Skip to content

Commit

Permalink
feat: fetch block CIDRs from client
Browse files Browse the repository at this point in the history
You can now add `blockCidrs` to the client config.

Example:
```
{
	"blockCidrs": [
		"1.2.3.4/16",
		"4.4.4.4/16"
	]
}
```

When the `blockCidrs` key does not exist in the client config, the block cidrs default to the Cisco umbrella CIDRs.

Note: This means that if you want to add CIDRs to the block CIDRs, and you want to keep the Cisco Umbrello CIDRs, you have to add those to the client config as well.
  • Loading branch information
rudivanhierden committed Aug 3, 2023
1 parent 5fe899f commit 6882d70
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions middleware/blocker.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ exports.preventCiscoRequest = (req, res, next) => {
return next();
}

// CIDRs for Cisco Umbrella
// Get CIDRs from client config. If the `blockCidrs` key doesn't exist fall back to Cisco Umbrella CIDRs
// See https://support.umbrella.com/hc/en-us/articles/360059292052-Additional-Egress-IP-Address-Range
const cidrs = ['146.112.0.0/16', '155.190.0.0/16', '151.186.0.0/16'];
const blockCidrs = req && req.client && req.client.config && req.client.config.blockCidrs ? req.client.config.blockCidrs : ['146.112.0.0/16', '155.190.0.0/16', '151.186.0.0/16'];

// Check if IP is in cidr
const isIpInCidr = cidrs.some(cidr => {
const isIpInCidr = blockCidrs.some(cidr => {
const block = new Netmask(cidr);
return block.contains(req.ip);
});
Expand All @@ -21,7 +21,7 @@ exports.preventCiscoRequest = (req, res, next) => {
return next();
}

console.log('IP is in CIDRs to block', req.ip, cidrs, isIpInCidr);
console.log('IP is in CIDRs to block', req.ip, blockCidrs, isIpInCidr);

req.flash('error', {msg: 'De url is geen geldige login url, wellicht is deze verlopen'});
return res.redirect(`/auth/url/login?clientId=${req.query.clientId}`);
Expand Down

0 comments on commit 6882d70

Please sign in to comment.