whitelister-eternal/README.md

# Whitelister ETERNAL

A node.js server that can be used with Nginx Auth Requests to filter out VPN/Proxy/Datacenter IPs using a couple methods

## Jumpstart

1. Clone the repo
2. Copy `config.example.toml` to `config.toml` and fill out necessary fields
3. Install dependencies: `yarn`
4. Build the TypeScript: `yarn build`
5. Run it: `yarn serve` or `node ./dist/index.js`

## Nginx setup

This is designed to be used with Nginx Auth Requests. You can include it in your config as follows:

Make SURE that if your site is proxied with Cloudflare that you comment and uncomment the indicated lines, or you will be vulnerable to IP spoofing due to the non-standard way Cloudflare sets the X-Forwarded-For header.

```nginx
upstream whitelister {
    server 127.0.0.1:3000; # If you changed the port in config.toml, change here too
}

server {
    # ...
    location /whitelister/ {
        internal;
        
        proxy_pass http://whitelister/auth;

        # Comment this if you use Cloudflare
        proxy_set_header X-Forwarded-For $remote_addr;

        # Uncomment this if you do NOT use Cloudflare
        # proxy_set_header X-Forwarded-For $http_cf_connecting_ip;
    }

    location /path-i-want-protected/ {
        # ...
        auth_request /whitelister/;
    }
}
```
fill in README and comment config.example.toml 2024-07-26 00:46:12 -04:00			`# Whitelister ETERNAL`

			`A node.js server that can be used with Nginx Auth Requests to filter out VPN/Proxy/Datacenter IPs using a couple methods`

			`## Jumpstart`

			`1. Clone the repo`
			2. Copy `config.example.toml` to `config.toml` and fill out necessary fields
			3. Install dependencies: `yarn`
			4. Build the TypeScript: `yarn build`
			5. Run it: `yarn serve` or `node ./dist/index.js`

			`## Nginx setup`

			`This is designed to be used with Nginx Auth Requests. You can include it in your config as follows:`

			`Make SURE that if your site is proxied with Cloudflare that you comment and uncomment the indicated lines, or you will be vulnerable to IP spoofing due to the non-standard way Cloudflare sets the X-Forwarded-For header.`

			```nginx
			`upstream whitelister {`
			`server 127.0.0.1:3000; # If you changed the port in config.toml, change here too`
			`}`

			`server {`
			`# ...`
			`location /whitelister/ {`
			`internal;`

			`proxy_pass http://whitelister/auth;`

			`# Comment this if you use Cloudflare`
			`proxy_set_header X-Forwarded-For $remote_addr;`

			`# Uncomment this if you do NOT use Cloudflare`
			`# proxy_set_header X-Forwarded-For $http_cf_connecting_ip;`
			`}`

			`location /path-i-want-protected/ {`
			`# ...`
			`auth_request /whitelister/;`
			`}`
			`}`
			```