Update blocked routes
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
This commit is contained in:
parent
b36d394308
commit
bdd2e8c79a
@ -4,7 +4,14 @@ const blackHole = function (req, res) {
|
|||||||
res.redirect("https://crawler-test.com/redirects/infinite_redirect");
|
res.redirect("https://crawler-test.com/redirects/infinite_redirect");
|
||||||
};
|
};
|
||||||
|
|
||||||
router.all('(/*)?/wp-admin/', blackHole);
|
// Specifically allow, but mark as not-found, any `/.well-known/` paths
|
||||||
|
router.all(/^\/\.well-known\//, function(req, res) {
|
||||||
|
res.sendStatus(404);
|
||||||
|
});
|
||||||
|
|
||||||
|
// Block access to any root-level dot files
|
||||||
|
router.all(/^\/\./, blackHole);
|
||||||
|
// Block access to file types I don't use
|
||||||
router.all(/.*\.php$/, blackHole);
|
router.all(/.*\.php$/, blackHole);
|
||||||
router.all(/.*\.asp$/, blackHole);
|
router.all(/.*\.asp$/, blackHole);
|
||||||
router.all(/.*\.aspx$/, blackHole);
|
router.all(/.*\.aspx$/, blackHole);
|
||||||
@ -14,16 +21,23 @@ router.all(/.*\.tar$/, blackHole);
|
|||||||
router.all(/.*\.sql$/, blackHole);
|
router.all(/.*\.sql$/, blackHole);
|
||||||
router.all(/.*\.env$/, blackHole);
|
router.all(/.*\.env$/, blackHole);
|
||||||
router.all(/.*\.ini$/, blackHole);
|
router.all(/.*\.ini$/, blackHole);
|
||||||
|
router.all(/.*\.pem$/, blackHole);
|
||||||
|
router.all(/.*\.key$/, blackHole);
|
||||||
|
router.all(/.*\.crt$/, blackHole);
|
||||||
|
router.all(/.*\.properties$/, blackHole);
|
||||||
|
// Block access to any .git folders
|
||||||
|
router.all(/.*\/\.git\/.*/, blackHole);
|
||||||
|
// Block attempts to navigate up directories
|
||||||
|
router.all(/.*\.\.\/.*/, blackHole);
|
||||||
|
// Block access to special Mac folder
|
||||||
|
router.all('/__MACOSX/*?', blackHole);
|
||||||
|
// Block access to Workdpress files
|
||||||
|
router.all('(/*)?/wp-admin/', blackHole);
|
||||||
router.all('(/*)?/wp-includes/?(*)?', blackHole);
|
router.all('(/*)?/wp-includes/?(*)?', blackHole);
|
||||||
router.all('/.git/*?', blackHole);
|
router.all('(/*)?/wp-content/?(*)?', blackHole);
|
||||||
router.all('/env.test', blackHole);
|
|
||||||
router.all('/data/owncloud.log', blackHole);
|
|
||||||
router.all('/autodiscover/autodiscover.xml', blackHole)
|
|
||||||
router.all('/.well-known/autoconfig(/.*)?', blackHole)
|
|
||||||
router.all('/admin(/.*)?', blackHole)
|
|
||||||
router.all('/wordpress/', blackHole);
|
router.all('/wordpress/', blackHole);
|
||||||
router.all('/wp(2)?/', blackHole);
|
router.all('/wp(2)?/', blackHole);
|
||||||
router.all('/backup/', blackHole);
|
// Block access to possible databases
|
||||||
router.all('/database/', blackHole);
|
router.all('/database/', blackHole);
|
||||||
router.all('/db/', blackHole);
|
router.all('/db/', blackHole);
|
||||||
router.all('/db-backup/', blackHole);
|
router.all('/db-backup/', blackHole);
|
||||||
@ -35,18 +49,37 @@ router.all('/phpmyadmin/', blackHole);
|
|||||||
router.all('/mysqladmin/', blackHole);
|
router.all('/mysqladmin/', blackHole);
|
||||||
router.all('/mysql/', blackHole);
|
router.all('/mysql/', blackHole);
|
||||||
router.all('/myadmin/', blackHole);
|
router.all('/myadmin/', blackHole);
|
||||||
|
// Block access to possible backups and uploads
|
||||||
|
router.all('/backup/', blackHole);
|
||||||
router.all('/uploads/', blackHole);
|
router.all('/uploads/', blackHole);
|
||||||
router.all('/test/', blackHole);
|
router.all('/test/', blackHole);
|
||||||
router.all('/temp/', blackHole);
|
router.all('/temp/', blackHole);
|
||||||
router.all('/credentials(/*)?', blackHole);
|
|
||||||
router.all('/.vscode(/*)?', blackHole);
|
|
||||||
router.all('/sites/default/files/', blackHole);
|
|
||||||
router.all(/.*\/dbbackup\/.*/, blackHole);
|
router.all(/.*\/dbbackup\/.*/, blackHole);
|
||||||
router.all('/bak/', blackHole);
|
router.all('/bak/', blackHole);
|
||||||
router.all(/.*\/mail\/config-.+\.xml/, blackHole);
|
|
||||||
router.all('archive.zip', blackHole);
|
router.all('archive.zip', blackHole);
|
||||||
router.all('/.aws/', blackHole);
|
// Block access to possible credentials
|
||||||
router.all('/.serverless/', blackHole);
|
router.all('/env.test', blackHole);
|
||||||
|
router.all('/admin(/.*)?', blackHole)
|
||||||
|
router.all('/credentials(/*)?', blackHole);
|
||||||
|
router.all(/.*credentials\.json$/, blackHole);
|
||||||
|
router.all(/.*keys\.json$/, blackHole);
|
||||||
|
router.all(/.*secrets\.json$/, blackHole);
|
||||||
|
// Block system paths
|
||||||
|
router.all('/etc/*', blackHole);
|
||||||
|
router.all('/var/*', blackHole);
|
||||||
|
router.all('/usr/*', blackHole);
|
||||||
|
router.all('/user/*', blackHole);
|
||||||
|
|
||||||
|
// Block misc stuff
|
||||||
|
router.all('/data/owncloud.log', blackHole);
|
||||||
|
router.all('/autodiscover/autodiscover.xml', blackHole)
|
||||||
|
router.all('/.well-known/autoconfig(/*)?', blackHole)
|
||||||
|
router.all('/sites/default/files/', blackHole);
|
||||||
|
router.all(/.*\/mail\/config-.+\.xml/, blackHole);
|
||||||
|
router.all('/bitnami/*', blackHole)
|
||||||
|
router.all('/aws/*', blackHole)
|
||||||
|
|
||||||
|
// Block methods I don't support
|
||||||
router.post('*', blackHole);
|
router.post('*', blackHole);
|
||||||
router.put('*', blackHole);
|
router.put('*', blackHole);
|
||||||
router.delete('*', blackHole);
|
router.delete('*', blackHole);
|
||||||
|
Loading…
Reference in New Issue
Block a user