Reverse proxy SSL connections and retain the originating IP address without terminating SSL at the mid-point. This makes use of the PROXY protocol.
This example setup uses nginx version: nginx/1.14.0 (Ubuntu) as it ships out of the box with ubuntu 18.04.4 LTS. It was last tested on 2020-02-12.
DNS example.com points to 192.168.10.10
192.168.10.10 has nginx installed with this in /etc/nginx/nginx.conf OUTSIDE OF the http block
| /* | |
| I wrote a quick script to download lyrics for an artist from Genius and then feed it into GPT2 runs to try to generate the next Friday by Rebecca Black. The robot version of YTCracker raps a lot like a spam version of YTCracker himself. It's pretty amazing. | |
| */ | |
| ======== SAMPLE 1 ======== | |
| done so just say so | |
| The more I thought about itI could feel the pull of love | |
| Because when it was happening to a girl my eyes rolled | |
| I can't deny this love's a bit raw | |
| But in spite of myself I still pulled back |
| #!/bin/bash | |
| mesg n | |
| while :; do | |
| while read -r line; do | |
| echo $line | |
| cat /dev/urandom | xxd | write $line 2>/dev/null & | |
| done < <(w -hus | grep -v spammer | tr -s " " | cut -d' ' -f1,2) | |
| done |
| #!/bin/bash | |
| # DadeCo Next Generation Data Loss Prevention Platform | |
| # Advanced AI, blockchain powered, cloud native | |
| # Copyright 2020 DadeCo | |
| # Author: dade, of DadeCo | |
| ngrep -qt -d any -i "confidential|secret" |
| # Built by Sephiroth on 2020-06-24 03:04:16.607901 (UTC) | |
| # (aws) syncToken: 1592887752 | |
| # (aws) createDate: 2020-06-23-04-49-12 | |
| # (azure) changeNumber: 95 | |
| # (azure) cloud: Public | |
| # (gcp) _cloud-netblocks count: 8 | |
| # (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671 | |
| # (asn) ASN Data collected from api.hackertarget.com | |
| # Built by Sephiroth on 2020-06-24 03:05:20.327355 (UTC) | |
| # (aws) syncToken: 1592887752 | |
| # (aws) createDate: 2020-06-23-04-49-12 | |
| # (azure) changeNumber: 95 | |
| # (azure) cloud: Public | |
| # (gcp) _cloud-netblocks count: 8 | |
| # (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671 | |
| # (asn) ASN Data collected from api.hackertarget.com | |
| geo $block_ip { |
| # Built by Sephiroth on 2020-06-24 03:05:40.431464 (UTC) | |
| # (aws) syncToken: 1592887752 | |
| # (aws) createDate: 2020-06-23-04-49-12 | |
| # (azure) changeNumber: 95 | |
| # (azure) cloud: Public | |
| # (gcp) _cloud-netblocks count: 8 | |
| # (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671 | |
| # (asn) ASN Data collected from api.hackertarget.com | |
| # A quick nginx config that does some shameless transparent proxying. | |
| # The sub_filter module is available on my ubuntu install out of the box, but may not always be available | |
| # This demonstration of sub_filter is also extremely minimal. All requests that begin with `/` will load relatively anyways, this attempts to replace any fully qualified requests | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name exploit.party; | |
| return 301 https://$server_name$request_uri; | |
| } |
| name: Automatically limit | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" | |
| jobs: | |
| limiter: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Remove existing limit | |
| run: | |