Check-in by ben on 2025-07-06 02:08:13 Add feature to default deny, granting access only to client IP addresses in pass list. Pre-populate pass.tsv with known tildeverse plus a few known pubnix and friendly IP addresses. INSERTED DELETED 4 1 config.m4 1 0 make.sh 68 0 pass.tsv 39 0 src/cgi.awk 3 0 src/config.awk 115 1 TOTAL over 5 changed files Index: config.m4 ================================================================== --- config.m4 +++ config.m4 @@ -1,8 +1,8 @@ dnl Set configuration variables dnl -define(__PHAROS_VERSION__, 12)dnl +define(__PHAROS_VERSION__, 13)dnl dnl define(__AGENT__, Lynx/2.9.0dev.10 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/1.1.1w)dnl define(__API_ENDPOINT__, http://archive.org)dnl define(__API_SSL_ENDPOINT__, https://archive.org)dnl define(__AWK_EXT__, 0)dnl @@ -17,17 +17,20 @@ define(__CMD_RM__, rm)dnl define(__CMD_SQLITE__, /usr/bin/sqlite3)dnl define(__CMD_STRINGS__, /bin/busybox strings)dnl define(__CMD_WEBDUMP__, /usr/local/bin/webdump)dnl define(__CMD_XARGS__, /usr/bin/xargs)dnl +define(__CONTACT__, admin@example.com)dnl define(__GEOMYIDAE_VERSION__, 0.96)dnl define(__MAX_BIN_SIZE__, 10)dnl define(__MAX_TXT_SIZE__, 1)dnl +define(__PASS_ENABLED__, 0)dnl +define(__PASS_LIST__, /home/user/pharos/pass.tsv)dnl define(__SERVER__, server)dnl define(__PORT__, port)dnl dnl dnl Set up M4 to work with AWK code dnl define(m4_substr, defn(substr))dnl undefine(substr)dnl changecom(`/*', `*/')dnl define(incl,`ifdef(paste,paste($1),undivert($1))')dnl Index: make.sh ================================================================== --- make.sh +++ make.sh @@ -36,6 +36,7 @@ # WEIRD build $SRC ${SRC}/raw/index.cgi.m4 ${DESTDIR}/debug/index.cgi build $SRC ${SRC}/raw/index.cgi.m4 ${DESTDIR}/text/index.cgi build $SRC ${SRC}/download/index.dcgi.m4 ${DESTDIR}/direct/index.dcgi build $SRC ${SRC}/raw/index.cgi.m4 ${DESTDIR}/links/index.dcgi +cp pass.tsv ${DESTDIR}/pass.tsv exit 0 ADDED pass.tsv Index: pass.tsv ================================================================== --- /dev/null +++ pass.tsv @@ -0,0 +1,68 @@ +#IP name notes +#2a01:4f8:191:63af::3 de3-apache2.meulie.net www proxy crawled a lot https://gopherproxy.meulie.net/statistics/ +5.161.108.85 vern.cc https://tilde.wiki/Known_tildes +23.133.40.12 tilde.town tildeverse.org +45.33.66.185 rawtext.club https://tilde.wiki/Known_tildes +45.58.42.71 rw.rs tildeverse.org +46.225.38.51 vps-d19ace40.vps.ovh.net friendly +54.38.176.219 tilde.green tildeverse.org +54.68.197.142 nyx.nyx.net pubnix +54.149.138.40 hackers.cool https://tilde.wiki/Known_tildes +64.190.63.222 pebble.ink https://tilde.wiki/Known_tildes +63.155.6.201 63-155-6-201.eugn.qwest.net friendly +85.214.104.232 tilde.fun https://tilde.wiki/Known_tildes +88.198.101.33 r-36.net friendly +89.163.145.170 envs.net https://tilde.wiki/Known_tildes +95.179.178.246 tilde.guru tildeverse.org +95.216.6.12 tilde.pink tildeverse.org +104.238.186.103 cosmic.voyage tildeverse.org +116.202.128.144 freeshell.de pubnix +129.146.136.128 tylde.karx.xyz https://tilde.wiki/Known_tildes +138.197.211.90 skylab.org https://tilde.wiki/Known_tildes +142.44.150.184 tilde.club tildeverse.org +142.44.150.185 thunix.net tildeverse.org +149.210.185.89 codemadness.org www proxy +157.90.196.56 fr.tild3.org https://tilde.wiki/Known_tildes +159.69.146.152 tilde.institute tildeverse.org +159.196.9.199 gopher.mills.io www proxy +159.203.148.233 squiggle.city https://tilde.wiki/Known_tildes +165.227.127.54 ctrl-c.club tildeverse.org +166.84.1.8 shell.panix.com pubnix +166.84.1.9 shell.panix.com pubnix +166.84.1.10 shell.panix.com pubnix +172.66.40.245 crime.team https://tilde.wiki/Known_tildes +172.66.43.11 crime.team https://tilde.wiki/Known_tildes +173.32.203.226 piepi.art https://tilde.wiki/Known_tildes +185.179.143.92 xinu.me https://tilde.wiki/Known_tildes +192.9.177.29 aussies.space tildeverse.org +192.80.49.36 ampm.floodgap.com www proxy +198.50.210.248 tilde.team tildeverse.org +205.166.94.16 sdf.org pubnix +205.166.94.4 tty.sdf.org pubnix +205.166.94.9 tty.sdf.org pubnix +207.246.69.54 texto-plano.xyz tildeverse.org +209.50.56.120 remotes.club https://tilde.wiki/Known_tildes +209.97.187.90 dimension.sh https://tilde.wiki/Known_tildes +213.108.110.40 tilde.pt https://tilde.wiki/Known_tildes +2001:41d0:303:5ddb:: tilde.green tildeverse.org +2001:41d0:304:200::83e5 vps-d19ace40.vps.ovh.net friendly +2001:4ba0:ffa4:180::2 envs.net https://tilde.wiki/Known_tildes +2600:3c00::f03c:92ff:fe97:26fd gopher.zcrayfish.soy www proxy +2602:f72c:0:400::be50:77ed tilde.town tildeverse.org +2604:a880:2:d0::493a:b001 skylab.org https://tilde.wiki/Known_tildes +2604:a880:800:a1::14ff:9001 squiccle.city https://tilde.wiki/Known_tildes +2605:7380:1000:1310:202e:aff:fe0a:3ccb remotes.club https://tilde.wiki/Known_tildes +2606:4700:3108::ac42:28f5 crime.team https://tilde.wiki/Known_tildes +2606:4700:3108::ac42:2b0b crime.team https://tilde.wiki/Known_tildes +2607:5300:60:4f58::248 tilde.team tildeverse.org & www proxy +2607:5300:203:31b6::115 tilde.club tildeverse.org +2607:5300:203:31b6::185 thunix.net tildeverse.org +2a01:238:43f9:7700:2bc8:48bf:b264:3fc1 tilde.fun https://tilde.wiki/Known_tildes +2a01:4f8:222:19a::3 r-36.net friendly +2a01:4f8:231:482b::2 freeshell.de pubnix +2a01:4f8:252:3e22::56 fr.tild3.org https://tilde.wiki/Known_tildes +2a01:4f9:2a:65b::4 tilde.pink tildeverse.org +2a01:4ff:f0:4fb3::1 vern.cc https://tilde.wiki/Known_tildes +2a03:6000:6e65:627::37 fugu.contractcoder.biz friendly +2a03:b0c0:1:e0::38a:c001 dimension.sh https://tilde.wiki/Known_tildes +2a05:f480:1400:a93:5400:3ff:fe7b:d45d tilde.guru tildeverse.org Index: src/cgi.awk ================================================================== --- src/cgi.awk +++ src/cgi.awk @@ -1,6 +1,45 @@ +function block_msg(ip) { + print "Access Denied" + print "=============" + print "" + print "This service only allows access from vetted client IP addresses." + print "The intent is to thwart abusive bots and crawlers." + print "" + print "To gain access:" + print "" + print "* Email your client IP address (" ip ") to:" + print " " contact + print "" + print "* Include the word \"friendly\" in your message." + print "" + print "Service admin will reply when granted." + return +} + function cgi_init( ip) { + ip = ENVIRON["REMOTE_ADDR"] + if (pass_enabled) { + # default deny access except client IP addresses in pass list + blocked = 1 + while ((getline < pass_list) > 0) { + if (match(/^#/, $0)) { + # ignore comments + continue + } + if (ip == $1) { + blocked = 0 + break + } + } + close(pass_list) + if (blocked) { + block_msg(ip) + exit(0) + } + } + search = ARGV[1] arguments = ARGV[2] traversal = ARGV[5] selector = ARGV[6] Index: src/config.awk ================================================================== --- src/config.awk +++ src/config.awk @@ -13,12 +13,15 @@ cmd_rm = "__CMD_RM__" cmd_sqlite = "__CMD_SQLITE__" cmd_strings = "__CMD_STRINGS__" cmd_webdump = "__CMD_WEBDUMP__" cmd_xargs = "__CMD_XARGS__" + contact = "__CONTACT__" geomyidae_version = __GEOMYIDAE_VERSION__ max_bin_size = __MAX_BIN_SIZE__ max_txt_size = __MAX_TXT_SIZE__ + pass_enabled = __PASS_ENABLED__ + pass_list = "__PASS_LIST__" server = "__SERVER__" port = "__PORT__" return }