hono-honeypot 1.2.1 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
'use strict';var factory=require('hono/factory');var $=class{strikes=new Map;bans=new Map;strikeTTL;banTTL;constructor(i){this.strikeTTL=(i?.strikeTTL??3600)*1e3,this.banTTL=(i?.banTTL??86400)*1e3;}isBanned(i){let n=this.bans.get(i);return n===void 0?false:Date.now()>n?(this.bans.delete(i),false):true}addStrike(i){let n=Date.now(),r=this.strikes.get(i);return r&&n<r.expires?(r.count++,r.count):(this.strikes.set(i,{count:1,expires:n+this.strikeTTL}),1)}ban(i){this.bans.set(i,Date.now()+this.banTTL);}resetStrikes(i){this.strikes.delete(i);}},b=[/\.php/i,/\/config\.php/i,/\/phpinfo/i,/\/eval-stdin\.php/i,/\/xmlrpc\.php/i,/\/ALFA_DATA/i,/\/c99\.php/i,/\/r57\.php/i,/\/shell\.php/i,/\/webshell/i,/^\/wp$/i,/^\/wp-/i,/^\/wordpress/i,/\/wp-includes\//i,/\/wp-content\//i,/\/wp-admin/i,/wlwmanifest\.xml$/i,/^\/uploads?$/i,/^\/images$/i,/^\/assets$/i,/^\/files$/i,/^\/media$/i,/^\/public$/i,/\/admin\/(uploads?|images|editor|fckeditor|controller)/i,/^\/modules$/i,/^\/plugins$/i,/^\/components$/i,/^\/system$/i,/^\/template$/i,/^\/includes?$/i,/^\/vendor$/i,/^\/local$/i,/^\/php$/i,/\/fckeditor\/editor\/filemanager/i,/\/sites\/default\/files/i,/\/images\/stories/i,/\/modules\/mod_simplefileupload/i,/\/controller\/extension/i,/\/ckeditor/i,/\/tinymce/i,/\/elfinder/i,/^\/admin(\.php)?$/i,/^\/administrator/i,/^\/phpmyadmin/i,/^\/cpanel/i,/^\/whm/i,/^\/cgi-bin/i,/^\/typo3/i,/^\/joomla/i,/^\/drupal/i,/^\/magento/i,/\/\.git/i,/\/\.svn/i,/\/\.hg/i,/\/\.env/i,/\/\.sql$/i,/\/\.well-known\/security\.txt/i,/\/(vendor|node_modules)\//i,/\/\.htaccess$/i,/\/\.htpasswd$/i,/\/\.DS_Store$/i,/\/Thumbs\.db$/i,/\/\.ssh/i,/\/id_rsa/i,/\/id_ed25519/i,/\/\.npmrc$/i,/\/\.pypirc$/i,/\/\.aws\//i,/\.(bak|old|backup|orig|save|swp)$/i,/\.(7z|tgz|tar\.gz|tar|bz2|war|jar)$/i,/^\/config\.(js|json|yml|yaml|xml|ini|conf)$/i,/^\/settings\.(js|json|yml|yaml|xml)$/i,/^\/credentials\.(js|json|yml|yaml)$/i,/^\/secrets\.(js|json|yml|yaml|env)$/i,/^\/appsettings\.(json|yml|yaml)$/i,/^\/application\.(yml|yaml|xml|properties)$/i,/sftp-config\.json$/i,/ftpsync\.settings$/i,/\.ftpconfig$/i,/\.ftppass$/i,/\.remote-sync\.json$/i,/ftp-deploy\.json$/i,/^\/env\.js$/i,/^\/main\.js$/i,/^\/index\.js$/i,/^\/app\.js$/i,/^\/server-(status|info)$/i,/^\/info$/i,/^\/swagger/i,/^\/api\/swagger\.(json|yml|yaml)$/i,/^\/api-docs/i,/^\/v\d+\/api-docs/i,/^\/_env/i,/^\/env$/i,/^\/config\//i,/^\/backup/i,/^\/bk$/i,/^\/bak$/i,/^\/bac$/i,/^\/dump/i,/^\/db_/i,/^\/sql/i,/^\/shell/i,/^\/old$/i,/^\/new$/i,/^\/test$/i,/^\/demo$/i,/^\/www$/i,/^\/main$/i,/^\/site$/i,/^\/shop$/i,/^\/bc$/i,/^\/sitio$/i,/^\/sito$/i,/^\/oldsite$/i,/^\/old-site$/i,/^\/script$/i,/^\/\d{4}$/i,/^\/getcmd$/i,/\$\(/,/`/,/"/,/^\/_next/i,/^\/_rsc/i,/^\/__rsc/i,/^\/_vercel/i,/next\.config\.(js|mjs|ts)$/i,/nuxt\.config\.(js|ts)$/i,/craco\.config\.js$/i,/serverless\.(yml|yaml|json)$/i,/vercel\.json$/i,/netlify\.toml$/i,/\/helm\//i,/\/package\.json$/i,/\/composer\.(json|lock)$/i,/\/Gemfile(\.lock)?$/i,/\/requirements\.txt$/i,/docker-compose\.(yml|yaml)$/i,/Dockerfile$/i,/\/docker\//i,/^\/aws/i,/\/aws[_-]s3/i,/\/aws[_-]ses/i,/\.\.\//,/\.\.%2f/i,/\.\.%5c/i,/^\/etc\//i,/^\/proc\//i,/^\/var\//i,/^\/opt\//i,/\/passwd$/i,/\.log$/i,/\/error_log$/i,/^\/@fs\//i,/^\/@vite\//i,/^\/@id\//i,/^\/_ignition/i,/^\/__debug__/i,/\/WEB-INF/i,/^\/manager\/html/i,/^\/solr/i,/^\/actuator/i,/\/elmah\.axd$/i,/^\/servlet\//i,/bsh\.servlet/i,/^\/struts\//i,/^\/invoker\//i,/\.action$/i,/\/mailcow/i,/^\/roundcube\//i,/^\/webmail\//i,/^\/adminer/i,/^\/pma\//i,/^\/myadmin\//i,/^\/mysqladmin/i,/^\/dbadmin/i,/^\/proxy\//i,/169\.254\.169\.254/,/^\/latest\/meta-data/i,/^\/HNAP1\//i,/^\/boaform\//i,/^\/GponForm\//i,/^\/setup\.cgi$/i,/\.htm$/i,/^\/owa\//i,/^\/aspnet_client\//i,/^\/autodiscover\//i,/^\/ecp\//i,/^\/_layouts\//i,/^\/_vti_bin\//i,/^\/WebInterface\//i,/^\/owncloud\//i,/^\/nextcloud\//i,/^\/geoserver\//i,/^\/geowebcache\//i,/^\/confluence\//i,/^\/jira\//i,/^\/grafana\//i,/^\/kibana\//i,/^\/prometheus\//i,/^\/jenkins\//i,/\/j_acegi_security_check/i,/^\/portainer\//i,/^\/gitea\//i,/^\/gitlab\//i,/^\/metrics$/i,/^\/healthz$/i,/^\/readyz$/i,/^\/livez$/i,/^\/console\//i,/^\/debug\//i,/^\/\.dockerenv$/i];function k(e){return e.req.header("cf-connecting-ip")||e.req.header("x-forwarded-for")?.split(",")[0]?.trim()||e.req.header("x-real-ip")||"unknown"}var v=(e={})=>{let i=[...b,...e.patterns||[]];e.exclude?.length&&(i=i.filter(t=>!e.exclude.some(
|
|
1
|
+
'use strict';var factory=require('hono/factory');var $=class{strikes=new Map;bans=new Map;strikeTTL;banTTL;constructor(i){this.strikeTTL=(i?.strikeTTL??3600)*1e3,this.banTTL=(i?.banTTL??86400)*1e3;}isBanned(i){let n=this.bans.get(i);return n===void 0?false:Date.now()>n?(this.bans.delete(i),false):true}addStrike(i){let n=Date.now(),r=this.strikes.get(i);return r&&n<r.expires?(r.count++,r.count):(this.strikes.set(i,{count:1,expires:n+this.strikeTTL}),1)}ban(i){this.bans.set(i,Date.now()+this.banTTL);}resetStrikes(i){this.strikes.delete(i);}},b=[/\.php/i,/\/config\.php/i,/\/phpinfo/i,/\/eval-stdin\.php/i,/\/xmlrpc\.php/i,/\/ALFA_DATA/i,/\/c99\.php/i,/\/r57\.php/i,/\/shell\.php/i,/\/webshell/i,/^\/wp$/i,/^\/wp-/i,/^\/wordpress/i,/\/wp-includes\//i,/\/wp-content\//i,/\/wp-admin/i,/wlwmanifest\.xml$/i,/^\/uploads?$/i,/^\/images$/i,/^\/assets$/i,/^\/files$/i,/^\/media$/i,/^\/public$/i,/\/admin\/(uploads?|images|editor|fckeditor|controller)/i,/^\/modules$/i,/^\/plugins$/i,/^\/components$/i,/^\/system$/i,/^\/template$/i,/^\/includes?$/i,/^\/vendor$/i,/^\/local$/i,/^\/php$/i,/\/fckeditor\/editor\/filemanager/i,/\/sites\/default\/files/i,/\/images\/stories/i,/\/modules\/mod_simplefileupload/i,/\/controller\/extension/i,/\/ckeditor/i,/\/tinymce/i,/\/elfinder/i,/^\/admin(\.php)?$/i,/^\/administrator/i,/^\/phpmyadmin/i,/^\/cpanel/i,/^\/whm/i,/^\/cgi-bin/i,/^\/typo3/i,/^\/joomla/i,/^\/drupal/i,/^\/magento/i,/\/\.git/i,/\/\.svn/i,/\/\.hg/i,/\/\.env/i,/\/\.sql$/i,/\/\.well-known\/security\.txt/i,/\/(vendor|node_modules)\//i,/\/\.htaccess$/i,/\/\.htpasswd$/i,/\/\.DS_Store$/i,/\/Thumbs\.db$/i,/\/\.ssh/i,/\/id_rsa/i,/\/id_ed25519/i,/\/\.npmrc$/i,/\/\.pypirc$/i,/\/\.aws\//i,/\.(bak|old|backup|orig|save|swp)$/i,/\.(7z|tgz|tar\.gz|tar|bz2|war|jar)$/i,/^\/config\.(js|json|yml|yaml|xml|ini|conf)$/i,/^\/settings\.(js|json|yml|yaml|xml)$/i,/^\/credentials\.(js|json|yml|yaml)$/i,/^\/secrets\.(js|json|yml|yaml|env)$/i,/^\/appsettings\.(json|yml|yaml)$/i,/^\/application\.(yml|yaml|xml|properties)$/i,/sftp-config\.json$/i,/ftpsync\.settings$/i,/\.ftpconfig$/i,/\.ftppass$/i,/\.remote-sync\.json$/i,/ftp-deploy\.json$/i,/^\/env\.js$/i,/^\/main\.js$/i,/^\/index\.js$/i,/^\/app\.js$/i,/^\/server-(status|info)$/i,/^\/info$/i,/^\/swagger/i,/^\/api\/swagger\.(json|yml|yaml)$/i,/^\/api-docs/i,/^\/v\d+\/api-docs/i,/^\/_env/i,/^\/env$/i,/^\/config\//i,/^\/backup/i,/^\/bk$/i,/^\/bak$/i,/^\/bac$/i,/^\/dump/i,/^\/db_/i,/^\/sql/i,/^\/shell/i,/^\/old$/i,/^\/new$/i,/^\/test$/i,/^\/demo$/i,/^\/www$/i,/^\/main$/i,/^\/site$/i,/^\/shop$/i,/^\/bc$/i,/^\/sitio$/i,/^\/sito$/i,/^\/oldsite$/i,/^\/old-site$/i,/^\/script$/i,/^\/\d{4}$/i,/^\/getcmd$/i,/\$\(/,/`/,/"/,/\{(curl|wget|bash|sh|nc|ncat|python|perl|ruby|php),/i,/\.oast\.(site|fun|live|me|online|pro)/i,/(%00|\x00)/,/^\/_next/i,/^\/_rsc/i,/^\/__rsc/i,/^\/_vercel/i,/next\.config\.(js|mjs|ts)$/i,/nuxt\.config\.(js|ts)$/i,/craco\.config\.js$/i,/serverless\.(yml|yaml|json)$/i,/vercel\.json$/i,/netlify\.toml$/i,/\/helm\//i,/\/package\.json$/i,/\/composer\.(json|lock)$/i,/\/Gemfile(\.lock)?$/i,/\/requirements\.txt$/i,/docker-compose\.(yml|yaml)$/i,/Dockerfile$/i,/\/docker\//i,/^\/aws/i,/\/aws[_-]s3/i,/\/aws[_-]ses/i,/\.\.\//,/\.\.%2f/i,/\.\.%5c/i,/^\/etc\//i,/^\/proc\//i,/^\/var\//i,/^\/opt\//i,/\/passwd$/i,/\.log$/i,/\/error_log$/i,/^\/@fs\//i,/^\/@vite\//i,/^\/@id\//i,/^\/_ignition/i,/^\/__debug__/i,/\/WEB-INF/i,/^\/manager\/html/i,/^\/solr/i,/^\/actuator/i,/\/elmah\.axd$/i,/^\/servlet\//i,/bsh\.servlet/i,/^\/struts\//i,/^\/invoker\//i,/\.action$/i,/\/mailcow/i,/^\/roundcube\//i,/^\/webmail\//i,/^\/adminer/i,/^\/pma\//i,/^\/myadmin\//i,/^\/mysqladmin/i,/^\/dbadmin/i,/^\/proxy\//i,/169\.254\.169\.254/,/^\/latest\/meta-data/i,/^\/HNAP1\//i,/^\/boaform\//i,/^\/GponForm\//i,/^\/setup\.cgi$/i,/\.htm$/i,/^\/owa\//i,/^\/aspnet_client\//i,/^\/autodiscover\//i,/^\/ecp\//i,/^\/_layouts\//i,/^\/_vti_bin\//i,/^\/WebInterface\//i,/^\/owncloud\//i,/^\/nextcloud\//i,/^\/geoserver\//i,/^\/geowebcache\//i,/^\/confluence\//i,/^\/jira\//i,/^\/grafana\//i,/^\/kibana\//i,/^\/prometheus\//i,/^\/jenkins\//i,/\/j_acegi_security_check/i,/^\/portainer\//i,/^\/gitea\//i,/^\/gitlab\//i,/^\/metrics$/i,/^\/healthz$/i,/^\/readyz$/i,/^\/livez$/i,/^\/console\//i,/^\/debug\//i,/^\/\.dockerenv$/i];function k(e){return e.req.header("cf-connecting-ip")||e.req.header("x-forwarded-for")?.split(",")[0]?.trim()||e.req.header("x-real-ip")||"unknown"}var v=(e={})=>{let i=[...b,...e.patterns||[]];e.exclude?.length&&(i=i.filter(t=>!e.exclude.some(p=>t.source===p.source)));let n=e.log??true,r=e.status??410,a=e.store,u=e.strikeThreshold??3,g=e.getIP??k,l=e.onBlocked;return factory.createMiddleware(async(t,p)=>{let s=g(t),m=s&&s!=="unknown";if(a&&m&&await a.isBanned(s)){let o=t.req.path.replace(/\/+/g,"/");return l?l({ip:s,path:o,method:t.req.method,reason:"banned"}):n&&console.log(`\u{1F6AB} Banned [${s}] ${t.req.method} ${o}`),t.body(null,r)}let c=t.req.path.replace(/\/+/g,"/");if(i.some(o=>o.test(c))){let o,d=false;if(a&&m&&(o=await a.addStrike(s),o>=u&&(await a.ban(s),await a.resetStrikes(s),d=true)),l)l({ip:s,path:c,method:t.req.method,reason:"pattern",strikes:o,banned:d});else if(n){let h=d?" \u{1F6AB} BANNED":"";console.log(`\u{1F36F} Blocked [${s}] ${t.req.method} ${c}${h}`);}return t.body(null,r)}return p()})};/**
|
|
2
2
|
* hono-honeypot - Zero-dependency security middleware for Hono.js
|
|
3
3
|
* Blocks bot attacks, vulnerability scanners, and brute-force attempts.
|
|
4
4
|
* Optional store-backed IP banning (3 strikes = 24hr ban by default).
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {createMiddleware}from'hono/factory';var $=class{strikes=new Map;bans=new Map;strikeTTL;banTTL;constructor(i){this.strikeTTL=(i?.strikeTTL??3600)*1e3,this.banTTL=(i?.banTTL??86400)*1e3;}isBanned(i){let n=this.bans.get(i);return n===void 0?false:Date.now()>n?(this.bans.delete(i),false):true}addStrike(i){let n=Date.now(),r=this.strikes.get(i);return r&&n<r.expires?(r.count++,r.count):(this.strikes.set(i,{count:1,expires:n+this.strikeTTL}),1)}ban(i){this.bans.set(i,Date.now()+this.banTTL);}resetStrikes(i){this.strikes.delete(i);}},b=[/\.php/i,/\/config\.php/i,/\/phpinfo/i,/\/eval-stdin\.php/i,/\/xmlrpc\.php/i,/\/ALFA_DATA/i,/\/c99\.php/i,/\/r57\.php/i,/\/shell\.php/i,/\/webshell/i,/^\/wp$/i,/^\/wp-/i,/^\/wordpress/i,/\/wp-includes\//i,/\/wp-content\//i,/\/wp-admin/i,/wlwmanifest\.xml$/i,/^\/uploads?$/i,/^\/images$/i,/^\/assets$/i,/^\/files$/i,/^\/media$/i,/^\/public$/i,/\/admin\/(uploads?|images|editor|fckeditor|controller)/i,/^\/modules$/i,/^\/plugins$/i,/^\/components$/i,/^\/system$/i,/^\/template$/i,/^\/includes?$/i,/^\/vendor$/i,/^\/local$/i,/^\/php$/i,/\/fckeditor\/editor\/filemanager/i,/\/sites\/default\/files/i,/\/images\/stories/i,/\/modules\/mod_simplefileupload/i,/\/controller\/extension/i,/\/ckeditor/i,/\/tinymce/i,/\/elfinder/i,/^\/admin(\.php)?$/i,/^\/administrator/i,/^\/phpmyadmin/i,/^\/cpanel/i,/^\/whm/i,/^\/cgi-bin/i,/^\/typo3/i,/^\/joomla/i,/^\/drupal/i,/^\/magento/i,/\/\.git/i,/\/\.svn/i,/\/\.hg/i,/\/\.env/i,/\/\.sql$/i,/\/\.well-known\/security\.txt/i,/\/(vendor|node_modules)\//i,/\/\.htaccess$/i,/\/\.htpasswd$/i,/\/\.DS_Store$/i,/\/Thumbs\.db$/i,/\/\.ssh/i,/\/id_rsa/i,/\/id_ed25519/i,/\/\.npmrc$/i,/\/\.pypirc$/i,/\/\.aws\//i,/\.(bak|old|backup|orig|save|swp)$/i,/\.(7z|tgz|tar\.gz|tar|bz2|war|jar)$/i,/^\/config\.(js|json|yml|yaml|xml|ini|conf)$/i,/^\/settings\.(js|json|yml|yaml|xml)$/i,/^\/credentials\.(js|json|yml|yaml)$/i,/^\/secrets\.(js|json|yml|yaml|env)$/i,/^\/appsettings\.(json|yml|yaml)$/i,/^\/application\.(yml|yaml|xml|properties)$/i,/sftp-config\.json$/i,/ftpsync\.settings$/i,/\.ftpconfig$/i,/\.ftppass$/i,/\.remote-sync\.json$/i,/ftp-deploy\.json$/i,/^\/env\.js$/i,/^\/main\.js$/i,/^\/index\.js$/i,/^\/app\.js$/i,/^\/server-(status|info)$/i,/^\/info$/i,/^\/swagger/i,/^\/api\/swagger\.(json|yml|yaml)$/i,/^\/api-docs/i,/^\/v\d+\/api-docs/i,/^\/_env/i,/^\/env$/i,/^\/config\//i,/^\/backup/i,/^\/bk$/i,/^\/bak$/i,/^\/bac$/i,/^\/dump/i,/^\/db_/i,/^\/sql/i,/^\/shell/i,/^\/old$/i,/^\/new$/i,/^\/test$/i,/^\/demo$/i,/^\/www$/i,/^\/main$/i,/^\/site$/i,/^\/shop$/i,/^\/bc$/i,/^\/sitio$/i,/^\/sito$/i,/^\/oldsite$/i,/^\/old-site$/i,/^\/script$/i,/^\/\d{4}$/i,/^\/getcmd$/i,/\$\(/,/`/,/"/,/^\/_next/i,/^\/_rsc/i,/^\/__rsc/i,/^\/_vercel/i,/next\.config\.(js|mjs|ts)$/i,/nuxt\.config\.(js|ts)$/i,/craco\.config\.js$/i,/serverless\.(yml|yaml|json)$/i,/vercel\.json$/i,/netlify\.toml$/i,/\/helm\//i,/\/package\.json$/i,/\/composer\.(json|lock)$/i,/\/Gemfile(\.lock)?$/i,/\/requirements\.txt$/i,/docker-compose\.(yml|yaml)$/i,/Dockerfile$/i,/\/docker\//i,/^\/aws/i,/\/aws[_-]s3/i,/\/aws[_-]ses/i,/\.\.\//,/\.\.%2f/i,/\.\.%5c/i,/^\/etc\//i,/^\/proc\//i,/^\/var\//i,/^\/opt\//i,/\/passwd$/i,/\.log$/i,/\/error_log$/i,/^\/@fs\//i,/^\/@vite\//i,/^\/@id\//i,/^\/_ignition/i,/^\/__debug__/i,/\/WEB-INF/i,/^\/manager\/html/i,/^\/solr/i,/^\/actuator/i,/\/elmah\.axd$/i,/^\/servlet\//i,/bsh\.servlet/i,/^\/struts\//i,/^\/invoker\//i,/\.action$/i,/\/mailcow/i,/^\/roundcube\//i,/^\/webmail\//i,/^\/adminer/i,/^\/pma\//i,/^\/myadmin\//i,/^\/mysqladmin/i,/^\/dbadmin/i,/^\/proxy\//i,/169\.254\.169\.254/,/^\/latest\/meta-data/i,/^\/HNAP1\//i,/^\/boaform\//i,/^\/GponForm\//i,/^\/setup\.cgi$/i,/\.htm$/i,/^\/owa\//i,/^\/aspnet_client\//i,/^\/autodiscover\//i,/^\/ecp\//i,/^\/_layouts\//i,/^\/_vti_bin\//i,/^\/WebInterface\//i,/^\/owncloud\//i,/^\/nextcloud\//i,/^\/geoserver\//i,/^\/geowebcache\//i,/^\/confluence\//i,/^\/jira\//i,/^\/grafana\//i,/^\/kibana\//i,/^\/prometheus\//i,/^\/jenkins\//i,/\/j_acegi_security_check/i,/^\/portainer\//i,/^\/gitea\//i,/^\/gitlab\//i,/^\/metrics$/i,/^\/healthz$/i,/^\/readyz$/i,/^\/livez$/i,/^\/console\//i,/^\/debug\//i,/^\/\.dockerenv$/i];function k(e){return e.req.header("cf-connecting-ip")||e.req.header("x-forwarded-for")?.split(",")[0]?.trim()||e.req.header("x-real-ip")||"unknown"}var v=(e={})=>{let i=[...b,...e.patterns||[]];e.exclude?.length&&(i=i.filter(t=>!e.exclude.some(
|
|
1
|
+
import {createMiddleware}from'hono/factory';var $=class{strikes=new Map;bans=new Map;strikeTTL;banTTL;constructor(i){this.strikeTTL=(i?.strikeTTL??3600)*1e3,this.banTTL=(i?.banTTL??86400)*1e3;}isBanned(i){let n=this.bans.get(i);return n===void 0?false:Date.now()>n?(this.bans.delete(i),false):true}addStrike(i){let n=Date.now(),r=this.strikes.get(i);return r&&n<r.expires?(r.count++,r.count):(this.strikes.set(i,{count:1,expires:n+this.strikeTTL}),1)}ban(i){this.bans.set(i,Date.now()+this.banTTL);}resetStrikes(i){this.strikes.delete(i);}},b=[/\.php/i,/\/config\.php/i,/\/phpinfo/i,/\/eval-stdin\.php/i,/\/xmlrpc\.php/i,/\/ALFA_DATA/i,/\/c99\.php/i,/\/r57\.php/i,/\/shell\.php/i,/\/webshell/i,/^\/wp$/i,/^\/wp-/i,/^\/wordpress/i,/\/wp-includes\//i,/\/wp-content\//i,/\/wp-admin/i,/wlwmanifest\.xml$/i,/^\/uploads?$/i,/^\/images$/i,/^\/assets$/i,/^\/files$/i,/^\/media$/i,/^\/public$/i,/\/admin\/(uploads?|images|editor|fckeditor|controller)/i,/^\/modules$/i,/^\/plugins$/i,/^\/components$/i,/^\/system$/i,/^\/template$/i,/^\/includes?$/i,/^\/vendor$/i,/^\/local$/i,/^\/php$/i,/\/fckeditor\/editor\/filemanager/i,/\/sites\/default\/files/i,/\/images\/stories/i,/\/modules\/mod_simplefileupload/i,/\/controller\/extension/i,/\/ckeditor/i,/\/tinymce/i,/\/elfinder/i,/^\/admin(\.php)?$/i,/^\/administrator/i,/^\/phpmyadmin/i,/^\/cpanel/i,/^\/whm/i,/^\/cgi-bin/i,/^\/typo3/i,/^\/joomla/i,/^\/drupal/i,/^\/magento/i,/\/\.git/i,/\/\.svn/i,/\/\.hg/i,/\/\.env/i,/\/\.sql$/i,/\/\.well-known\/security\.txt/i,/\/(vendor|node_modules)\//i,/\/\.htaccess$/i,/\/\.htpasswd$/i,/\/\.DS_Store$/i,/\/Thumbs\.db$/i,/\/\.ssh/i,/\/id_rsa/i,/\/id_ed25519/i,/\/\.npmrc$/i,/\/\.pypirc$/i,/\/\.aws\//i,/\.(bak|old|backup|orig|save|swp)$/i,/\.(7z|tgz|tar\.gz|tar|bz2|war|jar)$/i,/^\/config\.(js|json|yml|yaml|xml|ini|conf)$/i,/^\/settings\.(js|json|yml|yaml|xml)$/i,/^\/credentials\.(js|json|yml|yaml)$/i,/^\/secrets\.(js|json|yml|yaml|env)$/i,/^\/appsettings\.(json|yml|yaml)$/i,/^\/application\.(yml|yaml|xml|properties)$/i,/sftp-config\.json$/i,/ftpsync\.settings$/i,/\.ftpconfig$/i,/\.ftppass$/i,/\.remote-sync\.json$/i,/ftp-deploy\.json$/i,/^\/env\.js$/i,/^\/main\.js$/i,/^\/index\.js$/i,/^\/app\.js$/i,/^\/server-(status|info)$/i,/^\/info$/i,/^\/swagger/i,/^\/api\/swagger\.(json|yml|yaml)$/i,/^\/api-docs/i,/^\/v\d+\/api-docs/i,/^\/_env/i,/^\/env$/i,/^\/config\//i,/^\/backup/i,/^\/bk$/i,/^\/bak$/i,/^\/bac$/i,/^\/dump/i,/^\/db_/i,/^\/sql/i,/^\/shell/i,/^\/old$/i,/^\/new$/i,/^\/test$/i,/^\/demo$/i,/^\/www$/i,/^\/main$/i,/^\/site$/i,/^\/shop$/i,/^\/bc$/i,/^\/sitio$/i,/^\/sito$/i,/^\/oldsite$/i,/^\/old-site$/i,/^\/script$/i,/^\/\d{4}$/i,/^\/getcmd$/i,/\$\(/,/`/,/"/,/\{(curl|wget|bash|sh|nc|ncat|python|perl|ruby|php),/i,/\.oast\.(site|fun|live|me|online|pro)/i,/(%00|\x00)/,/^\/_next/i,/^\/_rsc/i,/^\/__rsc/i,/^\/_vercel/i,/next\.config\.(js|mjs|ts)$/i,/nuxt\.config\.(js|ts)$/i,/craco\.config\.js$/i,/serverless\.(yml|yaml|json)$/i,/vercel\.json$/i,/netlify\.toml$/i,/\/helm\//i,/\/package\.json$/i,/\/composer\.(json|lock)$/i,/\/Gemfile(\.lock)?$/i,/\/requirements\.txt$/i,/docker-compose\.(yml|yaml)$/i,/Dockerfile$/i,/\/docker\//i,/^\/aws/i,/\/aws[_-]s3/i,/\/aws[_-]ses/i,/\.\.\//,/\.\.%2f/i,/\.\.%5c/i,/^\/etc\//i,/^\/proc\//i,/^\/var\//i,/^\/opt\//i,/\/passwd$/i,/\.log$/i,/\/error_log$/i,/^\/@fs\//i,/^\/@vite\//i,/^\/@id\//i,/^\/_ignition/i,/^\/__debug__/i,/\/WEB-INF/i,/^\/manager\/html/i,/^\/solr/i,/^\/actuator/i,/\/elmah\.axd$/i,/^\/servlet\//i,/bsh\.servlet/i,/^\/struts\//i,/^\/invoker\//i,/\.action$/i,/\/mailcow/i,/^\/roundcube\//i,/^\/webmail\//i,/^\/adminer/i,/^\/pma\//i,/^\/myadmin\//i,/^\/mysqladmin/i,/^\/dbadmin/i,/^\/proxy\//i,/169\.254\.169\.254/,/^\/latest\/meta-data/i,/^\/HNAP1\//i,/^\/boaform\//i,/^\/GponForm\//i,/^\/setup\.cgi$/i,/\.htm$/i,/^\/owa\//i,/^\/aspnet_client\//i,/^\/autodiscover\//i,/^\/ecp\//i,/^\/_layouts\//i,/^\/_vti_bin\//i,/^\/WebInterface\//i,/^\/owncloud\//i,/^\/nextcloud\//i,/^\/geoserver\//i,/^\/geowebcache\//i,/^\/confluence\//i,/^\/jira\//i,/^\/grafana\//i,/^\/kibana\//i,/^\/prometheus\//i,/^\/jenkins\//i,/\/j_acegi_security_check/i,/^\/portainer\//i,/^\/gitea\//i,/^\/gitlab\//i,/^\/metrics$/i,/^\/healthz$/i,/^\/readyz$/i,/^\/livez$/i,/^\/console\//i,/^\/debug\//i,/^\/\.dockerenv$/i];function k(e){return e.req.header("cf-connecting-ip")||e.req.header("x-forwarded-for")?.split(",")[0]?.trim()||e.req.header("x-real-ip")||"unknown"}var v=(e={})=>{let i=[...b,...e.patterns||[]];e.exclude?.length&&(i=i.filter(t=>!e.exclude.some(p=>t.source===p.source)));let n=e.log??true,r=e.status??410,a=e.store,u=e.strikeThreshold??3,g=e.getIP??k,l=e.onBlocked;return createMiddleware(async(t,p)=>{let s=g(t),m=s&&s!=="unknown";if(a&&m&&await a.isBanned(s)){let o=t.req.path.replace(/\/+/g,"/");return l?l({ip:s,path:o,method:t.req.method,reason:"banned"}):n&&console.log(`\u{1F6AB} Banned [${s}] ${t.req.method} ${o}`),t.body(null,r)}let c=t.req.path.replace(/\/+/g,"/");if(i.some(o=>o.test(c))){let o,d=false;if(a&&m&&(o=await a.addStrike(s),o>=u&&(await a.ban(s),await a.resetStrikes(s),d=true)),l)l({ip:s,path:c,method:t.req.method,reason:"pattern",strikes:o,banned:d});else if(n){let h=d?" \u{1F6AB} BANNED":"";console.log(`\u{1F36F} Blocked [${s}] ${t.req.method} ${c}${h}`);}return t.body(null,r)}return p()})};/**
|
|
2
2
|
* hono-honeypot - Zero-dependency security middleware for Hono.js
|
|
3
3
|
* Blocks bot attacks, vulnerability scanners, and brute-force attempts.
|
|
4
4
|
* Optional store-backed IP banning (3 strikes = 24hr ban by default).
|
package/package.json
CHANGED