[usernamebias]

Thats a great start. But blocking entire data centers seems too aggressive for public SaaS applications.

This has lit a fire in my arse. I'm going to create a repo tomorrow for ExpressJS (I'm a NodeJS nerd).

It can be used like this

app.use(blacklist.middleware)

It will compare every request to a known .txt of strings such as '.env' and others.

Regex is NOT my forte, Can I count on some of you guys to pitch in?

[jamal-kumar]

Yeah you're looking at something external to your application like a layer 7 firewall, I don't think nodejs is the tool for the job here. You want to stop this traffic way before it even hits your web service with an external WAF.

[jamal-kumar]

https://support.cloudflare.com/hc/en-us/articles/200172016-U...

no it's not lmao

[usernamebias]

That's beyond my capabilities. I can certainly create a big preliminary .txt file from my dataset, and hopefully the open source community can take it from there.

[thephyber]

CloudFlare is not beyond your capabilities.

If you have a domain name (as opposed to just an IP address), you could have finished this project with CloudFlare in the time it took you to post to HN. You are almost certainly going to fall into the free tier.

Disclaimer: I used to work for the founders of CloudFlare.

Note: CloudFlare is not the only SaaS / PaaS in this CDN/WAF space, but it is the easiest to get started with (last I checked).

[thephyber]

Have you considered the scale of the problem and how it would affect performance on your server?

Running pattern matching early in Node middleware that checks against a very very large block list will progressively choke every server that implements it.

If you decide to implement it, I recommend you look at how GeoMind API works. IP addresses are just displayed as octets for human readability; use the integer representation for faster+cleaner comparisons.