This repository has been archived by the owner on Jun 11, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprotection.lua
141 lines (126 loc) · 4.31 KB
/
protection.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
local whitelist = {
"127.0.0.1"
}
local blacklist = {}
local function ip_in_list(ip, list)
for _, value in ipairs(list) do
if value == ip then
return true
end
end
return false
end
local function get_client_ip()
local real_ip = ngx.var.http_x_forwarded_for
if real_ip then
-- If there are multiple IP addresses, take the first one
local first_ip = real_ip:match("([^,%s]+)")
if first_ip then
return first_ip
end
end
return ngx.var.remote_addr
end
local function generate_random_token()
local charset = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
local token = ""
for i = 1, 8 do
local index = math.random(1, #charset)
token = token .. charset:sub(index, index)
end
return token
end
local function set_cookie()
local token = generate_random_token()
ngx.header['Set-Cookie'] = 'TOKEN=' .. token .. '; path=/; max-age=1800; HttpOnly'
end
local function display_recaptcha(client_ip)
ngx.log(ngx.ERR, "Displaying reCAPTCHA for IP: " .. client_ip)
ngx.header.content_type = 'text/html'
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say([[
<!DOCTYPE html>
<html>
<head>
<title>Checking Your Browser...</title>
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha" async defer></script>
<style>
html, body {
height: 100%%;
margin: 0;
padding: 0;
background-color: #1b1c30;
color: #FFF;
font-family: Arial, Helvetica, sans-serif;
}
.box {
border: 5px solid #2e2f4d;
background-color: #222339;
border-radius: 3px;
text-align: center;
padding: 70px 0;
width: 100%%;
height: 100%%;
}
</style>
<script>
function onSubmit(token) {
document.cookie = "TOKEN=" + token + "; max-age=1800; path=/";
window.location.reload();
}
</script>
</head>
<body>
<div class="box">
<h1>Checking Your Browser...</h1>
<p>Protected By DDOS Guardian</p>
<div class="g-recaptcha" data-sitekey="SITE-KEY" data-callback="onSubmit"></div>
</div>
</body>
</html>
]])
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local function main()
local client_ip = get_client_ip()
local user_agent = ngx.var.http_user_agent or ""
ngx.log(ngx.ERR, "Client IP: " .. tostring(client_ip))
if ip_in_list(client_ip, blacklist) then
ngx.log(ngx.ERR, "Client IP is blacklisted: " .. client_ip)
ngx.exit(ngx.HTTP_FORBIDDEN)
end
if ngx.var.request_uri:match("%.php$") or
ngx.var.request_uri:match("%.js$") or
ngx.var.request_uri:match("%.html$") or
ngx.var.request_uri:match("%.jsx$") or
ngx.var.request_uri:match("%.ts$") or
ngx.var.request_uri:match("%.tsx$") or
ngx.var.request_uri:match("%.png$") or
ngx.var.request_uri:match("%.jpg$") or
ngx.var.request_uri:match("%.jpeg$") or
ngx.var.request_uri:match("%.gif$") or
ngx.var.request_uri:match("%.svg$") or
ngx.var.request_uri:match("%.ico$") or
ngx.var.request_uri:match("%.css$") or
ngx.var.request_uri:match("%.woff$") or
ngx.var.request_uri:match("%.woff2$") or
ngx.var.request_uri:match("%.ttf$") or
ngx.var.request_uri:match("%.eot$") or
ngx.var.request_uri:match("%.otf$") or
ngx.var.request_uri:match("%.webp$") then
ngx.log(ngx.ERR, "Requested file type allowed")
return
end
if ip_in_list(client_ip, whitelist) then
ngx.log(ngx.ERR, "Client IP is whitelisted: " .. client_ip)
set_cookie() -- Generate token for whitelisted IP
return
end
if ngx.var.cookie_TOKEN then
ngx.log(ngx.ERR, "Token cookie found")
return -- Allow the request to proceed normally
end
ngx.log(ngx.ERR, "Client IP is not whitelisted, showing reCAPTCHA")
display_recaptcha(client_ip)
end
main()