yordadev/YorBlacklister

cloudflare cloudflare-api firewall-rules nginx-logs nodejs utility-application

YorBlacklisterJS

This project is an experimental NodeJS utility that parses Nginx access logs, capturing any red-flags, and updates a CloudFlare blacklist using axios.

Requirements

Latest NodeJS
Latest Axios
Cloudflare Account

Installing

Clone repo

git clone github.com/yordadev/YorBlacklister
cd YorBlacklister

Run npm install.

npm install

Create Config.js

cp lib/Example.Config.js lib/Config.js

Retrieve CloudFlare API key and list IDs

Retrieve your CloudFlare key here
Get your CloudFlare account and list ID's; if you cannot find them, you will need to consume the methods included in the CloudFlare class to get them.

Modify `lib/Config.js`

class Config {
    constructor() {
        this.codes = ["301", "400", "404"]; // Set whatever codes you want to watch for being excessively hit
        this.file_path = "../logs/access.log"; // See the next step 
        this.email = ""; // CloudFlare email
        this.key = "";   // CloudFlare key
        this.account_id = ""; // CloudFlare account_id
        this.list_id = ""; // CloudFlare list id for your blacklist
        this.limit = 4; // red-flag if IP occurrences on 301 code over limit
    }
}

Retrieve Nginx logs from server

Copy your access logs into the ./logs folder.

mkdir logs
scp -r user@your.server.example.com:/var/log/nginx logs

Redflag Demo Screenshot

About

A experimental NodeJS utility application that investigates given Nginx access log files capturing red-flags for you and update your Cloudflare firewall ip blacklist with the captured red-flagged IP Addresses.