SomeBlackMagic · dependabot · Aug 2, 2025 · Aug 13, 2025 · Aug 13, 2025
diff --git a/.docker/dev.Dockerfile b/.docker/dev.Dockerfile
@@ -8,12 +8,15 @@ RUN --mount=type=cache,sharing=shared,id=npm_cache,target=/root/.npm npm install
 
 COPY . /app
 
+
 ARG BUILD_TIME
 ARG BUILD_VERSION
 ARG BUILD_REVISION
 
 RUN sed -i -e "s#__DEV_DIRTY__#${BUILD_VERSION}-${BUILD_REVISION}#g" src/main.ts
 
+RUN npm run build
+
 ENTRYPOINT []
 
 CMD ["/nodejs/bin/node", "--require", "ts-node/register", "src/main.ts"]
diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile
@@ -29,7 +29,7 @@ COPY --from=busybox:1.35.0-uclibc /bin/tar /bin/tar
 WORKDIR /app
 
 COPY --from=builder /app/node_modules /app/node_modules
-COPY --from=builder /app/dist/ /app
+COPY --from=builder /app/dist /app
 
 ENTRYPOINT []
 

diff --git a/.dockerignore b/.dockerignore
@@ -12,3 +12,4 @@ Makefile
 CODEOWNERS
 README.md
 .idea
+node_modules
diff --git a/.gitignore b/.gitignore
@@ -44,3 +44,4 @@ test/Helpers/*.js
 test/Helpers/*.js.map
 bin
 .run
+**/*.min.html
diff --git a/config.example.yaml b/config.example.yaml
@@ -25,6 +25,55 @@ wafMiddleware:
   #  html: '' # OPTIONAL
   #  htmlLink: '' # OPTIONAL
 
+  # Under Attack Mode configuration
+  underAttack:
+    enabled: true # enable under attack mode
+    challengeDurationMs: 1800000 # 30 minutes token validity
+
+    conditions: []  # All conditions must be meat. If an array is empty - module work for all requests
+    #  - field: 'hostname' # or hostname, user-agent, header-<header-name>, geo-country, geo-city
+    #    check: # If any condition is met - check is considered successfully
+    #      - method: 'equals'
+    #        values: [ "foo-bar.com", "foo-bar.net", "foo-bar.io" ]
+
+    # Fingerprint checks settings
+    fingerprintChecks:
+      enabled: true
+      minScore: 70 # minimum score to pass (0-100)
+
+    # Bot detection settings
+    botDetection:
+      enabled: true
+      aiModel: "advanced" # basic or advanced (advanced recommended)
+      blockSuspiciousUA: true
+
+    # Tamper-proof check settings
+    advancedChecks:
+      enabled: true          # Enable advanced checks
+      challengeTimeout: 120  # Maximum time for a challenge in seconds
+      minBrowserProofScore: 60 # Minimum score for browser proofs (0-100)
+
+    # Challenge page settings
+    challengePage:
+      title: "Security Check"
+      # customHtmlPath: "/path/to/custom/challenge.html" # custom page
+
+    # URLs that don't require verification
+    skipUrls:
+      - "/__under_attack_challenge"
+      - "/favicon.ico"
+      - "/robots.txt"
+      - "/api/webhook/*" # wildcard support
+
+    # Cookie name for token
+    cookieName: "waf"
+
+    # Header for bypassing verification (for trusted services)
+    bypassHeader:
+      name: "X-Bypass-UnderAttack"
+      value: "secret-key-12345"
+
+
   whitelist:
     ips: [ '10.0.0.1', '10.0.0.2' ] # OPTIONAL
     ipSubnet: [ '192.168.0.0/22', '10.0.0.0/22' ] # OPTIONAL

diff --git a/data/.gitignore b/data/.gitignore
@@ -1,2 +1 @@
-*
-!.gitignore
+blocked_ips.json
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,3 +44,4 @@ test/Helpers/*.js @@
     test/Helpers/*.js.map
     bin
     .run
+    **/*.min.html