sendnrw/flod
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sendnrw:c5a7f90226991d313441c26a2839321602cf579a
Branches Tags
sendnrw:main
...
compare: sendnrw:main
Branches Tags
sendnrw:main

12 Commits
c5a7f90226 ... main

Author SHA1 Message Date
jbergner
a9d62c0c5d bugfix metrics
All checks were successful
release-tag / release-image (push) Successful in 2m3s
Details
2025-11-13 13:31:11 +01:00
jbergner
2eea551964 Check-Gui added
All checks were successful
release-tag / release-image (push) Successful in 1m49s
Details
2025-11-12 03:33:16 +01:00
jbergner
2cf8c4204d fix2
All checks were successful
release-tag / release-image (push) Successful in 1m58s
Details
2025-11-10 21:59:25 +01:00
jbergner
6898fdd47e fix
All checks were successful
release-tag / release-image (push) Successful in 2m6s
Details
2025-11-10 21:53:49 +01:00
jbergner
59556eae01 Metrics angepasst (Test)
All checks were successful
release-tag / release-image (push) Successful in 3m32s
Details
2025-11-10 21:44:03 +01:00
jbergner
5b48c30a98 updates
All checks were successful
release-tag / release-image (push) Successful in 3m29s
Details
2025-11-10 21:24:16 +01:00
jbergner
19143fd8c1 updated template
All checks were successful
release-tag / release-image (push) Successful in 1m47s
Details
2025-11-09 15:36:01 +01:00
jbergner
6d326ba495 updated layout
All checks were successful
release-tag / release-image (push) Successful in 1m49s
Details
2025-11-09 15:31:46 +01:00
jbergner
c7e9625236 fix
All checks were successful
release-tag / release-image (push) Successful in 2m0s
Details
2025-11-08 23:51:24 +01:00
jbergner
2a66ea48e8 updated to unauthorized
All checks were successful
release-tag / release-image (push) Successful in 1m52s
Details
2025-11-08 23:46:14 +01:00
jbergner
eff3dd61af changed
All checks were successful
release-tag / release-image (push) Successful in 1m46s
Details
2025-11-08 22:54:28 +01:00
jbergner
840ecf2953 test with blockpage 2025-11-08 22:54:16 +01:00
1 changed files with 537 additions and 21 deletions
Expand all files Collapse all files

558
main.go
View File

@@ -21,6 +21,153 @@ import (
"github.com/redis/go-redis/v9"
)
var (
// Requests & Responses & Inflight & Duration
reqTotal = prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "ipcheck_requests_total",
Help: "Total HTTP requests by handler",
},
[]string{"handler"},
)
respTotal = prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "ipcheck_http_responses_total",
Help: "HTTP responses by handler and code",
},
[]string{"handler", "code"},
)
inflight = prometheus.NewGauge(
prometheus.GaugeOpts{
Name: "ipcheck_requests_inflight",
Help: "Inflight HTTP requests",
},
)
reqDuration = prometheus.NewHistogramVec(
prometheus.HistogramOpts{
Name: "ipcheck_request_duration_seconds",
Help: "Request duration seconds",
// Wähle Buckets ähnlich deinem manuellen Histogramm
Buckets: []float64{0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10},
},
[]string{"handler"},
)
// Importer
importCycles = prometheus.NewCounter(
prometheus.CounterOpts{
Name: "ipcheck_import_cycles_total",
Help: "Completed import cycles",
},
)
importLastSuccess = prometheus.NewGauge(
prometheus.GaugeOpts{
Name: "ipcheck_import_last_success_timestamp_seconds",
Help: "Last successful import Unix time",
},
)
importErrors = prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "ipcheck_import_errors_total",
Help: "Import errors by category",
},
[]string{"category"},
)
importDuration = prometheus.NewHistogramVec(
prometheus.HistogramOpts{
Name: "ipcheck_import_duration_seconds",
Help: "Import duration by category",
Buckets: []float64{0.5, 1, 2, 5, 10, 30, 60, 120, 300},
},
[]string{"category"},
)
// Bereits vorhanden: blocklistHashSizes (GaugeVec)
catalogCategories = prometheus.NewGauge(
prometheus.GaugeOpts{
Name: "ipcheck_catalog_categories_total",
Help: "Number of categories in catalog",
},
)
// Honeypot-Teile hast du im zweiten Projekt nicht → weglassen oder später ergänzen
whitelistTotal = prometheus.NewGauge(
prometheus.GaugeOpts{
Name: "ipcheck_whitelist_total",
Help: "Whitelisted IPs",
},
)
traefikBlocks = prometheus.NewCounter(
prometheus.CounterOpts{
Name: "ipcheck_traefik_blocks_total",
Help: "Traefik blocks due to matches",
},
)
downloads = prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "ipcheck_downloads_total",
Help: "Downloads served by category",
},
[]string{"category"},
)
manualBlacklistSize = prometheus.NewGauge(
prometheus.GaugeOpts{
Name: "ipcheck_manual_blacklist_size",
Help: "Manual blacklist size",
},
)
)
func init() {
prometheus.MustRegister(
reqTotal, respTotal, inflight, reqDuration,
importCycles, importLastSuccess, importErrors, importDuration,
blocklistHashSizes, catalogCategories, whitelistTotal,
traefikBlocks, downloads, manualBlacklistSize, checkBlocked, checkWhitelist,
)
// Deine existierenden Counter:
// checkRequests, checkBlocked, checkWhitelist sind okay können bleiben.
}
type statusRecorder struct {
http.ResponseWriter
code int
}
func (w *statusRecorder) WriteHeader(code int) {
w.code = code
w.ResponseWriter.WriteHeader(code)
}
func instrumentHandler(name string, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
inflight.Inc()
start := time.Now()
rec := &statusRecorder{ResponseWriter: w, code: 200}
reqTotal.WithLabelValues(name).Inc()
next.ServeHTTP(rec, r)
inflight.Dec()
reqDuration.WithLabelValues(name).Observe(time.Since(start).Seconds())
respTotal.WithLabelValues(name, fmt.Sprintf("%d", rec.code)).Inc()
})
}
func instrumentFunc(name string, fn http.HandlerFunc) http.Handler {
return instrumentHandler(name, http.HandlerFunc(fn))
}
// --------------------------------------------------
//
// --------------------------------------------------
// Redis + Context
var ctx = context.Background()
@@ -71,10 +218,6 @@ var (
// Prometheus Metriken
var (
checkRequests = prometheus.NewCounter(prometheus.CounterOpts{
Name: "ipcheck_requests_total",
Help: "Total IP check requests",
})
checkBlocked = prometheus.NewCounter(prometheus.CounterOpts{
Name: "ipcheck_blocked_total",
Help: "Total blocked IPs",
@@ -92,9 +235,9 @@ var (
)
)
func init() {
prometheus.MustRegister(checkRequests, checkBlocked, checkWhitelist, blocklistHashSizes)
}
/*func init() {
prometheus.MustRegister(checkBlocked, checkWhitelist)
}*/
// Main
func main() {
@@ -105,11 +248,12 @@ func main() {
}
// Server
http.HandleFunc("/", handleGUI)
http.HandleFunc("/download/", handleDownload)
http.HandleFunc("/whitelist", handleWhitelist)
http.HandleFunc("/check/", handleCheck)
http.HandleFunc("/traefik", handleTraefik)
http.Handle("/", instrumentFunc("gui", checkhtml))
http.Handle("/admin", instrumentFunc("admin", handleGUI))
http.Handle("/download/", instrumentFunc("download", handleDownload))
http.Handle("/whitelist", instrumentFunc("whitelist", handleWhitelist))
http.Handle("/check/", instrumentFunc("check", handleCheck))
http.Handle("/traefik", instrumentFunc("traefik", handleTraefik))
http.Handle("/metrics", promhttp.Handler())
go func() {
@@ -148,12 +292,14 @@ func clientIPFromHeaders(r *http.Request) (netip.Addr, error) {
}
func updateBlocklistMetrics() {
var rdb = redis.NewClient(&redis.Options{
rdb := redis.NewClient(&redis.Options{
Addr: os.Getenv("REDIS_ADDR"),
DB: 0,
Username: os.Getenv("REDIS_USER"),
Password: os.Getenv("REDIS_PASS"),
})
// Blocklist-Hash-Größen pro Kategorie
for cat := range blocklistURLs {
key := "bl:" + cat
count, err := rdb.HLen(ctx, key).Result()
@@ -163,6 +309,16 @@ func updateBlocklistMetrics() {
}
blocklistHashSizes.WithLabelValues(cat).Set(float64(count))
}
// Whitelist gesamt (wenn als Keys "wl:<ip>" gespeichert)
if n, err := rdb.Keys(ctx, "wl:*").Result(); err == nil {
whitelistTotal.Set(float64(len(n)))
}
// Manuelle Blacklist, falls vorhanden
if n, err := rdb.HLen(ctx, "bl:manual").Result(); err == nil {
manualBlacklistSize.Set(float64(n))
}
}
type target struct {
@@ -203,15 +359,25 @@ func fetchAndSave(client *http.Client, t target, outDir string) error {
// Import-Logik
func importBlocklists() error {
startAll := time.Now()
importCycles.Inc()
client := &http.Client{Timeout: 60 * time.Second}
t := target{Name: "Catalog", URL: os.Getenv("FLOD_IMPORT_URL") + "/lists.json"}
if err := os.MkdirAll("./lists/", 0o755); err != nil {
t := target{Name: "Catalog", URL: os.Getenv("FLOD_IMPORT_URL")}
if err := os.MkdirAll("/lists/", 0o755); err != nil {
fmt.Println("creating output dir", err)
}
if err := fetchAndSave(client, t, "./lists/"); err != nil {
if err := fetchAndSave(client, t, "/lists/"); err != nil {
log.Printf("ERROR %s → %v", t.URL, err)
}
blocklistURLs, _ = ImportListJSON("./lists/lists.json")
fileName := filepath.Base(t.URL)
if fileName == "" {
fileName = strings.ReplaceAll(strings.ToLower(strings.ReplaceAll(t.Name, " ", "_")), "..", "")
}
blocklistURLs, _ = ImportListJSON("/lists/" + fileName)
catalogCategories.Set(float64(len(blocklistURLs)))
var wg sync.WaitGroup
errCh := make(chan error, len(blocklistURLs))
@@ -220,15 +386,25 @@ func importBlocklists() error {
wg.Add(1)
go func(c, u string) {
defer wg.Done()
start := time.Now()
if err := importCategory(c, u); err != nil {
importErrors.WithLabelValues(c).Inc()
errCh <- fmt.Errorf("%s: %v", c, err)
}
importDuration.WithLabelValues(c).Observe(time.Since(start).Seconds())
}(cat, url)
}
wg.Wait()
close(errCh)
// Erfolgstimestamp nur setzen, wenn keine Fehler:
if len(errCh) == 0 {
importLastSuccess.Set(float64(time.Now().Unix()))
}
_ = startAll // (falls du Gesamtzeit noch extra messen willst)
for err := range errCh {
fmt.Println("❌", err)
}
@@ -368,7 +544,6 @@ func handleCheck(w http.ResponseWriter, r *http.Request) {
Username: os.Getenv("REDIS_USER"),
Password: os.Getenv("REDIS_PASS"),
})
checkRequests.Inc()
ipStr := strings.TrimPrefix(r.URL.Path, "/check/")
ip, err := netip.ParseAddr(ipStr)
if err != nil {
@@ -411,8 +586,6 @@ func handleTraefik(w http.ResponseWriter, r *http.Request) {
Password: os.Getenv("REDIS_PASS"),
})
checkRequests.Inc()
ip, err := clientIPFromHeaders(r)
if err != nil {
http.Error(w, "invalid IP", http.StatusBadRequest)
@@ -441,7 +614,9 @@ func handleTraefik(w http.ResponseWriter, r *http.Request) {
if len(matches) > 0 {
checkBlocked.Inc()
http.Error(w, "blocked", http.StatusForbidden)
traefikBlocks.Inc()
errorhtml(w, r)
//http.Error(w, "blocked", http.StatusTooManyRequests)
return
}
w.WriteHeader(http.StatusOK)
@@ -548,6 +723,7 @@ func handleDownload(w http.ResponseWriter, r *http.Request) {
}
// Header für Download setzen
downloads.WithLabelValues(cat).Inc()
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s.txt\"", cat))
@@ -650,3 +826,343 @@ func handleGUI(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
_, _ = w.Write([]byte(html))
}
func checkhtml(w http.ResponseWriter, r *http.Request) {
html := `<!doctype html>
<html lang="de">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>FLODP IP Check</title>
<style>
:root{
--bg:#f6f7f9;--text:#1f2937;--muted:#6b7280;--card:#ffffff;
--success:#22c55e;--danger:#ef4444;--accent:#2563eb;--border:#e5e7eb;
}
*{box-sizing:border-box}
html,body{height:100%}
body{margin:0;background:var(--bg);color:var(--text);font:16px/1.5 system-ui,-apple-system,Segoe UI,Roboto,Ubuntu,"Helvetica Neue",Arial}
.wrap{max-width:980px;margin:0 auto;padding:40px 16px 64px}
header{display:flex;align-items:center;gap:12px;flex-wrap:wrap;}
h1{font-size:clamp(24px,4vw,38px);font-weight:700;margin:0}
.pill{display:inline-flex;align-items:center;gap:8px;padding:6px 10px;border-radius:999px;border:1px solid var(--border);background:#fff;font-weight:600;font-size:14px;color:#111}
.pill small{font-weight:500;color:var(--muted)}
p.lead{margin:12px 0 24px;color:var(--muted)}
.grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(260px,1fr));gap:18px;margin-top:16px}
.node{background:var(--card);border:1px solid var(--border);border-radius:14px;padding:18px;display:flex;flex-direction:column;gap:12px;box-shadow:0 6px 18px rgba(0,0,0,.04)}
.node h3{margin:0 0 4px;font-size:16px}
.sub{margin:0;color:var(--muted);font-size:14px}
.status-badge{display:inline-flex;align-items:center;gap:8px;padding:6px 10px;border-radius:999px;border:1px solid var(--border);background:#fff;font-weight:700;width:max-content}
.status-badge.ok{color:var(--success);border-color:#bbf7d0;background:#f0fdf4}
.status-badge.err{color:var(--danger);border-color:#fecaca;background:#fef2f2}
.row{display:flex;gap:12px;flex-wrap:wrap}
.field{display:flex;flex-direction:column;gap:6px;flex:1;min-width:220px}
label{font-weight:600}
input[type="text"]{
padding:12px;border-radius:10px;border:1px solid var(--border);outline:none;background:#fff;
}
input[type="text"]:focus{border-color:var(--accent);box-shadow:0 0 0 3px rgba(37,99,235,.15)}
.btn{border:1px solid var(--border);background:#fff;font-weight:600;padding:10px 14px;border-radius:10px;cursor:pointer}
.btn.primary{background:var(--accent);border-color:var(--accent);color:#fff}
.btn:disabled{opacity:.6;cursor:not-allowed}
.muted{color:var(--muted)}
.code{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;white-space:pre-wrap;background:#f8fafc;border:1px solid var(--border);padding:12px;border-radius:10px}
.chip{display:inline-block;margin:4px 6px 0 0;padding:4px 8px;border-radius:999px;background:#eef2ff;border:1px solid #c7d2fe;color:#3730a3;font-weight:600;font-size:12px}
footer{margin-top:40px;color:var(--muted);font-size:13px;text-align:center}
.hint{font-size:13px;color:var(--muted)}
</style>
</head>
<body>
<div class="wrap">
<header>
<h1>IP Check</h1>
<span class="pill">FLODP <small>Security Utility</small></span>
</header>
<p class="lead">Prüfe schnell, ob eine IP in den Blocklisten gelistet ist. Die Abfrage nutzt den Endpunkt <code>/check/&lt;ip&gt;</code>.</p>
<section class="grid" aria-label="IP-Check">
<!-- Formular -->
<article class="node">
<h3>Anfrage</h3>
<p class="sub">Sende eine Abfrage an <code>/check/&lt;ip&gt;</code></p>
<form id="checkForm" class="row" novalidate>
<div class="field">
<label for="ip">IP-Adresse</label>
<input id="ip" name="ip" type="text" placeholder="z. B. 203.0.113.42 oder 2001:db8::1" autocomplete="off" required>
<small class="hint">IPv4 oder IPv6. Es erfolgt eine leichte Client-Validierung.</small>
</div>
<div class="row" style="align-items:flex-end">
<button id="btnCheck" class="btn primary" type="submit">Check ausführen</button>
<button id="btnClear" class="btn" type="button">Zurücksetzen</button>
</div>
</form>
</article>
<!-- Ergebnis -->
<article class="node" id="resultCard" aria-live="polite">
<h3>Ergebnis</h3>
<div id="statusBadge" class="status-badge" style="display:none"></div>
<div id="summary" class="muted">Noch keine Abfrage durchgeführt.</div>
<div id="catsWrap" style="display:none">
<strong>Kategorien:</strong>
<div id="cats"></div>
</div>
<details id="rawWrap" style="margin-top:8px; display:none">
<summary><strong>Rohdaten (Response JSON)</strong></summary>
<pre id="raw" class="code"></pre>
</details>
</article>
</section>
<footer>
<span>© First-Line-Of-Defense-Project</span>
</footer>
</div>
<script>
const form = document.getElementById('checkForm');
const ipInput = document.getElementById('ip');
const btnCheck = document.getElementById('btnCheck');
const btnClear = document.getElementById('btnClear');
const statusBadge = document.getElementById('statusBadge');
const summary = document.getElementById('summary');
const catsWrap = document.getElementById('catsWrap');
const cats = document.getElementById('cats');
const rawWrap = document.getElementById('rawWrap');
const raw = document.getElementById('raw');
// Simple IPv4/IPv6 Check (nicht perfekt, aber hilfreich)
function looksLikeIP(value){
const v = value.trim();
const ipv4 = /^(25[0-5]|2[0-4]\d|[01]?\d\d?)(\.(25[0-5]|2[0-4]\d|[01]?\d\d?)){3}$/;
const ipv6 = /^([0-9a-f]{0,4}:){2,7}[0-9a-f]{0,4}$/i; // sehr tolerant
return ipv4.test(v) || ipv6.test(v);
}
function setLoading(loading){
btnCheck.disabled = loading;
btnCheck.textContent = loading ? 'Wird geprüft…' : 'Check ausführen';
ipInput.disabled = loading;
}
function setStatus(ok, text){
statusBadge.style.display = 'inline-flex';
statusBadge.className = 'status-badge ' + (ok ? 'ok' : 'err');
statusBadge.textContent = ok ? 'OK • not listed' : 'BLOCKED • listed';
summary.textContent = text;
}
function resetUI(){
statusBadge.style.display = 'none';
statusBadge.className = 'status-badge';
summary.textContent = 'Noch keine Abfrage durchgeführt.';
catsWrap.style.display = 'none';
cats.innerHTML = '';
rawWrap.style.display = 'none';
raw.textContent = '';
}
btnClear.addEventListener('click', () => {
form.reset();
resetUI();
ipInput.focus();
});
form.addEventListener('submit', async (e) => {
e.preventDefault();
const ip = ipInput.value.trim();
if(!looksLikeIP(ip)){
ipInput.focus();
ipInput.select();
summary.textContent = 'Bitte eine gültige IPv4- oder IPv6-Adresse eingeben.';
statusBadge.style.display = 'inline-flex';
statusBadge.className = 'status-badge err';
statusBadge.textContent = 'Ungültige IP';
catsWrap.style.display = 'none';
rawWrap.style.display = 'none';
return;
}
setLoading(true);
try{
const res = await fetch('/check/' + encodeURIComponent(ip));
const data = await res.json();
// Erwartete Struktur: { ip: "...", blocked: bool, categories: [] }
const ok = data && data.blocked === false;
setStatus(ok, ok
? 'Die IP ' + data.ip + ' ist nicht gelistet.'
: 'Die IP ' + data.ip + ' ist gelistet.');
// Kategorien
const list = Array.isArray(data.categories) ? data.categories : [];
if(!ok && list.length > 0){
catsWrap.style.display = 'block';
cats.innerHTML = list.map(function(c){ return '<span class="chip">' + c + '</span>'; }).join('');
}else{
catsWrap.style.display = 'none';
cats.innerHTML = '';
}
// Rohdaten anzeigen
rawWrap.style.display = 'block';
raw.textContent = JSON.stringify(data, null, 2);
}catch(err){
setStatus(false, 'Fehler bei der Abfrage. Details siehe Konsole.');
console.error(err);
rawWrap.style.display = 'none';
}finally{
setLoading(false);
}
});
</script>
</body>
</html>`
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.WriteHeader(http.StatusOK)
_, _ = w.Write([]byte(html))
}
func errorhtml(w http.ResponseWriter, r *http.Request) {
html := `<!doctype html>
<html lang="de">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Blocked by the First-Line-Of-Defense-Project</title>
<style>
:root{
--bg:#f6f7f9;--text:#1f2937;--muted:#6b7280;--card:#ffffff;
--success:#22c55e;--danger:#ef4444;--accent:#2563eb;--border:#e5e7eb;
}
*{box-sizing:border-box}
html,body{height:100%}
body{margin:0;background:var(--bg);color:var(--text);font:16px/1.5 system-ui,-apple-system,Segoe UI,Roboto,Ubuntu,"Helvetica Neue",Arial}
.wrap{max-width:980px;margin:0 auto;padding:40px 16px 64px}
header{display:flex;align-items:center;gap:12px;flex-wrap:wrap;}
h1{font-size:clamp(24px,4vw,38px);font-weight:700;margin:0}
.pill{display:inline-flex;align-items:center;gap:8px;padding:6px 10px;border-radius:999px;border:1px solid var(--border);background:#fff;font-weight:600;font-size:14px;color:#111}
.pill small{font-weight:500;color:var(--muted)}
p.lead{margin:12px 0 24px;color:var(--muted)}
.grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(220px,1fr));gap:18px;margin-top:16px}
.node{background:var(--card);border:1px solid var(--border);border-radius:14px;padding:18px;display:flex;flex-direction:column;align-items:center;gap:10px;box-shadow:0 6px 18px rgba(0,0,0,.04)}
.icon{position:relative;width:104px;height:80px;display:grid;place-items:center}
.status{position:absolute;right:-8px;bottom:-8px;width:30px;height:30px;border-radius:999px;display:grid;place-items:center;color:#fff;font-weight:800;font-size:14px}
.status.ok{background:var(--success)}
.status.err{background:var(--danger)}
.node h3{margin:6px 0 0;font-size:16px}
.node .sub{margin:0;color:var(--muted);font-size:14px}
.node .state{margin:4px 0 0;font-weight:700}
.state.ok{color:var(--success)}
.state.err{color:var(--danger)}
.actions{margin-top:28px;display:flex;gap:12px;flex-wrap:wrap}
.btn{border:1px solid var(--border);background:#fff;font-weight:600;padding:10px 14px;border-radius:10px;cursor:pointer}
.btn.primary{background:var(--accent);border-color:var(--accent);color:#fff}
.meta{margin-top:24px;color:var(--muted);font-size:13px}
footer{margin-top:40px;color:var(--muted);font-size:13px}
/* Simple, friendly SVG look */
svg{display:block}
.dim{fill:#e5e7eb}
.stroke{stroke:#9ca3af}
</style>
</head>
<body>
<div class="wrap">
<header>
<h1>You have been blocked by the First-Line-Of-Defense-Project</h1>
<span class="pill">ERROR&nbsp;403 <small>Forbidden</small></span>
</header>
<p class="lead">
Your connection attempt to the target server was blocked by the First-Line-Of-Defense-Project. Your IP address is listed on at least one blacklist.
</p>
<section class="grid" aria-label="Diagnostic chain">
<article class="node" aria-label="Browser Status">
<div class="icon" aria-hidden="true">
<svg width="88" height="62" viewBox="0 0 88 62" xmlns="http://www.w3.org/2000/svg" role="img">
<rect x="1" y="6" width="86" height="55" rx="8" fill="#fff" stroke="#d1d5db"/>
<rect x="1" y="1" width="86" height="14" rx="8" fill="#f3f4f6" stroke="#d1d5db"/>
<circle cx="10" cy="8" r="2.5" fill="#ef4444"/>
<circle cx="18" cy="8" r="2.5" fill="#f59e0b"/>
<circle cx="26" cy="8" r="2.5" fill="#22c55e"/>
</svg>
<div class="status ok" title="Functional">✓</div>
</div>
<h3>You</h3>
<p class="sub">Browser</p>
<p class="state ok">Functional</p>
</article>
<!-- Edge / Proxy -->
<article class="node" aria-label="FLODP Status">
<div class="icon" aria-hidden="true">
<svg width="96" height="64" viewBox="0 0 96 64" xmlns="http://www.w3.org/2000/svg" role="img">
<path d="M33 44h32a14 14 0 0 0 0-28 18 18 0 0 0-34-5 16 16 0 0 0-4 31z" fill="#e5e7eb" stroke="#d1d5db"/>
</svg>
<div class="status err" title="Blocked">✕</div>
</div>
<h3>FLODP-SERVICE</h3>
<p class="sub">Security-Gateway</p>
<p class="state err">Blocked your request</p>
</article>
<!-- Host / Origin -->
<article class="node" aria-label="Origin/Host Status">
<div class="icon" aria-hidden="true">
<svg width="88" height="62" viewBox="0 0 88 62" xmlns="http://www.w3.org/2000/svg" role="img">
<rect x="6" y="10" width="76" height="18" rx="4" fill="#f3f4f6" stroke="#d1d5db"/>
<circle cx="16" cy="19" r="3" fill="#9ca3af"/>
<rect x="6" y="34" width="76" height="18" rx="4" fill="#f3f4f6" stroke="#d1d5db"/>
<circle cx="16" cy="43" r="3" fill="#9ca3af"/>
</svg>
<div class="status ok" title="Functional">✓</div>
</div>
<h3>Host</h3>
<p class="sub">Origin-Server</p>
<p class="state ok">Functional</p>
</article>
</section>
<div class="actions">
<button class="btn primary" onclick="location.reload()">Try again</button>
<button class="btn" onclick="document.getElementById('details').toggleAttribute('open')">Show details</button>
</div>
<details id="details" class="meta">
<summary><strong>Technical details</strong></summary>
<ul>
<li>Error: <strong>403</strong> - Your IP address is listed on at least one blacklist. The service's security system has therefore rejected your connection.</li>
<li>Time: <span id="now">-</span></li>
</ul>
<p>Tips: Check if your system (browser, API, or similar) has a high connection frequency and has been blocked on other systems protected by FLODP.</p>
</details>
<footer>
<span>If the problem persists, contact the website operator.</span>
</footer>
</div>
<script>
(function(){
const now = new Date()
document.getElementById('now').textContent = now.toLocaleString()
})()
</script>
</body>
</html>`
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.WriteHeader(http.StatusForbidden)
_, _ = w.Write([]byte(html))
}