Skip to content
This repository has been archived by the owner on Apr 18, 2022. It is now read-only.

Latest commit

 

History

History
59 lines (41 loc) · 3 KB

README.md

File metadata and controls

59 lines (41 loc) · 3 KB

GitHub stars Docker Cloud Build Status Docker Cloud Automated build GitHub package.json version

Description

⚠️ This program is still experimental so there are probably some bugs and vulnerabilities in the bot detection system. ⚠️

The algorithm is based on the fact that every browser will accept cookie and load the external CSS that you included in your HTML page so in case of a basic bot it won't simply process the cookie or/and load that external CSS file because it does not process the HTML code.

How to make it work? (minimalistic configuration)

  1. Copy the example.toml to config.toml.

  2. Modify the setting TARGET in the config.toml to the URL where your application is listening to. For example if your application reachable on http://127.0.0.1:8080 just set 127.0.0.1:8080 in the setting.

  3. Modify the setting JAIL_PATH in the config.toml to an empty directory that you created for the application.

  4. On your main webserver (nginx, apache, caddy,...) when you will proxy the antibot-proxy application you will also need to pass the IP address of the client to the application (with the X-Real-IP header). Here is how to do it on:

  • Apache:
RemoteIPHeader X-Real-IP
  • NGINX:
proxy_set_header X-Real-IP $remote_addr;
  • Caddy:
transparent

Note: You may consult the documentation of your webserver for further details about proxying an application.

Reference of each setting in config.toml for advanced configuration

  • COOKIE_NAME: The name of the cookie that will be used for checking if the client can handle the cookie.
  • ENDPOINT_NAME: The name of the CSS file that will be used for checking if the client can process the HTML code.
  • JAIL_PATH: The path to the directory where the banned IP will be stored. Optionally to be used with the ipfilter plugin of Caddy.
  • MAX_RETRY: The number of retries allowed for the client before getting banned.
  • PORT: The port of which the proxy application will listen to.
  • TARGET: The URL of the application to proxy/protect.
  • TIMEOUT_LOAD: The time before the program consider that the client failed to reach the CSS file.
  • WHITELIST: The IP that you want to be whitelisted.
  • WHITELIST_PAGES: Pages to whitelist from the blocked page for bots.

How to configure the ipfilter Caddy plugin to handle the banned IPs?

You just need to add this block to your Caddyfile:

ipfilter / {
		rule block
		prefix_dir JAIL_PATH
}

and change JAIL_PATH with the value of JAIL_PATH that you have previously defined in the config.toml file.