Skip to content

jaconsult0512/haproxy_custom_dns

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

RobatTV DNS Security System

A custom DNS security solution with HAProxy integration for bot detection and IP blacklisting built with Laravel.

Features

  • Bot Detection: Analyze requests for bot signatures using user-agent patterns, behavior analysis, and fingerprinting
  • IP Blacklisting: Automatic and manual IP blocking with expiration support
  • IP Whitelisting: Protect trusted IPs from being blocked
  • HAProxy Integration: Sync blocked/whitelisted IPs to HAProxy for edge-level blocking
  • Rate Limiting: Configurable rate limits per IP
  • Request Logging: Log all requests with threat scores for analysis
  • Threat Intelligence: Optional integration with AbuseIPDB and IPInfo
  • Admin API: RESTful API for managing all security features

Architecture

                    ┌─────────────────────────────────────┐
                    │              HAProxy                │
                    │  - Rate limiting (stick-table)      │
                    │  - IP blacklist/whitelist           │
                    │  - Basic bot detection (UA)         │
                    └──────────────┬──────────────────────┘
                                   │
                    ┌──────────────▼──────────────────────┐
                    │          Laravel API                │
                    │  ┌────────────────────────────────┐ │
                    │  │   DnsSecurityMiddleware        │ │
                    │  │   - Deep bot analysis          │ │
                    │  │   - Behavior detection         │ │
                    │  │   - Fingerprinting             │ │
                    │  │   - Auto-blocking              │ │
                    │  └────────────────────────────────┘ │
                    │                                     │
                    │  ┌────────────────────────────────┐ │
                    │  │   Services                     │ │
                    │  │   - BotDetectionService        │ │
                    │  │   - HaproxyService             │ │
                    │  │   - ThreatIntelligenceService  │ │
                    │  └────────────────────────────────┘ │
                    └──────────────┬──────────────────────┘
                                   │
                    ┌──────────────▼──────────────────────┐
                    │           Database                  │
                    │  - users                            │
                    │  - blocked_ips                      │
                    │  - whitelist_ips                    │
                    │  - request_logs                     │
                    │  - bot_signatures                   │
                    └─────────────────────────────────────┘

Installation

  1. Clone the repository and install dependencies:
composer install
  1. Copy environment file and configure:
cp .env.example .env
php artisan key:generate
  1. Configure your database in .env

  2. Run migrations and seeders:

php artisan migrate
php artisan db:seed
  1. Copy HAProxy configuration:
sudo cp config/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg
sudo cp config/haproxy/blacklist.txt /etc/haproxy/blacklist.txt
sudo cp config/haproxy/whitelist.txt /etc/haproxy/whitelist.txt
  1. Set up the scheduler in crontab:
* * * * * cd /path-to-project && php artisan schedule:run >> /dev/null 2>&1

API Endpoints

Authentication

All endpoints (except /api/health and /api/security/haproxy-check) require an API token:

Authorization: Bearer your-api-token
# or
X-API-Token: your-api-token

Blocked IPs

Method Endpoint Description
GET /api/blocked-ips List all blocked IPs
POST /api/blocked-ips Block an IP
GET /api/blocked-ips/{id} Get blocked IP details
PUT /api/blocked-ips/{id} Update blocked IP
DELETE /api/blocked-ips/{id} Unblock an IP
POST /api/blocked-ips/unblock Unblock by IP address
POST /api/blocked-ips/bulk Bulk block IPs
POST /api/blocked-ips/sync-haproxy Sync to HAProxy
GET /api/blocked-ips/stats Get blocking statistics

Whitelist IPs

Method Endpoint Description
GET /api/whitelist-ips List whitelisted IPs
POST /api/whitelist-ips Add IP to whitelist
DELETE /api/whitelist-ips/{id} Remove from whitelist
POST /api/whitelist-ips/sync-haproxy Sync to HAProxy

Request Logs

Method Endpoint Description
GET /api/request-logs List request logs
GET /api/request-logs/{id} Get log details
GET /api/request-logs/stats Get traffic statistics
POST /api/request-logs/ip-analysis Analyze specific IP
DELETE /api/request-logs/cleanup Clean old logs (admin)

Bot Signatures

Method Endpoint Description
GET /api/bot-signatures List signatures
POST /api/bot-signatures Create signature
PUT /api/bot-signatures/{id} Update signature
DELETE /api/bot-signatures/{id} Delete signature
POST /api/bot-signatures/test Test pattern

Security

Method Endpoint Description
GET /api/security/check-ip Check IP status
GET /api/security/analyze Analyze current request
GET /api/security/haproxy-check HAProxy integration endpoint
GET /api/health Health check

API Examples

Block an IP

curl -X POST http://localhost/api/blocked-ips \
  -H "Authorization: Bearer your-token" \
  -H "Content-Type: application/json" \
  -d '{
    "ip_address": "192.168.1.100",
    "block_type": "permanent",
    "reason": "Malicious activity detected"
  }'

Check IP Status

curl -X GET "http://localhost/api/security/check-ip?ip=192.168.1.100" \
  -H "Authorization: Bearer your-token"

Get Traffic Statistics

curl -X GET "http://localhost/api/request-logs/stats?minutes=60" \
  -H "Authorization: Bearer your-token"

Bulk Block IPs

curl -X POST http://localhost/api/blocked-ips/bulk \
  -H "Authorization: Bearer your-token" \
  -H "Content-Type: application/json" \
  -d '{
    "ip_addresses": ["1.2.3.4", "5.6.7.8"],
    "block_type": "temporary",
    "reason": "Bulk attack detected",
    "expires_at": "2024-12-31 23:59:59"
  }'

Artisan Commands

# Sync blocked/whitelisted IPs to HAProxy
php artisan dns:sync-haproxy
php artisan dns:sync-haproxy --blacklist --reload

# Clean up expired blocks
php artisan dns:cleanup-expired --sync

# Analyze suspicious IPs
php artisan dns:analyze-suspicious --minutes=60 --threshold=70 --auto-block --sync

# Clean old logs
php artisan dns:cleanup-logs --days=30

Bot Detection Criteria

The system analyzes requests based on:

  1. User-Agent Analysis

    • Known bot patterns
    • Empty user-agent
    • Suspicious strings
  2. Rate Limiting

    • Requests per minute
    • Requests per hour
  3. Behavior Analysis

    • Sequential crawling patterns
    • Request interval timing
    • Accessing sensitive endpoints
  4. Header Analysis

    • Missing standard headers
    • Suspicious header values
  5. Fingerprinting

    • Browser fingerprint matching
    • Multiple IPs with same fingerprint

Threat Scoring

Each check adds to the threat score:

Check Score
Empty user-agent 30
Suspicious user-agent 40
Rate limit exceeded 50
Fast request interval 40
Sequential crawling 25
Missing headers 10-15 each
Sensitive endpoint 10

When the combined score exceeds the threshold (default: 70), the IP is automatically blocked.

Configuration

Key configuration options in config/dns_security.php:

'block_threshold' => 70,           // Score to trigger blocking
'auto_block_duration' => 60,       // Minutes for auto-blocks
'rate_limits' => [
    'per_minute' => 60,
    'per_hour' => 1000,
],

Default Credentials

After running seeders:

  • Admin: admin@robattv.com / Token: robattv-admin-token
  • Operator: operator@robattv.com / Token: robattv-operator-token

Important: Change these in production!

License

MIT License - RobatTV

About

No description, website, or topics provided.

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages