kato/warpbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): Implemented more security information

Browse Source
This commit is contained in:
Daniel Legt
2026-05-03 22:46:54 +03:00
parent 88ab6e808b
commit 9d9db5cf0b
20 changed files with 902 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
templates/admin/security.html
View File

@@ -37,6 +37,8 @@
<button class="menu-action" type="button" data-command="ban-ip"><span>B</span><span>Ban IP now</span><span></span></button>
<button class="menu-action" type="button" data-command="ban-until"><span>T</span><span>Set ban expiration</span><span></span></button>
<button class="menu-action" type="button" data-command="unban-ip"><span>U</span><span>Unban selected IP</span><span></span></button>
<button class="menu-action" type="button" data-command="bulk-unban"><span>K</span><span>Bulk unban selected</span><span></span></button>
<button class="menu-action" type="button" data-command="unban-all"><span>A</span><span>Unban all</span><span></span></button>
<button class="menu-action" type="button" data-command="refresh"><span>R</span><span>Refresh data</span><span>F5</span></button>
</div>
</div>
@@ -45,7 +47,7 @@
<div class="admin-workspace-body security-page-body">
<section class="security-grid">
<section class="security-panel">
<div class="security-panel-header"><strong>Manual controls</strong><span>basic first version</span></div>
<div class="security-panel-header"><strong>Manual controls</strong><span>admin actions</span></div>
<div class="security-panel-body">
<label class="security-field">IP address
<input class="security-input" id="security-ip-input" type="text" placeholder="203.0.113.12">
@@ -56,7 +58,9 @@
</label>
<button class="win98-button security-button" type="button" data-command="ban-until">Set ban expiration</button>
<button class="win98-button security-button" type="button" data-command="unban-ip">Unban selected IP</button>
<div class="security-note">Ban duration and auto-ban thresholds come from Settings -> Security.</div>
<button class="win98-button security-button" type="button" data-command="bulk-unban">Bulk unban selected</button>
<button class="win98-button security-button security-danger" type="button" data-command="unban-all">Unban all</button>
<div class="security-note">Ban duration, whitelist rules and trusted proxies are managed in Settings - Security.</div>
</div>
</section>
@@ -69,28 +73,44 @@
</section>
<section class="security-panel">
<div class="security-panel-header"><strong>IP addresses</strong><span id="security-bans-count">{{ len .Bans }} active bans</span></div>
<div class="security-panel-header"><strong>Active bans</strong><span id="security-bans-count">{{ len .Bans }} active bans</span></div>
<div class="security-panel-body security-ban-grid">
<div class="security-table-wrap security-bans-wrap">
<table class="security-table">
<thead>
<tr>
<th>IP</th>
<th>Status</th>
<th>Ban expires (UTC)</th>
</tr>
</thead>
<tbody id="security-bans-body"></tbody>
</table>
<div>
<div class="security-table-toolbar">
<input id="security-ban-filter" class="security-input" type="text" placeholder="Filter by IP">
<select id="security-ban-sort" class="security-input">
<option value="expiry_asc">Expiry ↑</option>
<option value="expiry_desc">Expiry ↓</option>
<option value="ip_asc">IP A-Z</option>
<option value="ip_desc">IP Z-A</option>
</select>
</div>
<div class="security-table-wrap security-bans-wrap">
<table class="security-table">
<thead>
<tr>
<th><input id="security-select-all" type="checkbox" aria-label="Select all"></th>
<th>IP</th>
<th>Status</th>
<th>Ban expires (UTC)</th>
</tr>
</thead>
<tbody id="security-bans-body"></tbody>
</table>
</div>
</div>
<div class="security-ip-detail">
<h3 id="security-detail-ip">No IP selected</h3>
<ul>
<li><strong>Risk:</strong> <span id="security-detail-risk">-</span></li>
<li><strong>Threat:</strong> <span id="security-detail-threat">-</span></li>
<li><strong>Geo:</strong> <span id="security-detail-geo">Placeholder (geoipfast later)</span></li>
<li><strong>ASN:</strong> <span id="security-detail-asn">Placeholder</span></li>
<li><strong>Geo:</strong> <span id="security-detail-geo">GeoIP not enabled yet</span></li>
<li><strong>ASN:</strong> <span id="security-detail-asn">GeoIP not enabled yet</span></li>
<li><strong>Ban until:</strong> <span id="security-detail-until">-</span></li>
<li><strong>Why banned:</strong> <span id="security-detail-why">-</span></li>
<li><button id="security-copy-ip" class="win98-button security-button" type="button">Copy IP</button></li>
<li><button id="security-open-activity" class="win98-button security-button" type="button">Search in activity</button></li>
<li><button id="security-open-alerts" class="win98-button security-button" type="button">Search in alerts</button></li>
</ul>
</div>
</div>
@@ -116,6 +136,27 @@
</div>
</div>
</section>
<section class="security-panel">
<div class="security-panel-header"><strong>Security Runbook</strong><span>ops quick reference</span></div>
<div class="security-panel-body security-docs">
<h4>Reverse Proxy and Trusted CIDRs</h4>
<p>Set <code>WARPBOX_TRUSTED_PROXY_CIDRS</code> to the CIDRs of your proxy nodes only. WarpBox will trust forwarding headers only when the direct remote IP is in this list.</p>
<pre>Caddyfile
:443 {
reverse_proxy 127.0.0.1:8080 {
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Real-IP {http.request.remote.host}
}
}</pre>
<h4>Ban / Unban Safety</h4>
<p>Use custom ban durations only for active incidents. Prefer temporary bans. Review the "why banned" detail before unbanning to avoid immediate re-abuse.</p>
<h4>Tuning Guidance</h4>
<p>Low traffic: lower <code>security_*_max_attempts</code>. High traffic: increase windows and attempt thresholds gradually, then monitor alerts/activity for false positives.</p>
<h4>GeoIP Guide (planned)</h4>
<p>For <code>geoip2fast</code>, keep lookups async-safe with a single loaded database, add a short timeout per lookup, cache by IP with TTL, and degrade gracefully to "unknown" on failures. Start with security detail pane only, then aggregate stats later.</p>
</div>
</section>
</div>
<footer class="status-bar admin-dashboard-statusbar">