From 894b8c857dc36cd4ce14e85a7637fbc7e2ea54ee Mon Sep 17 00:00:00 2001 From: Ming Di Leom <2809763-curben@users.noreply.gitlab.com> Date: Sun, 16 Feb 2025 01:28:55 +0000 Subject: [PATCH] feat: apache htaccess --- README.md | 6 ++++++ src/script.sh | 11 +++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c82f149..a709a39 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ - [Snort3](#snort3) - [Suricata](#suricata) - [Splunk](#splunk) + - [htaccess](#htaccess) - [Compressed version](#compressed-version) - [Reporting issues](#issues) - [FAQ and Guides](#faq-and-guides) @@ -29,6 +30,7 @@ This blocklist is only useful as a last line of defence _after_ being infected. | [dnscrypt-proxy](#dnscrypt-proxy) | [link](https://malware-filter.gitlab.io/malware-filter/botnet-filter-dnscrypt-blocked-ips.txt) | [link](https://curbengh.github.io/malware-filter/botnet-filter-dnscrypt-blocked-ips.txt) | [link](https://curbengh.github.io/botnet-filter/botnet-filter-dnscrypt-blocked-ips.txt) | [link](https://malware-filter.gitlab.io/botnet-filter/botnet-filter-dnscrypt-blocked-ips.txt) | [link](https://malware-filter.pages.dev/botnet-filter-dnscrypt-blocked-ips.txt) | [link](https://botnet-filter.pages.dev/botnet-filter-dnscrypt-blocked-ips.txt) | | [Snort2](#snort2), [Snort3](#snort3), [Suricata](#suricata) | [link](https://malware-filter.gitlab.io/malware-filter/botnet-filter-suricata.rules) | [link](https://curbengh.github.io/malware-filter/botnet-filter-suricata.rules) | [link](https://curbengh.github.io/botnet-filter/botnet-filter-suricata.rules) | [link](https://malware-filter.gitlab.io/botnet-filter/botnet-filter-suricata.rules) | [link](https://malware-filter.pages.dev/botnet-filter-suricata.rules) | [link](https://botnet-filter.pages.dev/botnet-filter-suricata.rules) | | [Splunk](#splunk) | [link](https://malware-filter.gitlab.io/malware-filter/botnet-filter-splunk.csv) | [link](https://curbengh.github.io/malware-filter/botnet-filter-splunk.csv) | [link](https://curbengh.github.io/botnet-filter/botnet-filter-splunk.csv) | [link](https://malware-filter.gitlab.io/botnet-filter/botnet-filter-splunk.csv) | [link](https://malware-filter.pages.dev/botnet-filter-splunk.csv) | [link](https://botnet-filter.pages.dev/botnet-filter-splunk.csv) | +| [Apache](#htaccess) | [link](https://malware-filter.gitlab.io/malware-filter/botnet-filter-htaccess.txt) | [link](https://curbengh.github.io/malware-filter/botnet-filter-htaccess.txt) | [link](https://curbengh.github.io/botnet-filter/botnet-filter-htaccess.txt) | [link](https://malware-filter.gitlab.io/botnet-filter/botnet-filter-htaccess.txt) | [link](https://malware-filter.pages.dev/botnet-filter-htaccess.txt) | [link](https://botnet-filter.pages.dev/botnet-filter-htaccess.txt) | For other programs, see [Compatibility](https://gitlab.com/malware-filter/malware-filter/wikis/compatibility) page in the wiki. @@ -127,6 +129,10 @@ Columns: | ------- | -------------------------------- | -------------------- | | 1.2.3.4 | botnet-filter botnet IP detected | 2022-12-21T12:34:56Z | +## htaccess + +In Apache configuration, add `AllowOverride All` to each ``, then add .htaccess to each site directory. + ## Compressed version All filters are also available as gzip- and brotli-compressed. diff --git a/src/script.sh b/src/script.sh index 17c86e7..37a7d96 100644 --- a/src/script.sh +++ b/src/script.sh @@ -114,10 +114,17 @@ COMMENT=$(printf "$COMMENT_UBO" | sed "s/^!/#/g" | awk '{printf "%s\\n", $0}' | ## dnscrypt-proxy blocklists -# name-based +# IP-based cat "feodo-ip.txt" | \ sed "1i $COMMENT" | \ -sed "1s/Domains/IPs/" > "../public/botnet-filter-dnscrypt-blocked-ips.txt" +sed "1s/Blocklist/Blocklist (Dnscrypt-proxy)/" > "../public/botnet-filter-dnscrypt-blocked-ips.txt" + + +## htaaccess +cat "feodo-ip.txt" | \ +sed "s/^/deny from /g" | \ +sed "1i $COMMENT" | \ +sed "1s/Blocklist/Blocklist (htaccess)/" > "../public/botnet-filter-htaccess.txt" ## Temporarily disable command print