No description
Find a file
2024-12-21 06:04:59 -05:00
src already tested IPs should be logged on debug level 2024-07-26 15:10:24 -04:00
.editorconfig First commit 2024-07-26 00:24:03 -04:00
.gitattributes First commit 2024-07-26 00:24:03 -04:00
.gitignore First commit 2024-07-26 00:24:03 -04:00
.yarnrc.yml First commit 2024-07-26 00:24:03 -04:00
asn_blacklist Update asn_blacklist 2024-12-21 06:04:59 -05:00
config.example.toml spur no longer blocks literally everything 2024-07-26 15:07:51 -04:00
LICENSE.txt First commit 2024-07-26 00:24:03 -04:00
package.json First commit 2024-07-26 00:24:03 -04:00
README.md fill in README and comment config.example.toml 2024-07-26 00:46:12 -04:00
tsconfig.json First commit 2024-07-26 00:24:03 -04:00
whitelister.service add example systemd service 2024-07-26 00:55:46 -04:00
yarn.lock First commit 2024-07-26 00:24:03 -04:00

Whitelister ETERNAL

A node.js server that can be used with Nginx Auth Requests to filter out VPN/Proxy/Datacenter IPs using a couple methods

Jumpstart

  1. Clone the repo
  2. Copy config.example.toml to config.toml and fill out necessary fields
  3. Install dependencies: yarn
  4. Build the TypeScript: yarn build
  5. Run it: yarn serve or node ./dist/index.js

Nginx setup

This is designed to be used with Nginx Auth Requests. You can include it in your config as follows:

Make SURE that if your site is proxied with Cloudflare that you comment and uncomment the indicated lines, or you will be vulnerable to IP spoofing due to the non-standard way Cloudflare sets the X-Forwarded-For header.

upstream whitelister {
    server 127.0.0.1:3000; # If you changed the port in config.toml, change here too
}

server {
    # ...
    location /whitelister/ {
        internal;
        
        proxy_pass http://whitelister/auth;

        # Comment this if you use Cloudflare
        proxy_set_header X-Forwarded-For $remote_addr;

        # Uncomment this if you do NOT use Cloudflare
        # proxy_set_header X-Forwarded-For $http_cf_connecting_ip;
    }

    location /path-i-want-protected/ {
        # ...
        auth_request /whitelister/;
    }
}