A somewhat advanced layer 7 IP filtering mechanism designed to block bad actors
Security Options
The securityOptions object allows you to customize the protection mechanisms according to your requirements. Here are the available security options
blockBadHostname
: Blocks requests with a suspicious or malformed hostname.
blockRequestFromServers
: Blocks requests coming from known server IPs.
blockRequestFromVPN
: Blocks requests coming from VPNs.
blockRequestFromWebProxy
: Blocks requests coming from web proxies.
blockRequestFromTOR
: Blocks requests coming from the TOR network.
blockPublicProxy
: Blocks requests coming from public proxy servers.
blockSearchEngineRobot
: Blocks requests coming from search engine robots.
blockHostname
: Blocks requests with a specific hostname.
blockNoProxyIssues
: Blocks requests if no proxy-related issues are detected.
blockNoProxyIssues
: Blocks requests if no proxy-related issues are detected.
whitelist
: (set) Whitelist given ip's bypassing actor detection.
logging
: Enables live logs of ip addresses actively being blocked.
throttling
: Enables only a certain amount of concurrent requests to access your site
throttleAmount
: If throttling is enabled, you can set the allowed concurrent requests here.
Here's how you can use the mitigation
middleware in your Express.js application:
const express = require('express');
const mitigation = require('mitigation');
const app = express();
const port = 3000;
const securityOptions = {
blockRequestFromServers: true,
blockRequestFromVPN: true,
blockRequestFromWebProxy: true,
blockRequestFromTOR: true,
blockPublicProxy: true,
blockSearchEngineRobot: true,
blockHostname: true,
blockNoProxyIssues: true,
whitelist: new Set(['192.168.1.1', '10.0.0.1']), // Example whitelist IP addresses
throttling: true, // Enable throttling
throttleAmount: 100, // Specify the throttle amount
logging: true //Enables Logging
};
app.use(mitigation(securityOptions));
app.get('/', (req, res) => {
res.send('Hello World!');
});
app.listen(port, () => {
console.log(`Express server is listening on port ${port}`);
});