Implement useragent blacklisting as per #23

2022-05-10 22:24:03 -07:00 · 2022-05-10 22:24:03 -07:00 · b6473d3593
parent bbc1ac368e
commit b6473d3593
5 changed files with 31 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -58,8 +58,8 @@ In the event of a missing configuration file, HellPot will attempt to place it's

 666 ) 𝙏͘͝𝙝̓̓͛𝙚͑̈́̀ 𝙨͆͠͝𝙠͑̾͌𝙮̽͌͆ 𝙞̓̔̔𝙨͒͐͝ 𝙛͑̈́̚𝙖͛͒𝙡͑͆̽𝙡̾̚̚𝙞͋̒̒𝙣̾͛͝𝙜͒̒̀.́̔͝

-## Example Config (toml) 
-   
+## Configuration Reference 
+
 ```toml
 [deception]
  # Used as "Server" HTTP header. Note that reverse proxies may hide this.
@ -70,6 +70,10 @@ In the event of a missing configuration file, HellPot will attempt to place it's
  bind_addr = "127.0.0.1"
  bind_port = "8080"

+  # this contains a list of blacklisted useragent strings. (case sensitive)
+  # clients with useragents containing any of these strings will receive "Not found" for any requests.
+  uagent_string_blacklist = ["Cloudflare-Traffic-Manager", "curl"]
+
  # Unix Socket Listener (will override default)
  unix_socket_path = "/var/run/hellpot"
  unix_socket_permissions = "0666"
@ -88,8 +92,11 @@ In the event of a missing configuration file, HellPot will attempt to place it's
  debug = true
  # extra verbose (-vv)
  trace = false
+  # JSON log files will be storn in the below directory. 
  directory = "/home/kayos/.config/HellPot/logs/"
+  # disable all color in console output. when using Windows this will default to true.
  nocolor = false
+  # toggles the use of the current date as the names for new log files.
  use_date_filename = true

 [performance]
--- a/config/config.go
+++ b/config/config.go
@ -158,7 +158,8 @@ func processOpts() {
 	}
 	// string slice options and their exported variables
 	strSliceOpt := map[string]*[]string{
-		"http.router.paths": &Paths,
+		"http.router.paths":            &Paths,
+		"http.uagent_string_blacklist": &UseragentBlacklistMatchers,
 	}
 	// bool options and their exported variables
 	boolOpt := map[string]*bool{
--- a/config/declarations.go
+++ b/config/declarations.go
@ -38,6 +38,11 @@ var (
 	// if UseUnixSocket, also defined via our toml configuration file, is set to true.
 	UnixSocketPath        = ""
 	UnixSocketPermissions uint32
+
+	// UseragentBlacklistMatchers contains useragent matches checked for with strings.Contains() that
+	// prevent HellPot from firing off.
+	// See: https://github.com/yunginnanet/HellPot/issues/23
+	UseragentBlacklistMatchers []string
 )

 // "performance"
--- a/config/defaults.go
+++ b/config/defaults.go
@ -32,6 +32,7 @@ var defOpts = map[string]map[string]interface{}{
 		"unix_socket_permissions": "0666",
 		"bind_addr":               "127.0.0.1",
 		"bind_port":               "8080",
+
 		"router": map[string]interface{}{
 			"catchall":   false,
 			"makerobots": true,
@ -40,6 +41,9 @@ var defOpts = map[string]map[string]interface{}{
 				"wp-login",
 			},
 		},
+		"uagent_string_blacklist": []string{
+			"Cloudflare-Traffic-Manager",
+		},
 	},
 	"performance": {
 		"restrict_concurrency": false,
--- a/http/router.go
+++ b/http/router.go
@ -3,7 +3,9 @@ package http
 import (
 	"bufio"
 	"fmt"
+	"net/http"
 	"runtime"
+	"strings"
 	"time"

 	"github.com/fasthttp/router"
@ -31,11 +33,20 @@ func hellPot(ctx *fasthttp.RequestCtx) {
 	}

 	remoteAddr := getRealRemote(ctx)
+
 	slog := log.With().
 		Str("USERAGENT", string(ctx.UserAgent())).
 		Str("REMOTE_ADDR", remoteAddr).
 		Interface("URL", string(ctx.RequestURI())).Logger()

+	for _, denied := range config.UseragentBlacklistMatchers {
+		if strings.Contains(string(ctx.UserAgent()), denied) {
+			slog.Trace().Msg("Ignoring useragent")
+			ctx.Error("Not found", http.StatusNotFound)
+			return
+		}
+	}
+
 	if config.Trace {
 		slog = slog.With().Str("caller", path).Logger()
 	}