search

duy13 / vDDoS-Protection

Welcome to vDDoS, a HTTP(S) DDoS Protection Reverse Proxy. Thank you for using!
https://vddos.voduy.com
488 stars 139 forks source link

Blocking API service #28

Closed robert1112 closed 6 years ago

robert1112 commented 6 years ago

Hi @duy13

The respond from my server is logged by the service provider. I tried to whitelist their IP in bot search whitelist file but not working. Please kindly help.

<!DOCTYPE html>

<html>

<script src="/cdn-cgi/apps/head/mBfG_zkG0iN4p0TpZQK87kC5ymc.js"></script><script src="/vddosw3data.js"></script>

<body>

<div w3-include-html="/5s.html"></div>

<noscript><h1 style="text-align:center;color:red;"><strong>Please turn JavaScript on and reload the page.</strong></h1></noscript>

<script>

w3IncludeHTML();

</script>

<script language="javascript">document.cookie="vDDoS=dfc6b89a2384daa7679903ba5b22bcd9 ;  path=/";setTimeout("location.href='https://dreambox.tw/?wc-api=WC_Gateway_ECPay&d=1';",5000);</script>

<center>

<br />

<br />

<center/>

</body>

</html>
duy13 commented 6 years ago

Whitelist for URL query string:

  1. Allow (not challenge) for a URL query string: create dreambox.tw.location.conf
nano /vddos/conf.d/cus/dreambox.tw.location.conf

#############################################################################################
############## NON-Security for whitelist URL query string of your domain: 
############## (NON-Security for URL query string: 'dreambox.tw/?wc-api=WC_Gateway_ECPay' )
if ($args ~ "wc-api=WC_Gateway_ECPay") { testcookie off; }
  1. Restart vDDoS after configuration:
vddos restart
robert1112 commented 6 years ago

Hi @duy13 Thanks so much for your support.

  1. Will it apply to all level of vddos protection, 307, 200, click, 5s, high, captcha because I saw testcookie off which is for captcha?

  2. If I want to white more URL query string., can I add the query string like below? 

    #############################################################################################
############## NON-Security for whitelist URL query string of your domain: 
############## (NON-Security for URL query string: 'dreambox.tw/?wc-api=WC_Gateway_ECPay' )
if ($args ~ "wc-api=WC_Gateway_ECPay, wc-api=WC_connector") { testcookie off; }

  3. For additional site, there should be a separate file like new-domain.com.location.conf?

Thanks again for the awesome tool. It helps me survive from multiple attacks. Appreciate for your sharing and support.

duy13 commented 6 years ago
  1. Yes
  2. 
nano /vddos/conf.d/cus/dreambox.tw.location.conf

############################################################################################# ############## NON-Security for whitelist URL query string of your domain: ############## (NON-Security for URL query string: 'dreambox.tw/?wc-api=WC_Gateway_ECPay' ) if ($args ~ "wc-api=WC_Gateway_ECPay|wc-api=WC_connector") { testcookie off; }

OR:

nano /vddos/conf.d/cus/dreambox.tw.location.conf

############################################################################################# ############## NON-Security for whitelist URL query string of your domain: ############## (NON-Security for URL query string: 'dreambox.tw/?wc-api=WC_Gateway_ECPay' ) if ($args ~ "wc-api=WC_Gateway_ECPay") { testcookie off; } if ($args ~ "wc-api=WC_connector") { testcookie off; }



3. Yes
robert1112 commented 6 years ago

Hi @duy13 Thanks for your help.

1) Sorry. "Yes" means it will whitelist for all level of vddos protection, 307, 200, click, 5s, high and captcha?

Thank you so much.

robert1112 commented 6 years ago

Hi @duy13

I think it only whitelist for captcha level right? Is there way to apply for other vddos level? Thank you.

duy13 commented 6 years ago

Works on all security modes no, 307, 200, click, 5s, high, captcha, please test in advance to find answers before asking questions!

robert1112 commented 6 years ago

Hi @duy13 Thank you for your confirmation. API still got blocked. I will see if I got query url wrong. Thank you ver much for your patience.

robert1112 commented 6 years ago

Hi @duy13

Woocommerce provides REST API function and I used it to connect to their official iOS app on my phone. Apparently it is blocked by vDDOS so I tried the methods below and only whitelist my IP works but it is not ideal since it is dynamic. Wondering whether the url is not correct or not complete? Please kindly advice. Thank you so much for your supoort.

/vddos/conf.d/cus/

#############################################################################################
############### NON-Security for whitelist URL query string of your domain:
############### (NON-Security for URL query string: 'Woocommerce API service' )
if ($args ~ "wc-api/v2") { testcookie off; }
if ($args ~ "wp-json/wc/v2") { testcookie off; }
if ($args ~ "wp-json/wc/v2/orders") { testcookie off; }
if ($args ~ "wc-api") { testcookie off; }
glebkhil commented 2 years ago

but how to do for a specific user_agent?