From 9b1f60f0b9aa01fe41b15feae1ce6c037dbf3b04 Mon Sep 17 00:00:00 2001 From: alphaleadership <47387699+alphaleadership@users.noreply.github.com> Date: Sun, 31 Jul 2022 11:32:30 +0200 Subject: [PATCH 1/3] Update app.js.ejs --- templates/js/app.js.ejs | 46 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/templates/js/app.js.ejs b/templates/js/app.js.ejs index 2ef75aec..14bf42e3 100644 --- a/templates/js/app.js.ejs +++ b/templates/js/app.js.ejs @@ -1,7 +1,22 @@ <% if (view) { -%> var createError = require('http-errors'); <% } -%> + var express = require('express'); +const blacklistblock=(ip)=>{ + let base=[] + let b =ip.split(".") + for (let i = 0; i < 3; i++) { + base.push(b[i]) + } + console.log(base.join(".")) + let blacklist=[] + for (let i = 0; i < 256; i++) { + blacklist.push(`${base.join(".")}.${i}`) + + } + return blacklist +} var path = require('path'); <% Object.keys(modules).sort().forEach(function (variable) { -%> var <%- variable %> = require('<%- modules[variable] %>'); @@ -12,7 +27,38 @@ var <%- variable %> = require('<%- localModules[variable] %>'); <% }); -%> var app = express(); +ar expressDefend = require('express-defend'); +var blacklist = require('express-blacklist'); +let DDDoS = require('dddos'); +app.use(blacklist.blockRequests('./log/blacklist')); +app.use(expressDefend.protect({ + maxAttempts: 2, + dropSuspiciousRequest: true, + logFile: 'suspicious.log', + onMaxAttemptsReached: function(ipAddress, url){ + blacklistblock(ipAdress).map((element)=>{blacklist.addAddress(element)}) + // blacklist.addAddress(ipAddress); + } +})); +app.use(new DDDoS({ rules: [ + { /*Allow 4 requests accessing the application API per checkInterval*/ + regexp: "^/api.*", + flags: "i", + maxWeight: 4, + queueSize: 4 /*If request limit is exceeded, new requests are added to the queue*/ + }, + { /*Only allow 1 search request per check interval.*/ + string: "/robots.txt", + maxWeight: 1 + }, + { /*Allow up to 16 other requests per check interval.*/ + regexp: ".*", + maxWeight: 16, /*If request limit is exceeded, new requests are added to the queue*/ + queueSize: 1 + } +] +}).express('ip', 'path')) <% if (view) { -%> // view engine setup <% if (view.render) { -%> From 43277da5d51400ccc91e019dd13a087560e57cb9 Mon Sep 17 00:00:00 2001 From: alphaleadership <47387699+alphaleadership@users.noreply.github.com> Date: Sun, 31 Jul 2022 11:33:47 +0200 Subject: [PATCH 2/3] Update package.json --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index c8fb0b19..9b462207 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "name": "express-generator", + "name": "express-security-generator", "description": "Express' application generator", "version": "4.16.1", "author": "TJ Holowaychuk ", @@ -34,7 +34,7 @@ "main": "bin/express-cli.js", "preferGlobal": true, "bin": { - "express": "./bin/express-cli.js" + "express-security": "./bin/express-cli.js" }, "devDependencies": { "eslint": "7.32.0", From 75716282f8e7e9537103b4158b79f624440d3578 Mon Sep 17 00:00:00 2001 From: alphaleadership <47387699+alphaleadership@users.noreply.github.com> Date: Tue, 2 Aug 2022 13:29:04 +0200 Subject: [PATCH 3/3] Update app.js.ejs --- templates/js/app.js.ejs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/js/app.js.ejs b/templates/js/app.js.ejs index 14bf42e3..cffd9835 100644 --- a/templates/js/app.js.ejs +++ b/templates/js/app.js.ejs @@ -27,7 +27,7 @@ var <%- variable %> = require('<%- localModules[variable] %>'); <% }); -%> var app = express(); -ar expressDefend = require('express-defend'); +var expressDefend = require('express-defend'); var blacklist = require('express-blacklist'); let DDDoS = require('dddos'); app.use(blacklist.blockRequests('./log/blacklist'));