UNPKG

@edgedev/voidgates-watcher

Version:

Watches access logs and blocks abusive IPs via Cloudflare

github.com/Edge-Marketing-and-Design/voidgates-watcher

Edge-Marketing-and-Design/voidgates-watcher

69 lines (58 loc) 2.62 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import fs from 'fs' import path from 'path' import inquirer from 'inquirer' const apacheDefault = '/opt/bitnami/apache2/conf/httpd.conf' const nginxDefault = '/opt/bitnami/nginx/conf/nginx.conf' async function checkRealIPConfig() { try { const { serverType } = await inquirer.prompt([ { type: 'list', name: 'serverType', message: 'What web server are you using?', choices: ['Apache', 'Nginx'], }, ]) const { confPath } = await inquirer.prompt([ { type: 'input', name: 'confPath', message: `Enter the path to your ${serverType} config file (this is just for a check, it won't be modified):`, default: serverType === 'Apache' ? apacheDefault : nginxDefault, }, ]) const resolvedPath = path.resolve(confPath) if (!fs.existsSync(resolvedPath)) { console.warn(`[WARNING] Config file not found at ${resolvedPath}`) return } const confContent = fs.readFileSync(resolvedPath, 'utf-8') if ( confContent.includes('RemoteIPHeader') || confContent.includes('real_ip_header') || confContent.includes('mod_remoteip') ) { console.log('[SUCCESS] Real IP logic already appears to be configured.') } else { console.warn(`[WARNING] Your server does not appear to be configured to pass the real visitor IP address.`) console.warn(` If not configured, Cloudflare proxy IPs may be blocked instead of the actual attacker IPs.`) console.warn(`\n Please follow the official guide to enable real IP support:`); console.warn(` https://developers.cloudflare.com/fundamentals/get-started/reference/http-request-headers/#connecting-ip`); console.warn(`\n Example Apache config:`); console.warn(` LoadModule remoteip_module modules/mod_remoteip.so`); console.warn(` RemoteIPHeader CF-Connecting-IP`); console.warn(` RemoteIPTrustedProxy 173.245.48.0/20`); console.warn(` RemoteIPTrustedProxy 103.21.244.0/22`); console.warn(` # (Add all Cloudflare IP ranges)`); console.warn(`\n Example Nginx config:`); console.warn(` real_ip_header CF-Connecting-IP;`); console.warn(` set_real_ip_from 173.245.48.0/20;`); console.warn(` set_real_ip_from 103.21.244.0/22;`); console.warn(` # (Add all Cloudflare IP ranges)`); console.warn(`\n Full Cloudflare IP list: https://www.cloudflare.com/ips/`); } } catch (err) { console.warn(`[WARNING] Real IP config check failed or was skipped.`, err.message) } } checkRealIPConfig()