/blocklists/countries/ipv64_blocklist_RU.txt",
|
||||
"CN": "https://ipv64.net/blocklists/countries/ipv64_blocklist_CN.txt",
|
||||
"ipv64_ru": "https://ipv64.net/blocklists/countries/ipv64_blocklist_RU.txt",
|
||||
"ipv64_cn": "https://ipv64.net/blocklists/countries/ipv64_blocklist_CN.txt",
|
||||
"blocklist_de_ssh": "https://lists.blocklist.de/lists/ssh.txt",
|
||||
"blocklist_de_mail": "https://lists.blocklist.de/lists/mail.txt",
|
||||
"blocklist_de_apache": "https://lists.blocklist.de/lists/apache.txt",
|
||||
@@ -38,6 +37,7 @@ var blocklistURLs = map[string]string{
|
||||
"blocklist_de_bots": "https://lists.blocklist.de/lists/bots.txt",
|
||||
"blocklist_de_strongips": "https://lists.blocklist.de/lists/strongips.txt",
|
||||
"blocklist_de_bruteforcelogin": "https://lists.blocklist.de/lists/bruteforcelogin.txt",
|
||||
"firehol_org_level1": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset",
|
||||
"firehol_org_botscout_30d": "https://iplists.firehol.org/files/botscout_30d.ipset",
|
||||
"firehol_org_cleantalk_30d": "https://iplists.firehol.org/files/cleantalk_30d.ipset",
|
||||
"firehol_org_cleantalk_new_30d": "https://iplists.firehol.org/files/cleantalk_new_30d.ipset",
|
||||
@@ -95,6 +95,7 @@ func main() {
|
||||
http.HandleFunc("/", handleGUI)
|
||||
http.HandleFunc("/whitelist", handleWhitelist)
|
||||
http.HandleFunc("/check/", handleCheck)
|
||||
http.HandleFunc("/traefik", handleTraefik)
|
||||
http.Handle("/metrics", promhttp.Handler())
|
||||
|
||||
fmt.Println("Server läuft auf :8080")
|
||||
@@ -273,6 +274,45 @@ func handleCheck(w http.ResponseWriter, r *http.Request) {
|
||||
})
|
||||
}
|
||||
|
||||
// Check-Handler
|
||||
func handleTraefik(w http.ResponseWriter, r *http.Request) {
|
||||
checkRequests.Inc()
|
||||
ipStr := r.Header.Get("X-Forwarded-For")
|
||||
if ipStr == "" {
|
||||
ipStr = r.RemoteAddr
|
||||
}
|
||||
ip, err := netip.ParseAddr(ipStr)
|
||||
if err != nil {
|
||||
http.Error(w, "invalid IP", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
var cats []string
|
||||
for a, _ := range blocklistURLs {
|
||||
cats = append(cats, a)
|
||||
}
|
||||
|
||||
//cats := []string{"firehol", "bitwire", "RU", "CN"}
|
||||
matches, err := checkIP(ip, cats)
|
||||
if err != nil {
|
||||
http.Error(w, "server error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if len(matches) > 0 {
|
||||
checkBlocked.Inc()
|
||||
} else {
|
||||
wl, _ := rdb.Exists(ctx, "wl:"+ip.String()).Result()
|
||||
if wl > 0 {
|
||||
checkWhitelist.Inc()
|
||||
}
|
||||
}
|
||||
if len(matches) > 0 {
|
||||
http.Error(w, "blocked", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
||||
|
||||
// Check-Logik
|
||||
func checkIP(ip netip.Addr, cats []string) ([]string, error) {
|
||||
wl, err := rdb.Exists(ctx, "wl:"+ip.String()).Result()
|
||||
|
||||
Reference in New Issue
Block a user