示例#1
0
        public Task Invoke(HttpContext httpContext)
        {
            #region Заголовок X-Forwarded-For запрещен
            if (httpContext.Request.Headers.TryGetValue("X-Forwarded-For", out _))
            {
                httpContext.Response.ContentType = "text/plain; charset=utf-8";
                return(httpContext.Response.WriteAsync("Заголовок X-Forwarded-For запрещен"));
            }
            #endregion

            // IP адрес пользователя
            string IP = httpContext.Connection.RemoteIpAddress.ToString();

            // Проверка кук для прохождения авторизации
            if (IsAuth.Auth(httpContext.Request.Cookies, IP, out bool IsConfirm2FA))
            {
                // Авторизация в Telegram
                if (!TelegramBot.IsAuth(IP))
                {
                    httpContext.Response.ContentType = "text/html";
                    return(httpContext.Response.WriteAsync(TelegramBot.AuthToHtml(IP)));
                }

                // Успех
                return(_next(httpContext));
            }

            // Редикт на страницу авторизациии
            return(RewriteTo.Local(httpContext, "auth"));
        }
示例#2
0
        public Task Invoke(HttpContext httpContext)
        {
            #region Заголовок X-Forwarded-For запрещен
            if (httpContext.Request.Headers.TryGetValue("X-Forwarded-For", out _))
            {
                httpContext.Response.ContentType = "text/plain; charset=utf-8";
                return(httpContext.Response.WriteAsync("Заголовок X-Forwarded-For запрещен"));
            }
            #endregion

            // IP адрес пользователя
            string IP = httpContext.Connection.RemoteIpAddress.ToString();

            // Проверка кук для прохождения авторизации
            if (IsAuth.Auth(httpContext.Request.Cookies, IP, out bool IsConfirm2FA))
            {
                // База Json
                var jsonDB = Service.Get <JsonDB>();

                // 2FA пройдена/отключена и запрос на страницу "/auth/confirm"
                if ((!jsonDB.Base.EnableTo2FA || IsConfirm2FA) && httpContext.Request.Path.Value.StartsWith("/auth/confirm"))
                {
                    return(RewriteTo.Local(httpContext, ""));
                }

                // Авторизация 2FA
                if (jsonDB.Base.EnableTo2FA)
                {
                    // 2FA пройдена или запрос на страницу "/auth/confirm"
                    if (IsConfirm2FA || httpContext.Request.Path.Value.StartsWith("/auth/confirm"))
                    {
                        return(_next(httpContext));
                    }

                    // Редикт на страницу 2FA
                    return(RewriteTo.Local(httpContext, "auth/confirm"));
                }

                // Успех
                return(_next(httpContext));
            }

            // Редикт на страницу авторизациии
            return(RewriteTo.Local(httpContext, "auth"));
        }
示例#3
0
        public static Task Check(HttpContext context)
        {
            #region Получаем параметры запроса
            var    gRequest = new Regex(@"^(\?ip=([^&]+)&|\?)method=([^&]+)&host=([^&]+)&uri=([^\n\r]+)").Match(context.Request.QueryString.Value).Groups;
            string IP = gRequest[2].Value, method = gRequest[3].Value.ToUpper(), host = Regex.Replace(gRequest[4].Value, @"^www\.", "", RegexOptions.IgnoreCase), uri = WebUtility.UrlDecode(gRequest[5].Value);

            // Проверяем правильно ли мы спарсили данные
            if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(uri))
            {
                context.Response.ContentType = "text/html; charset=utf-8";
                return(context.Response.WriteAsync("Не сохранен порядок запроса<br />Пример: /core/check/request?ip=127.0.0.1&method=GET&host=test.com&uri=/", context.RequestAborted));
            }

            // IP адрес пользователя
            if (string.IsNullOrWhiteSpace(IP))
            {
                IP = context.Connection.RemoteIpAddress.ToString();
            }
            #endregion

            #region Получаем параметры POST запроса
            string FormData = string.Empty;
            if (context.Request.Method == "POST")
            {
                StringBuilder mass = new StringBuilder();
                foreach (var arg in context.Request.Form)
                {
                    // Удаляем из ключа массивы [] и проверяем на пустоту
                    string key = Regex.Replace(arg.Key, @"\[([^\]]+)?\]", "", RegexOptions.IgnoreCase);
                    if (string.IsNullOrWhiteSpace(key))
                    {
                        continue;
                    }

                    mass.Append($"&{key}={arg.Value[0]}");
                }

                FormData = mass.ToString();
            }
            #endregion

            #region ViewBag
            var viewBag = new ViewBag();
            viewBag.DebugEnabled = jsonDB.Base.DebugEnabled;       // Режим дебага, выводит json правил
            viewBag.IsErrorRule  = false;                          // Переменная для ловли ошибок regex
            #endregion

            // Если домена нету в базе, то выдаем 303 или заглушку
            if (ISPCache.DomainToID(host) is int DomainID && DomainID == 0)
            {
                return(jsonDB.Base.EnableToDomainNotFound ? ViewDomainNotFound(context) : View(context, viewBag, ActionCheckLink.allow));
            }

            // Если у IP есть полный доступ к сайтам или к сайту
            if (CheckLinkWhitelistToAllDomain())
            {
                return(View(context, viewBag, ActionCheckLink.allow));
            }

            #region Получаем User-Agent и Referer
            // User-Agent
            string userAgent = string.Empty;
            if (context.Request.Headers.TryGetValue("User-Agent", out var tmp_userAgent))
            {
                userAgent = tmp_userAgent.ToString();
            }

            // Referer
            string Referer = string.Empty;
            if (context.Request.Headers.TryGetValue("Referer", out var tmp_Referer))
            {
                Referer = tmp_Referer.ToString();
            }
            #endregion

            // Достаем данные домена
            var Domain = ISPCache.GetDomain(DomainID);

            // Достаем настройки AntiBot из кеша
            var antiBotToGlobalConf = AntiBot.GlobalConf(jsonDB.AntiBot);

            // Достаем настройки WhiteList из кеша
            var whiteList = Engine.Base.SqlAndCache.WhiteList.GetCache(jsonDB.WhiteList);

            #region Проверяем "IP/User-Agent" в блокировке IPtables
            // Проверяем IP в блокировке IPtables по домену
            if (IPtablesMiddleware.CheckIP(IP, memoryCache, out IPtables BlockedData, host))
            {
                // Логируем пользователя
                AddJurnalTo200(IsIPtables: true);
                SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest);

                // Отдаем ответ
                context.Response.StatusCode  = 401;
                context.Response.ContentType = "text/html; charset=utf-8";
                return(context.Response.WriteAsync(IPtablesMiddleware.BlockedToHtml(IP, BlockedData.Description, BlockedData.TimeExpires), context.RequestAborted));
            }

            // Проверяем User-Agent в блокировке IPtables
            if (IPtablesMiddleware.CheckUserAgent(userAgent))
            {
                // Логируем пользователя
                AddJurnalTo200(IsIPtables: true);
                SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest);

                // Отдаем ответ
                context.Response.StatusCode  = 401;
                context.Response.ContentType = "text/html; charset=utf-8";
                return(context.Response.WriteAsync(IPtablesMiddleware.BlockedHtmlToUserAgent(userAgent), context.RequestAborted));
            }
            #endregion

            // IP нету в пользовательском белом списке
            // IP нету в глобальном белом списке
            if (!Regex.IsMatch(IP, whiteList.IpRegex) &&
                !WhitePtr.IsWhiteIP(IP))
            {
                #region AntiBot
                if (!AntiBot.ValidRequest(((antiBotToGlobalConf.conf.Enabled || Domain.AntiBot.UseGlobalConf) ? antiBotToGlobalConf.conf.type : Domain.AntiBot.type), host, method, uri, context, Domain, out string outHtml))
                {
                    // Логируем пользователя
                    AddJurnalTo200(IsAntiBot: true);
                    SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest);

                    // Выводим html пользователю
                    context.Response.ContentType = "text/html; charset=utf-8";
                    return(context.Response.WriteAsync(outHtml, context.RequestAborted));
                }
                #endregion

                #region Лимит запросов
                if (Domain.limitRequest.IsEnabled || antiBotToGlobalConf.conf.limitRequest.IsEnabled)
                {
                    // Настройки лимита запросов
                    var limitRequest = (antiBotToGlobalConf.conf.limitRequest.IsEnabled || Domain.limitRequest.UseGlobalConf) ? antiBotToGlobalConf.conf.limitRequest : Domain.limitRequest;

                    // Проверяем белый список UserAgent
                    if (!Regex.IsMatch(userAgent, whiteList.UserAgentRegex, RegexOptions.IgnoreCase))
                    {
                        #region IsWhitePtr
                        bool IsWhitePtr(out string PtrHostName)
                        {
                            PtrHostName = null;

                            string KeyLimitRequestToBlockedWait = $"LimitRequestToBlockedWait-{IP}_{host}";

                            if (memoryCache.TryGetValue(KeyLimitRequestToBlockedWait, out _))
                            {
                                return(true);
                            }
                            memoryCache.Set(KeyLimitRequestToBlockedWait, (byte)0, TimeSpan.FromMinutes(5));

                            #region DNSLookup
                            try
                            {
                                // Белый список Ptr
                                string WhitePtrRegex = whiteList.PtrRegex;
                                if (WhitePtrRegex != "^$" && !string.IsNullOrWhiteSpace(WhitePtrRegex))
                                {
                                    // Получаем имя хоста по IP
                                    var DnsHost = Dns.GetHostEntryAsync(IP).Result;

                                    // Получаем IP хоста по имени
                                    DnsHost = Dns.GetHostEntryAsync(DnsHost.HostName).Result;

                                    // Проверяем имя хоста и IP на совпадение
                                    if (DnsHost.AddressList.Where(i => i.ToString() == IP).FirstOrDefault() != null)
                                    {
                                        PtrHostName = DnsHost.HostName;

                                        // Проверяем имя хоста на белый список DNSLookup
                                        if (Regex.IsMatch(DnsHost.HostName, WhitePtrRegex, RegexOptions.IgnoreCase))
                                        {
                                            // Добовляем IP в белый список на 9 дней
                                            WhitePtr.Add(IP, DateTime.Now.AddDays(9));
                                            memoryCache.Remove(KeyLimitRequestToBlockedWait);
                                            return(true);
                                        }
                                    }
                                }
                            }
                            catch { }
                            #endregion

                            // Сносим временную запись
                            memoryCache.Remove(KeyLimitRequestToBlockedWait);
                            return(false);
                        }

                        #endregion

                        #region Локальный метод - "СheckingToreCAPTCHA"
                        bool СheckingToreCAPTCHA(out Task content, int ExpiresToMinute)
                        {
                            content = null;

                            if (IsWhitePtr(out _))
                            {
                                return(false);
                            }

                            #region Валидный пользователь
                            if (memoryCache.TryGetValue(KeyToMemoryCache.LimitRequestToreCAPTCHA(IP), out (int countRequest, int ExpiresToMinute)item))
                            {
                                // Пользователь превысил допустимый лимит
                                if (item.countRequest >= limitRequest.MaxRequestToAgainСheckingreCAPTCHA)
                                {
                                    // Удаляем запись
                                    memoryCache.Remove(KeyToMemoryCache.LimitRequestToreCAPTCHA(IP));
                                    return(false);
                                }

                                // Считаем количество запросов
                                item.countRequest++;
                                memoryCache.Set(KeyToMemoryCache.LimitRequestToreCAPTCHA(IP), item, TimeSpan.FromMinutes(item.ExpiresToMinute));
                                return(false);
                            }
                            #endregion

                            #region Кеш шаблона
                            // Путь к шаблону
                            string SourceFile = $"{Folders.Tpl.LimitRequest}/reCAPTCHA.tpl";
                            if (!File.Exists(SourceFile))
                            {
                                SourceFile = $"{Folders.Tpl.LimitRequest}/default/reCAPTCHA.tpl";
                            }

                            // Время модификации файла
                            DateTime LastWriteTimeToFile = File.GetLastWriteTime(SourceFile);

                            // default value
                            (DateTime LastWriteTime, string Source)cacheTpl = (DateTime.Now, "");

                            // Обновляем кеш
                            if (!memoryCache.TryGetValue("core.Check.Request:LimitRequest-tpl", out cacheTpl) || LastWriteTimeToFile != cacheTpl.LastWriteTime)
                            {
                                cacheTpl.LastWriteTime = LastWriteTimeToFile;
                                cacheTpl.Source        = File.ReadAllText(SourceFile);
                                memoryCache.Set("core.Check.Request:LimitRequest-tpl", cacheTpl);
                            }
                            #endregion

                            #region Замена полей
                            string tpl = Regex.Replace(cacheTpl.Source, @"\{isp:([^\}]+)\}", key =>
                            {
                                switch (key.Groups[1].Value)
                                {
                                case "CoreApiUrl":
                                    return(jsonDB.Base.CoreAPI);

                                case "reCAPTCHASitekey":
                                    return(jsonDB.Base.reCAPTCHASitekey);

                                case "IP":
                                    return(IP);

                                case "ExpiresToMinute":
                                    return(ExpiresToMinute.ToString());

                                case "hash":
                                    return(md5.text($"{IP}{ExpiresToMinute}:{PasswdTo.salt}"));

                                default:
                                    return(string.Empty);
                                }
                            });
                            #endregion

                            // Ответ
                            context.Response.ContentType = "text/html; charset=utf-8";
                            content = context.Response.WriteAsync(tpl, context.RequestAborted);
                            return(true);
                        }

                        #endregion

                        #region Локальный метод - "CheckToLimit"
                        bool CheckToLimit(string keyName, int limit, int ExpiresToMinute, out CacheValue _cacheValue)
                        {
                            string key = $"LimitRequestTo{keyName}-{IP}_{host}";

                            if (memoryCache.TryGetValue(key, out CacheValue item))
                            {
                                item.value++;
                                _cacheValue = item;
                                if (item.value > limit)
                                {
                                    return(true);
                                }
                            }
                            else
                            {
                                _cacheValue = new CacheValue()
                                {
                                    value = 1, Expires = DateTime.Now.AddMinutes(ExpiresToMinute)
                                };
                                memoryCache.Set(key, _cacheValue, TimeSpan.FromMinutes(ExpiresToMinute));
                            }

                            return(false);
                        }

                        #endregion

                        #region Локальный метод - "BlockedToIP"
                        void BlockedToIP(string Msg, DateTime Expires)
                        {
                            if (IsWhitePtr(out string PtrHostName))
                            {
                                return;
                            }

                            // Записываем IP в кеш IPtables и журнал
                            SetBlockedToIPtables(Msg, Expires, PtrHostName);
                        }

                        #endregion

                        // Переменная для кеша
                        CacheValue cacheValue;

                        #region Метод блокировки
                        LimitToBlockType BlockType = limitRequest.BlockType;
                        if (BlockType == LimitToBlockType.reCAPTCHA && (antiBotToGlobalConf.conf.limitRequest.IsEnabled || Domain.limitRequest.UseGlobalConf))
                        {
                            // Если домена нету в глобальных настройках
                            if (!Regex.IsMatch(host, antiBotToGlobalConf.DomainsToreCaptchaRegex, RegexOptions.IgnoreCase))
                            {
                                BlockType = LimitToBlockType._403;
                            }
                        }
                        #endregion

                        #region Минутный лимит
                        if (limitRequest.MinuteLimit != 0 && CheckToLimit("Minute", limitRequest.MinuteLimit, 1, out cacheValue))
                        {
                            switch (BlockType)
                            {
                            case LimitToBlockType._403:
                                BlockedToIP("Превышен минутный лимит на запросы", cacheValue.Expires);
                                memoryCache.Remove($"LimitRequestToMinute-{IP}_{host}");
                                break;

                            case LimitToBlockType.reCAPTCHA:
                            {
                                if (СheckingToreCAPTCHA(out Task res, 2))
                                {
                                    return(res);
                                }
                            }
                            break;
                            }
                        }
                        #endregion

                        #region Часовой лимит
                        if (limitRequest.HourLimit != 0 && CheckToLimit("Hour", limitRequest.HourLimit, 60, out cacheValue))
                        {
                            switch (BlockType)
                            {
                            case LimitToBlockType._403:
                                BlockedToIP("Превышен часовой лимит на запросы", cacheValue.Expires);
                                memoryCache.Remove($"LimitRequestToHour-{IP}_{host}");
                                break;

                            case LimitToBlockType.reCAPTCHA:
                            {
                                if (СheckingToreCAPTCHA(out Task res, 61))
                                {
                                    return(res);
                                }
                            }
                            break;
                            }
                        }
                        #endregion

                        #region Дневной лимит
                        if (limitRequest.DayLimit != 0 && CheckToLimit("Day", limitRequest.DayLimit, 1440, out cacheValue))
                        {
                            switch (BlockType)
                            {
                            case LimitToBlockType._403:
                                BlockedToIP("Превышен дневной лимит на запросы", cacheValue.Expires);
                                memoryCache.Remove($"LimitRequestToHour-{IP}_{host}");
                                memoryCache.Remove($"LimitRequestToDay-{IP}_{host}");
                                break;

                            case LimitToBlockType.reCAPTCHA:
                            {
                                if (СheckingToreCAPTCHA(out Task res, 1441))
                                {
                                    return(res);
                                }
                            }
                            break;
                            }
                        }
                        #endregion
                    }
                }
                #endregion
            }

            #region Защита от Brute Force
            if (Domain.StopBruteForce != BruteForceType.Not)
            {
                // Настройки
                var BrutConf = jsonDB.BruteForceConf;

                // Переменная для кеша
                CacheValue cacheValue;

                #region Локальный метод - "CheckToLimit"
                bool CheckToLimit(string keyName, int limit, int ExpiresToMinute, out CacheValue _cacheValue)
                {
                    string key = $"BruteForceTo{keyName}-{IP}_{host}";

                    if (memoryCache.TryGetValue(key, out CacheValue item))
                    {
                        _cacheValue = item;
                        if (item.value >= limit)
                        {
                            return(true);
                        }
                    }

                    _cacheValue = null;
                    return(false);
                }

                #endregion

                #region Локальный метод - "BlockedToIP"
                void BlockedToIP(string Msg, DateTime Expires)
                {
                    string KeyLimitRequestToBlockedWait = $"BruteForceToBlockedWait-{IP}_{host}";

                    if (memoryCache.TryGetValue(KeyLimitRequestToBlockedWait, out _))
                    {
                        return;
                    }
                    memoryCache.Set(KeyLimitRequestToBlockedWait, (byte)0, TimeSpan.FromMinutes(5));

                    // Записываем IP в кеш IPtables и журнал
                    SetBlockedToIPtables(Msg, Expires, null);

                    // Сносим временную запись
                    memoryCache.Remove(KeyLimitRequestToBlockedWait);
                }

                #endregion

                // Блокировка IP
                if (CheckToLimit("Day", BrutConf.DayLimit, 1440, out cacheValue) || CheckToLimit("Hour", BrutConf.HourLimit, 60, out cacheValue) || CheckToLimit("Minute", BrutConf.MinuteLimit, 1, out cacheValue))
                {
                    BlockedToIP("Защита от Brute Force", cacheValue.Expires);
                }

                // Была авторизация
                if (BruteForce.IsLogin(Domain.StopBruteForce, method, uri, FormData))
                {
                    #region Локальный метод - "SetValue"
                    void SetValue(string keyName, int ExpiresToMinute)
                    {
                        string key = $"BruteForceTo{keyName}-{IP}_{host}";

                        if (memoryCache.TryGetValue(key, out CacheValue item))
                        {
                            item.value++;
                        }
                        else
                        {
                            memoryCache.Set(key, new CacheValue()
                            {
                                value = 1, Expires = DateTime.Now.AddMinutes(ExpiresToMinute)
                            }, TimeSpan.FromMinutes(ExpiresToMinute));
                        }
                    }

                    #endregion

                    // Обновляем счетчики
                    SetValue("Day", 1440);
                    SetValue("Hour", 60);
                    SetValue("Minute", 1);
                }
            }
            #endregion

            #region ViewBag
            if (jsonDB.Base.DebugEnabled)
            {
                viewBag.IP                  = IP;
                viewBag.jsonDomain          = JsonConvert.SerializeObject(Domain, Formatting.Indented);
                viewBag.antiBotToGlobalConf = JsonConvert.SerializeObject(antiBotToGlobalConf, Formatting.Indented);
                viewBag.FormData            = FormData;
            }

            viewBag.method    = method;
            viewBag.host      = host;
            viewBag.uri       = uri;
            viewBag.Referer   = context.Request.Headers["Referer"];
            viewBag.UserAgent = userAgent;
            #endregion

            #region Замена ответа - 302/код
            try
            {
                // Проверка url и GET аргументов
                if (Regex.IsMatch(uri, Domain.RuleReplaces.RuleGetToRegex, RegexOptions.IgnoreCase))
                {
                    // Проверка POST аргументов
                    if (method != "POST" || (method == "POST" && Regex.IsMatch($"{(new Regex(@"^(/[^\?\&]+)").Match(uri).Groups[1].Value)}{FormData}", Domain.RuleReplaces.RulePostToRegex, RegexOptions.IgnoreCase)))
                    {
                        // Разделяем URL на аргументы
                        var    g    = new Regex(@"^(/([^\?&]+)?((\?|&).*)?)$").Match(uri).Groups;
                        string args = g[3].Value.Replace("?", "&");

                        #region Локальный метод - GetRule
                        ModelCache.Rules.RuleReplace GetRule()
                        {
                            foreach (var item in Domain.RuleReplaces.Rules)
                            {
                                // Url не подходит
                                if (!Regex.IsMatch($"/{g[2].Value}", $"^{item.uri}$", RegexOptions.IgnoreCase))
                                {
                                    continue;
                                }

                                if (method == "POST")
                                {
                                    // Get или POST аргументы подходят
                                    if (Regex.IsMatch(args, item.GetArgsToRegex, RegexOptions.IgnoreCase) || Regex.IsMatch(FormData, item.PostArgsToRegex, RegexOptions.IgnoreCase))
                                    {
                                        return(item);
                                    }
                                }
                                else
                                {
                                    // Get аргументы подходят
                                    if (Regex.IsMatch(args, item.GetArgsToRegex, RegexOptions.IgnoreCase))
                                    {
                                        return(item);
                                    }
                                }
                            }

                            return(null);
                        }
                        #endregion

                        // Находим правило которое подходит для нашего запроса
                        if (GetRule() is ModelCache.Rules.RuleReplace rule)
                        {
                            #region Локальный метод - "ReplaceArgs"
                            string ReplaceArgs(string _args, string regexArgs)
                            {
                                StringBuilder mass = new StringBuilder();

                                foreach (var arg in _args.Split('&'))
                                {
                                    if (string.IsNullOrWhiteSpace(arg) || !arg.Contains('='))
                                    {
                                        continue;
                                    }

                                    var tmpArg = arg.Split('=');

                                    // Список аргументов для замены
                                    if (Regex.IsMatch(regexArgs, tmpArg[0], RegexOptions.IgnoreCase))
                                    {
                                        mass.Append("&" + tmpArg[0] + "=" + Regex.Replace(tmpArg[1], rule.RegexWhite, ""));
                                    }
                                    else
                                    {
                                        mass.Append("&" + arg);
                                    }
                                }

                                return(mass.ToString());
                            }
                            #endregion

                            #region Локальный метод - "ResponseContent"
                            Task ResponseContent(string _argsGet)
                            {
                                // Записываем данные пользователя
                                AddJurnalTo200();
                                SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest);

                                // Тип ответа
                                if (rule.TypeResponse == TypeResponseRule.kode)
                                {
                                    // Пользовательский код
                                    context.Response.ContentType = rule.ContentType;
                                    return(context.Response.WriteAsync(rule.kode, context.RequestAborted));
                                }
                                else
                                {
                                    if (string.IsNullOrWhiteSpace(rule.ResponceUri))
                                    {
                                        // Если url для 302 не указан
                                        return(RewriteTo.Local(context, g[2].Value + Regex.Replace(_argsGet, "^&", "?")));
                                    }
                                    else
                                    {
                                        // Редирект на указаный URL
                                        return(RewriteTo.Local(context, rule.ResponceUri.Replace("{arg}", Regex.Replace(_argsGet, "^&", "?"))));
                                    }
                                }
                            }
                            #endregion

                            // Если аргументы для проверки не указаны
                            if (rule.GetArgs == "" && rule.PostArgs == "")
                            {
                                return(ResponseContent(string.Empty));
                            }

                            #region argsGet / argsPOST
                            string argsGet  = ReplaceArgs(args, rule.GetArgs);
                            string argsPOST = string.Empty;

                            if (method == "POST")
                            {
                                argsPOST = ReplaceArgs(FormData, rule.PostArgs);
                            }
                            #endregion

                            // Замена ответа, если в аргументах есть лишние символы
                            if (args != argsGet || FormData != argsPOST)
                            {
                                return(ResponseContent(argsGet));
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                // Записываем данные ошибки в журнал
                AddJurnalTo500(ex.Message);
                SetCountRequestToHour(TypeRequest._500, host, Domain.confToLog.EnableCountRequest);

                // Выводим ошибку
                viewBag.IsErrorRule         = true;
                viewBag.ErrorTitleException = "Ошибка в правиле";
                viewBag.ErrorRuleException  = jsonDB.Base.DebugEnabled ? ex.Message : "Данные ошибки доступны в журнале 500";
                return(View(context, viewBag, ActionCheckLink.deny));
            }
            #endregion

            // Переопределенные правила
            if (OpenPageToRule(Domain.RuleOverrideAllow, Domain.RuleOverride2FA, Domain.RuleOverrideDeny) is Task pageToRuleOverride)
            {
                return(pageToRuleOverride);
            }

            // Обычные правила
            if (OpenPageToRule(Domain.RuleAllow, Domain.Rule2FA, Domain.RuleDeny) is Task pageToRule)
            {
                return(pageToRule);
            }

            // Записываем данные пользователя
            AddJurnalTo403And303(Is303: true);
            SetCountRequestToHour(TypeRequest._303, host, Domain.confToLog.EnableCountRequest);

            // Если не одно правило не подошло
            return(View(context, viewBag, ActionCheckLink.allow));

            #region Локальный метод - "OpenPageToRule"
            Task OpenPageToRule(ModelCache.Rules.Rule RuleAllow, ModelCache.Rules.Rule Rule2FA, ModelCache.Rules.Rule RuleDeny)
            {
                #region  азрешенные запросы
                if (IsRequestTheRules(RuleAllow))
                {
                    // Записываем данные пользователя
                    AddJurnalTo403And303(Is303: true);
                    SetCountRequestToHour(TypeRequest._303, host, Domain.confToLog.EnableCountRequest);

                    // Если режим дебага выключен
                    if (!jsonDB.Base.DebugEnabled)
                    {
                        context.Response.StatusCode = 303;
                        return(context.Response.WriteAsync("303", context.RequestAborted));
                    }

                    // Разрешаем запрос
                    return(View(context, viewBag, ActionCheckLink.allow));
                }
                #endregion

                #region Правила 2FA
                else if (IsRequestTheRules(Rule2FA))
                {
                    // Записываем данные пользователя
                    AddJurnalTo200(Is2FA: true);
                    SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest);

                    // Если IP для 2FA уже есть
                    if (memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistTo2FA(host, IP), out byte _))
                    {
                        // Авторизация в Telegram
                        if (!TelegramBot.IsAuth(IP, Is2FA: true))
                        {
                            context.Response.ContentType = "text/html";
                            return(context.Response.WriteAsync(TelegramBot.AuthToHtml(IP), context.RequestAborted));
                        }

                        // Успех
                        return(View(context, viewBag, ActionCheckLink.allow));
                    }

                    // Просим пройти 2FA авторизацию
                    viewBag.CoreAPI = jsonDB.Base.CoreAPI;
                    return(View(context, viewBag, ActionCheckLink.Is2FA));
                }
                #endregion

                #region Запрещенные запросы
                else if (IsRequestTheRules(RuleDeny))
                {
                    // Записываем данные пользователя
                    AddJurnalTo403And303(Is403: true);
                    SetCountRequestToHour(TypeRequest._403, host, Domain.confToLog.EnableCountRequest);

                    // Отдаем страницу 403
                    return(View(context, viewBag, ActionCheckLink.deny));
                }
                #endregion

                // Если не одно правило не подошло
                return(null);
            }

            #endregion

            #region Локальный метод - "IsRequestTheRules"
            bool IsRequestTheRules(ModelCache.Rules.Rule rule)
            {
                #region Быстрая проверка 'GET/POST' запроса
                try
                {
                    switch (method)
                    {
                    case "GET":
                        return(rule.RuleGetToRegex != "^$" && Regex.IsMatch(uri, rule.RuleGetToRegex, RegexOptions.IgnoreCase));

                    case "POST":
                    {
                        if (rule.RulePostToRegex != "^$" && Regex.IsMatch(uri, rule.RulePostToRegex, RegexOptions.IgnoreCase))
                        {
                            return(true);
                        }
                        break;
                    }

                    default:
                    {
                        // Записываем данные ошибки в журнал
                        AddJurnalTo500($"Метод '{method}' не поддерживается", IsException: true);
                        SetCountRequestToHour(TypeRequest._500, host, Domain.confToLog.EnableCountRequest);
                        return(true);
                    }
                    }

                    // Быстрая проверка POST запроса
                    if (rule.RuleArgsCheckPostToRegex == "^$" || !Regex.IsMatch(uri, rule.RuleArgsCheckPostToRegex, RegexOptions.IgnoreCase))
                    {
                        return(false);
                    }
                }
                catch (Exception ex)
                {
                    // Записываем данные ошибки в журнал
                    AddJurnalTo500(ex.Message);
                    SetCountRequestToHour(TypeRequest._500, host, Domain.confToLog.EnableCountRequest);

                    // Если есть ошибка в одном из регексов
                    viewBag.IsErrorRule         = true;
                    viewBag.ErrorTitleException = "Ошибка в правиле";
                    viewBag.ErrorRuleException  = jsonDB.Base.DebugEnabled ? ex.Message : "Данные ошибки доступны в журнале 500";
                    return(true);
                }
                #endregion

                #region Полная проверка POST запроса
                // Если POST правил нету - (ложное срабатывание в 'RuleArgsCheckPostToRegex')
                if (rule.postRules == null && rule.postRules.Count < 1)
                {
                    return(false);
                }

                foreach (var postRules in rule.postRules)
                {
                    try
                    {
                        if (Regex.IsMatch(uri, postRules.rule, RegexOptions.IgnoreCase))
                        {
                            // Проверяем есть ли в запросе POST аргументы не указаные в списке правил
                            if (Regex.IsMatch(FormData, postRules.RulePostToRegex, RegexOptions.IgnoreCase))
                            {
                                return(true);
                            }
                        }
                    }
                    catch (Exception ex)
                    {
                        // Записываем данные ошибки в журнал
                        AddJurnalTo500(ex.Message);
                        SetCountRequestToHour(TypeRequest._500, host, Domain.confToLog.EnableCountRequest);

                        // Если есть ошибка в одном из регексов
                        viewBag.IsErrorRule         = true;
                        viewBag.ErrorTitleException = "Ошибка в правиле";
                        viewBag.ErrorRuleException  = jsonDB.Base.DebugEnabled ? ex.Message : "Данные ошибки доступны в журнале 500";
                        return(true);
                    }
                }
                #endregion

                // Если ничего не подошло
                return(false);
            }

            #endregion

            #region Локальный метод - "AddJurnalTo500"
            void AddJurnalTo500(string errorMsg, bool IsException = false)
            {
                if (IsException)
                {
                    viewBag.IsErrorRule         = true;
                    viewBag.ErrorTitleException = "Ошибка в запросе";
                    viewBag.ErrorRuleException  = errorMsg;
                }

                if (Domain.confToLog.Jurn500 != WriteLogMode.off)
                {
                    // Игнорирование логов
                    if (!Regex.IsMatch(uri, Domain.IgnoreLogToRegex, RegexOptions.IgnoreCase))
                    {
                        var model = new Jurnal500()
                        {
                            IP        = IP,
                            Host      = host,
                            Method    = method,
                            Uri       = uri,
                            FormData  = FormData,
                            UserAgent = userAgent,
                            Referer   = context.Request.Headers["Referer"],
                            Time      = DateTime.Now,
                            ErrorMsg  = errorMsg
                        };

                        // Записываем данные в журнал
                        switch (Domain.confToLog.Jurn500)
                        {
                        case WriteLogMode.File:
                            WriteLogTo.FileStream(model);
                            break;

                        case WriteLogMode.SQL:
                            WriteLogTo.SQL(model);
                            break;

                        case WriteLogMode.all:
                            WriteLogTo.SQL(model);
                            WriteLogTo.FileStream(model);
                            break;
                        }
                    }
                }
            }

            #endregion

            #region Локальный метод - "AddJurnalTo403And303"
            void AddJurnalTo403And303(bool Is403 = false, bool Is303 = false)
            {
                if (viewBag.IsErrorRule)
                {
                    return;
                }

                // Игнорирование логов
                if (Domain.confToLog.IsActive && (Domain.confToLog.Jurn403 != WriteLogMode.off || Domain.confToLog.Jurn303 != WriteLogMode.off) && !Regex.IsMatch(uri, Domain.IgnoreLogToRegex, RegexOptions.IgnoreCase))
                {
                    ThreadPool.QueueUserWorkItem(ob =>
                    {
                        var geoIP = (Country: "Disabled", City: "Disabled", Region: "Disabled");
                        if (Domain.confToLog.EnableGeoIP)
                        {
                            geoIP = GeoIP2.City(IP);
                        }


                        #region 403
                        if (Is403)
                        {
                            var model = new Jurnal403()
                            {
                                IP        = IP,
                                Host      = host,
                                Method    = method,
                                Uri       = uri,
                                FormData  = FormData,
                                UserAgent = userAgent,
                                Referer   = Referer,
                                Country   = geoIP.Country,
                                City      = geoIP.City,
                                Region    = geoIP.Region,
                                Time      = DateTime.Now
                            };

                            // Записываем данные в журнал
                            switch (Domain.confToLog.Jurn403)
                            {
                            case WriteLogMode.File:
                                WriteLogTo.FileStream(model);
                                break;

                            case WriteLogMode.SQL:
                                WriteLogTo.SQL(model);
                                break;

                            case WriteLogMode.all:
                                WriteLogTo.SQL(model);
                                WriteLogTo.FileStream(model);
                                break;
                            }
                        }
                        #endregion

                        #region 303
                        if (Is303)
                        {
                            var model = new Jurnal303()
                            {
                                IP        = IP,
                                Host      = host,
                                Method    = method,
                                Uri       = uri,
                                FormData  = FormData,
                                UserAgent = userAgent,
                                Referer   = Referer,
                                Country   = geoIP.Country,
                                City      = geoIP.City,
                                Region    = geoIP.Region,
                                Time      = DateTime.Now
                            };

                            // Записываем данные в журнал
                            switch (Domain.confToLog.Jurn303)
                            {
                            case WriteLogMode.File:
                                WriteLogTo.FileStream(model);
                                break;

                            case WriteLogMode.SQL:
                                WriteLogTo.SQL(model);
                                break;

                            case WriteLogMode.all:
                                WriteLogTo.SQL(model);
                                WriteLogTo.FileStream(model);
                                break;
                            }
                        }
                        #endregion
                    });
                }
            }

            #endregion

            #region Локальный метод - "AddJurnalTo200"
            void AddJurnalTo200(bool IsAntiBot = false, bool Is2FA = false, bool IsIPtables = false)
            {
                // Игнорирование логов
                if (Domain.confToLog.IsActive && !Regex.IsMatch(uri, Domain.IgnoreLogToRegex, RegexOptions.IgnoreCase))
                {
                    ThreadPool.QueueUserWorkItem(ob =>
                    {
                        var geoIP = (Country: "Disabled", City: "Disabled", Region: "Disabled");
                        if (Domain.confToLog.EnableGeoIP)
                        {
                            geoIP = GeoIP2.City(IP);
                        }

                        #region Тип журнала
                        var typeJurn = TypeJurn200.Unknown;

                        if (IsAntiBot)
                        {
                            typeJurn = TypeJurn200.AntiBot;
                        }

                        if (Is2FA)
                        {
                            typeJurn = TypeJurn200._2FA;
                        }

                        if (IsIPtables)
                        {
                            typeJurn = TypeJurn200.IPtables;
                        }
                        #endregion

                        var model = new Jurnal200()
                        {
                            typeJurn  = typeJurn,
                            IP        = IP,
                            Host      = host,
                            Method    = method,
                            Uri       = uri,
                            FormData  = FormData,
                            UserAgent = userAgent,
                            Referer   = Referer,
                            Country   = geoIP.Country,
                            City      = geoIP.City,
                            Region    = geoIP.Region,
                            Time      = DateTime.Now
                        };

                        // Записываем данные в журнал
                        switch (Domain.confToLog.Jurn200)
                        {
                        case WriteLogMode.File:
                            WriteLogTo.FileStream(model);
                            break;

                        case WriteLogMode.SQL:
                            WriteLogTo.SQL(model);
                            break;

                        case WriteLogMode.all:
                            WriteLogTo.FileStream(model);
                            break;
                        }
                    });
                }
            }

            #endregion

            #region Локальный метод - "SetBlockedToIPtables"
            void SetBlockedToIPtables(string Msg, DateTime Expires, string PtrHostName)
            {
                // Данные для статистики
                SetCountRequestToHour(TypeRequest._401, host, Domain.confToLog.EnableCountRequest);

                // Записываем IP в кеш IPtables
                memoryCache.Set(KeyToMemoryCache.IPtables(IP, host), new IPtables(Msg, Expires), Expires);

                // Дублируем информацию в SQL
                WriteLogTo.SQL(new BlockedIP()
                {
                    IP           = IP,
                    BlockingTime = Expires,
                    Description  = Msg,
                    typeBlockIP  = TypeBlockIP.domain,
                    BlockedHost  = host
                });

                // Игнорирование логов
                if (Domain.confToLog.IsActive && !Regex.IsMatch(uri, Domain.IgnoreLogToRegex, RegexOptions.IgnoreCase))
                {
                    var geoIP = (Country : "Disabled", City : "Disabled", Region : "Disabled");
                    if (Domain.confToLog.EnableGeoIP)
                    {
                        geoIP = GeoIP2.City(IP);
                    }

                    // Модель
                    Jurnal401 model = new Jurnal401()
                    {
                        Host      = host,
                        IP        = IP,
                        Msg       = Msg,
                        Ptr       = PtrHostName,
                        UserAgent = userAgent,
                        Country   = geoIP.Country,
                        City      = geoIP.City,
                        Region    = geoIP.Region,
                        Time      = DateTime.Now
                    };

                    // Записываем данные в журнал
                    switch (Domain.confToLog.Jurn401)
                    {
                    case WriteLogMode.File:
                        WriteLogTo.FileStream(model);
                        break;

                    case WriteLogMode.SQL:
                        WriteLogTo.SQL(model);
                        break;

                    case WriteLogMode.all:
                        WriteLogTo.SQL(model);
                        WriteLogTo.FileStream(model);
                        break;
                    }
                }
            }

            #endregion

            #region Локальный метод - "CheckLinkWhitelistToAllDomain"
            bool CheckLinkWhitelistToAllDomain()
            {
                // Глобальный доступ для IP ко всем сайтам
                // Глобальный доступ для IP в этому сайту
                if (memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistToAllDomain(IP), out byte _) || memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistToAll(host, IP), out byte _))
                {
                    return(true);
                }

                // IP для проверки в формате /24
                string ipCache = Regex.Replace(IP, @"\.[0-9]+$", "");;

                // Глобальный доступ для IP ко всем сайтам
                // Глобальный доступ для IP в этому сайту
                if (memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistToAllDomain(ipCache), out byte _) || memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistToAll(host, ipCache), out byte _))
                {
                    return(true);
                }

                // IP нету в белом списке
                return(false);
            }

            #endregion
        }
示例#4
0
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IApplicationLifetime applicationLifetime, IMemoryCache memoryCache)
        {
            #region Системные настройки
            loggerFactory.AddConsole();

            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            #endregion

            #region Добовляем порт в белый список
            if (Platform.Get == PlatformOS.Unix)
            {
                if (string.IsNullOrWhiteSpace(new Bash().Run("iptables -L INPUT -v -n 2>/dev/null | grep 8793")))
                {
                    new Bash().Run("iptables -I INPUT -p tcp --dport 8793 -j ACCEPT");
                }
            }
            #endregion

            #region Unix Socket
            try
            {
                applicationLifetime.ApplicationStarted.Register(() =>
                {
                    if (Platform.Get == PlatformOS.Unix || Platform.Get == PlatformOS.Docker)
                    {
                        ThreadPool.QueueUserWorkItem((s) =>
                        {
                            while (true)
                            {
                                // Ждем 3 секунды
                                Thread.Sleep(1000 * 3);

                                // Меняем права доступа
                                if (File.Exists("/var/run/ispcore.sock"))
                                {
                                    new Bash().Run("chmod 666 /var/run/ispcore.sock");
                                    return;
                                }
                            }
                        });
                    }
                });
            }
            catch { }
            #endregion

            // Создаем сервис
            Service.Create(memoryCache);

            // Регистрируем триггеры
            RegisteredTriggers.Initialize();

            #region Загружаем список BlockedIP в кеш
            using (CoreDB coreDB = Service.Get <CoreDB>())
            {
                // IP который нужно удалить
                string unlockip = string.Empty;
                if (File.Exists($"{Folders.Tmp}/unlockip.root"))
                {
                    unlockip = File.ReadAllText($"{Folders.Tmp}/unlockip.root").Trim();
                }

                // Загружаем IP адреса
                foreach (var item in coreDB.BlockedsIP.AsNoTracking())
                {
                    if (item.BlockingTime > DateTime.Now && item.typeBlockIP != TypeBlockIP.UserAgent)
                    {
                        // Белый IP
                        if (item.IP.Contains(unlockip))
                        {
                            continue;
                        }

                        // Модель
                        var data = new ModelIPtables(item.Description, item.BlockingTime);
                        IPtables.AddIPv4Or6(item.IP, data, item.typeBlockIP, item.BlockedHost);
                    }
                }
            }
            #endregion

            #region Загружаем список WhitePtrIP в кеш
            using (CoreDB coreDB = Service.Get <CoreDB>())
            {
                // Загружаем IP адреса
                foreach (var item in coreDB.WhitePtrIPs.AsNoTracking())
                {
                    // Добовляем IP в кеш
                    if (item.Expires > DateTime.Now)
                    {
                        memoryCache.Set(KeyToMemoryCache.WhitePtrIP(item.IPv4Or6), (byte)0, item.Expires);
                    }
                }
            }
            #endregion

            #region Загружаем список "Разрешенные доступы" в кеш
            foreach (var item in AccessIP.List())
            {
                // IP для кеша
                string ipCache = item.IP.Replace(".*", "").Replace(":*", "");

                switch (item.accessType)
                {
                case AccessType.all:
                    memoryCache.Set(KeyToMemoryCache.CheckLinkWhitelistToAll(item.host, ipCache), (byte)1, item.Expires);
                    break;

                case AccessType.Is2FA:
                    memoryCache.Set(KeyToMemoryCache.CheckLinkWhitelistTo2FA(item.host, ipCache), (byte)1, item.Expires);
                    break;

                case AccessType.allDomain:
                    memoryCache.Set(KeyToMemoryCache.CheckLinkWhitelistToAllDomain(ipCache), (byte)1, item.Expires);
                    break;
                }
            }
            #endregion

            #region Кеш  WhiteList / IPtables
            WhiteUserList.UpdateCache();
            Engine.Security.IPtables.UpdateCacheToUserAgent();
            #endregion

            #region Статичиские файлы
            var provider = new FileExtensionContentTypeProvider();
            provider.Mappings[".jgz"] = "application/javascript";
            app.UseStaticFiles(new StaticFileOptions
            {
                ContentTypeProvider = provider
            });
            #endregion

            #region IP-адрес клиента
            app.UseForwardedHeaders(new ForwardedHeadersOptions
            {
                ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
                KnownProxies     = { IPAddress.Parse("172.17.42.1"), IPAddress.Parse("127.0.0.1") },
            });
            #endregion

            // Страницы ошибок
            app.UseMvc(routes => {
                routes.MapRoute("ErrorPage-404", "404", new { controller = "Error", action = "_404" });
            });

            // Блокировка IP
            app.UseIPtablesMiddleware();

            #region Core API
            // Доступ запрещен с порта панели 8793
            app.UseCoreMiddleware();

            // Core CheckRequest
            app.Map("/core/check/request", ap => ap.Run(context =>
            {
                if (Startup.cmd.Timeout.core == 0)
                {
                    return(Engine.core.Check.Request.Check(context));
                }

                // Состояние потока
                bool RanToCompletion = false;

                // Завершаем подключение через ** секунд
                var token = new CancellationTokenSource(1000 * Startup.cmd.Timeout.core).Token;
                token.Register(() =>
                {
                    if (!RanToCompletion)
                    {
                        context.Abort();
                    }
                });

                // Проверка запроса
                var task        = Engine.core.Check.Request.Check(context);
                RanToCompletion = task.Status == TaskStatus.RanToCompletion;

                // Успех
                return(task);
            }));

            // Core API
            app.UseMvc(routes => {
                routes.MapRoute(null, "core/unlock/2fa", new { controller = "CoreUnlock2FA", action = "Index" });
                routes.MapRoute(null, "core/check/cookie", new { controller = "CoreCheckCookie", action = "Index" });
                routes.MapRoute(null, "core/check/recaptcha", new { controller = "CoreCheckRecaptcha", action = "Base" });
                routes.MapRoute(null, "core/check/recaptcha/limitrequest", new { controller = "CoreCheckRecaptcha", action = "LimitRequest" });
            });

            // AntiBotHub
            app.UseSignalR(routes => routes.MapHub <AntiBotHub>("/core/AntiBotHub"));

            // Генерация скриптов
            app.UseMvc(routes => {
                routes.MapRoute(null, "core/gen/antibot.js", new { controller = "CoreGenToAntiBot", action = "Index" });
            });

            // Заглушка для "Core API"
            app.Map("/core", ap => ap.Run(context => context.Response.WriteAsync("404  Not Found")));
            #endregion

            #region Открытый API
            {
                // Проверка авторизации
                app.UseAuthApiMiddleware();

                #region API - List
                app.UseMvc(routes =>
                {
                    routes.MapRoute(null, "api/list/home/jurnal", new { controller = "ApiListHome", action = "Jurnal" });
                    routes.MapRoute(null, "api/list/notifications", new { controller = "ApiListNotifications", action = "Jurnal" });
                    routes.MapRoute(null, "api/list/jsondb", new { controller = "ApiListJsonDB", action = "Get" });

                    routes.MapRoute(null, "api/list/whitelist/system", new { controller = "ApiListWhitelistTo", action = "Systems" });

                    routes.MapRoute(null, "api/list/security/anti-ddos/stats/day", new { controller = "ApiListAntiDdos", action = "StatsDay" });
                    routes.MapRoute(null, "api/list/security/anti-ddos/stats/month", new { controller = "ApiListAntiDdos", action = "StatsMonth" });
                    routes.MapRoute(null, "api/list/security/anti-ddos/jurnal", new { controller = "ApiListAntiDdos", action = "Jurnal" });

                    routes.MapRoute(null, "api/list/security/iptables/blockedip", new { controller = "ApiListIptables", action = "BlockedsIP" });
                    routes.MapRoute(null, "api/list/security/av/report", new { controller = "ApiListAntiVirus", action = "Report" });

                    routes.MapRoute(null, "api/list/requests-filter/domain", new { controller = "ApiListDomain", action = "Domain" });
                    routes.MapRoute(null, "api/list/requests-filter/domains", new { controller = "ApiListDomain", action = "Domains" });
                    routes.MapRoute(null, "api/list/requests-filter/template", new { controller = "ApiListTemplate", action = "Template" });
                    routes.MapRoute(null, "api/list/requests-filter/templates", new { controller = "ApiListTemplate", action = "Templates" });
                    routes.MapRoute(null, "api/list/requests-filter/access", new { controller = "ApiListAccess", action = "Get" });

                    routes.MapRoute(null, "api/list/requests-filter/monitoring/stats/day", new { controller = "ApiListMonitoring", action = "StatsDay" });
                    routes.MapRoute(null, "api/list/requests-filter/monitoring/stats/month", new { controller = "ApiListMonitoring", action = "StatsMonth" });
                    routes.MapRoute(null, "api/list/requests-filter/monitoring/jurnal", new { controller = "ApiListMonitoring", action = "Jurnal" });

                    routes.MapRoute(null, "api/list/backup/io/task", new { controller = "ApiListBackupFiles", action = "Task" });
                    routes.MapRoute(null, "api/list/backup/io/tasks", new { controller = "ApiListBackupFiles", action = "Tasks" });
                    routes.MapRoute(null, "api/list/backup/io/operations", new { controller = "ApiListBackupFiles", action = "Operation" });

                    routes.MapRoute(null, "api/list/backup/db/task", new { controller = "ApiListBackupDatabase", action = "Task" });
                    routes.MapRoute(null, "api/list/backup/db/tasks", new { controller = "ApiListBackupDatabase", action = "Tasks" });
                    routes.MapRoute(null, "api/list/backup/db/operations", new { controller = "ApiListBackupDatabase", action = "Operation" });
                });
                #endregion

                #region API - Add
                app.UseMvc(routes =>
                {
                    routes.MapRoute(null, "api/add/whitelist", new { controller = "ApiAddWhiteList", action = "Base" });
                    routes.MapRoute(null, "api/add/security/iptables", new { controller = "ApiAddIptables", action = "Base" });

                    routes.MapRoute(null, "api/add/backup/io/task", new { controller = "ApiAddBackupFiles", action = "Task" });
                    routes.MapRoute(null, "api/add/backup/io/ignore", new { controller = "ApiAddBackupFiles", action = "Ignore" });

                    routes.MapRoute(null, "api/add/backup/db/task", new { controller = "ApiAddBackupDatabase", action = "Task" });

                    routes.MapRoute(null, "api/add/requests-filter/template", new { controller = "ApiAddTemplate", action = "Base" });
                    routes.MapRoute(null, "api/add/requests-filter/template/rule", new { controller = "ApiAddRule", action = "RuleTemplate" });

                    routes.MapRoute(null, "api/add/requests-filter/domain", new { controller = "ApiAddDomain", action = "Domain" });
                    routes.MapRoute(null, "api/add/requests-filter/aliases", new { controller = "ApiAddDomain", action = "Aliases" });
                    routes.MapRoute(null, "api/add/requests-filter/domain/rule", new { controller = "ApiAddRule", action = "RuleDomain" });
                    routes.MapRoute(null, "api/add/requests-filter/domain/template", new { controller = "ApiAddDomain", action = "TemplatesId" });
                    routes.MapRoute(null, "api/add/requests-filter/domain/ignore", new { controller = "ApiAddDomain", action = "IgnoreLogs" });
                    routes.MapRoute(null, "api/add/requests-filter/access", new { controller = "ApiAddAccess", action = "Base" });
                });
                #endregion

                #region API - Remove
                app.UseMvc(routes =>
                {
                    routes.MapRoute(null, "api/remove/whitelist/user", new { controller = "ApiRemoveWhiteList", action = "Users" });
                    routes.MapRoute(null, "api/remove/whitelist/system", new { controller = "ApiRemoveWhiteList", action = "Systems" });

                    routes.MapRoute(null, "api/remove/security/iptables", new { controller = "ApiRemoveIptables", action = "BlockedsIP" });
                    routes.MapRoute(null, "api/remove/security/antivirus", new { controller = "ApiRemoveAntivirus", action = "Base" });

                    routes.MapRoute(null, "api/remove/backup/io/task", new { controller = "ApiRemoveBackupFiles", action = "Task" });
                    routes.MapRoute(null, "api/remove/backup/io/ignore", new { controller = "ApiRemoveBackupFiles", action = "Ignore" });

                    routes.MapRoute(null, "api/remove/backup/db/task", new { controller = "ApiRemoveBackupDatabase", action = "Task" });

                    routes.MapRoute(null, "api/remove/requests-filter/rules/base", new { controller = "ApiRemoveRules", action = "Rule" });
                    routes.MapRoute(null, "api/remove/requests-filter/rules/replace", new { controller = "ApiRemoveRules", action = "RuleReplace" });
                    routes.MapRoute(null, "api/remove/requests-filter/rules/override", new { controller = "ApiRemoveRules", action = "RuleOverride" });
                    routes.MapRoute(null, "api/remove/requests-filter/rules/arg", new { controller = "ApiRemoveRules", action = "RuleArg" });
                    routes.MapRoute(null, "api/remove/requests-filter/alias", new { controller = "ApiRemoveDomain", action = "Alias" });
                    routes.MapRoute(null, "api/remove/requests-filter/domain", new { controller = "ApiRemoveDomain", action = "Base" });
                    routes.MapRoute(null, "api/remove/requests-filter/domain/template", new { controller = "ApiRemoveDomain", action = "Template" });
                    routes.MapRoute(null, "api/remove/requests-filter/domain/ignore", new { controller = "ApiRemoveDomain", action = "Ignore" });
                    routes.MapRoute(null, "api/remove/requests-filter/template", new { controller = "ApiRemoveTemplate", action = "Base" });
                    routes.MapRoute(null, "api/remove/requests-filter/access", new { controller = "ApiRemoveAccess", action = "Base" });
                });
                #endregion

                #region API - Common
                app.UseMvc(routes =>
                {
                    routes.MapRoute(null, "api/common/av/start", new { controller = "ApiCommonAV", action = "Start" });
                    routes.MapRoute(null, "api/common/av/stop", new { controller = "ApiCommonAV", action = "Stop" });

                    routes.MapRoute(null, "api/common/template/export", new { controller = "ApiCommonTemplate", action = "Export" });
                    routes.MapRoute(null, "api/common/template/import", new { controller = "ApiCommonTemplate", action = "Import" });

                    routes.MapRoute(null, "api/common/backup/io/clearing/cache", new { controller = "ApiCommonBackupFiles", action = "ClearingCache" });
                    routes.MapRoute(null, "api/common/backup/io/recovery", new { controller = "ApiCommonBackupFiles", action = "Recovery" });
                });
                #endregion

                #region API - Edit
                app.UseMvc(routes =>
                {
                    routes.MapRoute(null, "api/edit/settings/base", new { controller = "ApiEditSettingsToBase", action = "Base" });
                    routes.MapRoute(null, "api/edit/settings/cache", new { controller = "ApiEditSettingsToBase", action = "Cache" });
                    routes.MapRoute(null, "api/edit/settings/api", new { controller = "ApiEditSettingsToBase", action = "API" });
                    routes.MapRoute(null, "api/edit/settings/security", new { controller = "ApiEditSettingsToBase", action = "Security" });
                    routes.MapRoute(null, "api/edit/settings/passwd", new { controller = "ApiEditSettingsToBase", action = "Passwd" });
                    routes.MapRoute(null, "api/edit/settings/brute-force", new { controller = "ApiEditSettingsToBase", action = "BruteForce" });
                    routes.MapRoute(null, "api/edit/settings/anti-ddos", new { controller = "ApiEditSettingsToBase", action = "AntiDdos" });
                    routes.MapRoute(null, "api/edit/settings/antivirus", new { controller = "ApiEditSettingsToBase", action = "AntiVirus" });

                    routes.MapRoute(null, "api/edit/settings/service/email", new { controller = "ApiEditSettingsToService", action = "Email" });
                    routes.MapRoute(null, "api/edit/settings/service/telegram", new { controller = "ApiEditSettingsToService", action = "Telegram" });
                    routes.MapRoute(null, "api/edit/settings/service/sms", new { controller = "ApiEditSettingsToService", action = "SMS" });

                    routes.MapRoute(null, "api/edit/antibot/base", new { controller = "ApiEditAntiBot", action = "Base" });
                    routes.MapRoute(null, "api/edit/antibot/limit", new { controller = "ApiEditAntiBot", action = "Limit" });

                    routes.MapRoute(null, "api/edit/domain/base", new { controller = "ApiEditDomain", action = "Base" });
                    routes.MapRoute(null, "api/edit/domain/log", new { controller = "ApiEditDomain", action = "LogSettings" });
                    routes.MapRoute(null, "api/edit/domain/av", new { controller = "ApiEditDomain", action = "AntiVirus" });
                    routes.MapRoute(null, "api/edit/domain/antibot", new { controller = "ApiEditDomain", action = "AntiBot" });
                    routes.MapRoute(null, "api/edit/domain/limit/request", new { controller = "ApiEditDomain", action = "LimitRequest" });

                    routes.MapRoute(null, "api/edit/template", new { controller = "ApiEditTemplate", action = "Base" });

                    routes.MapRoute(null, "api/edit/backup/io/task", new { controller = "ApiEditBackupFiles", action = "Task" });
                    routes.MapRoute(null, "api/edit/backup/io/ftp", new { controller = "ApiEditBackupFiles", action = "FTP" });
                    routes.MapRoute(null, "api/edit/backup/io/webdav", new { controller = "ApiEditBackupFiles", action = "WebDav" });
                    routes.MapRoute(null, "api/edit/backup/io/onedrive", new { controller = "ApiEditBackupFiles", action = "OneDrive" });

                    routes.MapRoute(null, "api/edit/backup/db/task", new { controller = "ApiEditBackupDatabase", action = "Task" });
                    routes.MapRoute(null, "api/edit/backup/db/task/dumpconf", new { controller = "ApiEditBackupDatabase", action = "DumpConf" });
                    routes.MapRoute(null, "api/edit/backup/db/connectionconf", new { controller = "ApiEditBackupDatabase", action = "ConnectionConf" });
                });
                #endregion
            }
            #endregion

            #region Авторизация
            // Страница авторизации
            app.UseMvc(routes => {
                routes.MapRoute(null, "auth", new { controller = "AuthToBase", action = "Index" });
                routes.MapRoute(null, "auth/unlock", new { controller = "AuthToBase", action = "Unlock" });
                routes.MapRoute(null, "auth/signout", new { controller = "AuthToBase", action = "SignOut" });
            });

            // Проверка авторизации
            app.UseAuthMiddleware();

            // Страница 2FA
            app.UseMvc(routes => {
                routes.MapRoute(null, "auth/confirm", new { controller = "AuthToConfirm", action = "Index" });
                routes.MapRoute(null, "auth/confirm/unlock", new { controller = "AuthToConfirm", action = "Unlock" });
            });
            #endregion

            // Главная страница
            app.UseMvc(routes => {
                routes.MapRoute(null, "", new { controller = "Home", action = "Index" });
            });

            #region API
            // FAQ
            app.UseMvc(routes => routes.MapRoute(null, "api/faq", new { controller = "ApiFaq", action = "Index" }));

            // Заглушка для "API"
            app.Map("/api", ap => ap.Run(context => context.Response.WriteAsync("404  Not Found")));
            #endregion

            #region Настройки
            app.UseMvc(routes => {
                routes.MapRoute(null, "settings", new { controller = "SettingsToBase", action = "Index" });
                routes.MapRoute(null, "settings/save/base", new { controller = "SettingsToBase", action = "Save" });

                routes.MapRoute(null, "settings/whitelist", new { controller = "SettingsToUserWhiteList", action = "Index" });
                routes.MapRoute(null, "settings/save/whitelist", new { controller = "SettingsToUserWhiteList", action = "Save" });
                routes.MapRoute(null, "settings/remove/whitelist", new { controller = "SettingsToUserWhiteList", action = "Remove" });
                routes.MapRoute(null, "settings/whitelist/export", new { controller = "SettingsToUserWhiteList", action = "Export" });
                routes.MapRoute(null, "settings/whitelist/import", new { controller = "SettingsToUserWhiteList", action = "Import" });

                routes.MapRoute(null, "settings/whitelist/system", new { controller = "SettingsToSystemWhiteList", action = "Index" });
                routes.MapRoute(null, "settings/remove/whitelist/system", new { controller = "SettingsToSystemWhiteList", action = "Remove" });

                routes.MapRoute(null, "settings/service", new { controller = "SettingsToService", action = "Index" });
                routes.MapRoute(null, "settings/save/service", new { controller = "SettingsToService", action = "Save" });
            });
            #endregion

            #region Безопастность системы
            // Брандмауэр
            app.UseMvc(routes => {
                routes.MapRoute(null, "security/iptables", new { controller = "SecurityToIPtables", action = "Index" });
                routes.MapRoute(null, "security/iptables/remove", new { controller = "SecurityToIPtables", action = "Remove" });
                routes.MapRoute(null, "security/iptables/add", new { controller = "SecurityToIPtables", action = "Add" });
            });

            // Антивирус
            app.UseMvc(routes => {
                routes.MapRoute(null, "security/antivirus", new { controller = "SecurityToAntiVirus", action = "Index" });
                routes.MapRoute(null, "security/antivirus/save", new { controller = "SecurityToAntiVirus", action = "Save" });
                routes.MapRoute(null, "security/antivirus/remove", new { controller = "SecurityToAntiVirus", action = "Remove" });
                routes.MapRoute(null, "security/antivirus/start", new { controller = "SecurityToAntiVirus", action = "Start" });
                routes.MapRoute(null, "security/antivirus/stop", new { controller = "SecurityToAntiVirus", action = "Stop" });
            });

            // AntiDdos
            if (Platform.Get == PlatformOS.Unix)
            {
                app.UseMvc(routes =>
                {
                    routes.MapRoute(null, "security/anti-ddos", new { controller = "SecurityToAntiDdos", action = "Index" });
                    routes.MapRoute(null, "security/anti-ddos/save", new { controller = "SecurityToAntiDdos", action = "Save" });
                });
            }

            // Anti-Bot
            app.UseMvc(routes =>
            {
                routes.MapRoute(null, "security/antibot", new { controller = "SecurityToAntiBot", action = "Index" });
                routes.MapRoute(null, "security/antibot/save", new { controller = "SecurityToAntiBot", action = "Save" });
            });
            #endregion

            #region Фильтрация запросов
            // Views
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/domains", new { controller = "RequestsFilterToDomains", action = "Index" });
                routes.MapRoute(null, "requests-filter/templates", new { controller = "RequestsFilterToTemplates", action = "Index" });
                routes.MapRoute(null, "requests-filter/monitoring", new { controller = "RequestsFilterToMonitoring", action = "Index" });
            });

            // Common
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/common/remove/rule", new { controller = "RequestsFilterToCommon", action = "RemoveToRule" });
                routes.MapRoute(null, "requests-filter/common/remove/rulereplace", new { controller = "RequestsFilterToCommon", action = "RemoveToRuleReplace" });
                routes.MapRoute(null, "requests-filter/common/remove/ruleoverride", new { controller = "RequestsFilterToCommon", action = "RemoveToRuleOverride" });
                routes.MapRoute(null, "requests-filter/common/remove/rulearg", new { controller = "RequestsFilterToCommon", action = "RemoveToRuleArg" });
                routes.MapRoute(null, "requests-filter/common/remove/alias", new { controller = "RequestsFilterToCommon", action = "RemoveToAlias" });
            });

            // Шаблон
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/template", new { controller = "RequestsFilterToTemplate", action = "Index" });
                routes.MapRoute(null, "requests-filter/template/save", new { controller = "RequestsFilterToTemplate", action = "Save" });
                routes.MapRoute(null, "requests-filter/template/remove", new { controller = "RequestsFilterToTemplate", action = "Remove" });
                routes.MapRoute(null, "requests-filter/template/import", new { controller = "RequestsFilterToTemplate", action = "Import" });
                routes.MapRoute(null, "requests-filter/template/export", new { controller = "RequestsFilterToTemplate", action = "Export" });
            });

            // Разрешенные доступы
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/access", new { controller = "RequestsFilterToAccess", action = "Index" });
                routes.MapRoute(null, "requests-filter/access/open", new { controller = "RequestsFilterToAccess", action = "Open" });
                routes.MapRoute(null, "requests-filter/access/remove", new { controller = "RequestsFilterToAccess", action = "Remove" });
            });
            #endregion

            #region Фильтрация запросов - Домен
            // Домен - Главная/FAQ
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/domain/base", new { controller = "RequestsFilterToDomainBase", action = "Index" });
                routes.MapRoute(null, "requests-filter/domain/faq", new { controller = "RequestsFilterToDomainBase", action = "Faq" });
                routes.MapRoute(null, "requests-filter/domain/remove", new { controller = "RequestsFilterToDomainBase", action = "Remove" });
                routes.MapRoute(null, "requests-filter/domain/save/base", new { controller = "RequestsFilterToDomainBase", action = "Save" });
                routes.MapRoute(null, "requests-filter/domain/import", new { controller = "RequestsFilterToDomainBase", action = "Import" });
                routes.MapRoute(null, "requests-filter/domain/export", new { controller = "RequestsFilterToDomainBase", action = "Export" });
            });

            // Домен - Алиасы
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/domain/aliases", new { controller = "RequestsFilterToDomainAliases", action = "Index" });
                routes.MapRoute(null, "requests-filter/domain/save/aliases", new { controller = "RequestsFilterToDomainAliases", action = "Save" });
            });

            // Домен - Правила
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/domain/rules", new { controller = "RequestsFilterToDomainRules", action = "Index" });
                routes.MapRoute(null, "requests-filter/domain/save/rules", new { controller = "RequestsFilterToDomainRules", action = "Save" });
            });

            // Домен - Настройки журнала
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/domain/logsettings", new { controller = "RequestsFilterToDomainLogSettings", action = "Index" });
                routes.MapRoute(null, "requests-filter/domain/save/logsettings", new { controller = "RequestsFilterToDomainLogSettings", action = "Save" });
            });

            // Домен - Антивирус
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/domain/av", new { controller = "RequestsFilterToDomainAv", action = "Index" });
                routes.MapRoute(null, "requests-filter/domain/save/av", new { controller = "RequestsFilterToDomainAv", action = "Save" });
            });

            // Домен - AntiBot
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/domain/antibot", new { controller = "RequestsFilterToDomainAntiBot", action = "Index" });
                routes.MapRoute(null, "requests-filter/domain/save/antibot", new { controller = "RequestsFilterToDomainAntiBot", action = "Save" });
            });

            // Домен - Лимит запросов
            app.UseMvc(routes => {
                routes.MapRoute(null, "requests-filter/domain/limitrequest", new { controller = "RequestsFilterToDomainLimitRequest", action = "Index" });
                routes.MapRoute(null, "requests-filter/domain/save/limitrequest", new { controller = "RequestsFilterToDomainLimitRequest", action = "Save" });
            });
            #endregion

            #region SyncBackup - IO
            // Views
            app.UseMvc(routes =>
            {
                routes.MapRoute(null, "backup/io/tasks", new { controller = "SyncBackupFilesToTasks", action = "Index" });
                routes.MapRoute(null, "backup/io/operation", new { controller = "SyncBackupFilesToOperation", action = "Index" });
            });

            // Задание
            app.UseMvc(routes =>
            {
                routes.MapRoute(null, "backup/io/task", new { controller = "SyncBackupFilesToTask", action = "Index" });
                routes.MapRoute(null, "backup/io/task/remove", new { controller = "SyncBackupFilesToTask", action = "Remove" });
                routes.MapRoute(null, "backup/io/task/save", new { controller = "SyncBackupFilesToTask", action = "Save" });
                routes.MapRoute(null, "backup/io/task/clearing-cache", new { controller = "SyncBackupFilesToTask", action = "ClearingCache" });
            });

            // Улиты
            app.UseMvc(routes =>
            {
                routes.MapRoute(null, "backup/io/tools", new { controller = "SyncBackupFilesToTools", action = "Index" });
                routes.MapRoute(null, "backup/io/tools/recover", new { controller = "SyncBackupFilesToTools", action = "Recovery" });
            });

            // Получение токенов
            app.UseMvc(routes =>
            {
                routes.MapRoute(null, "backup/io/authorize/onedrive", new { controller = "SyncBackupFilesToAuthorize", action = "OneDrive" });
            });
            #endregion

            #region SyncBackup - DB
            // Views
            app.UseMvc(routes =>
            {
                routes.MapRoute(null, "backup/db/tasks", new { controller = "SyncBackupDatabaseToTasks", action = "Index" });
                routes.MapRoute(null, "backup/db/operation", new { controller = "SyncBackupDatabaseToOperation", action = "Index" });
            });

            // Задание
            app.UseMvc(routes =>
            {
                routes.MapRoute(null, "backup/db/task", new { controller = "SyncBackupDatabaseToTask", action = "Index" });
                routes.MapRoute(null, "backup/db/task/remove", new { controller = "SyncBackupDatabaseToTask", action = "Remove" });
                routes.MapRoute(null, "backup/db/task/save", new { controller = "SyncBackupDatabaseToTask", action = "Save" });
            });
            #endregion

            #region Файловый менеджер
            app.UseMvc(routes =>
            {
                routes.MapRoute(null, "file-manager", new { controller = "ToolsToFileManager", action = "Index" });
                routes.MapRoute(null, "file-manager/target/{targetfile}", new { controller = "ToolsToFileManager", action = "Target" });
                routes.MapRoute(null, "file-manager/connector", new { controller = "ToolsToFileManager", action = "Connector" });
                routes.MapRoute(null, "file-manager/thumb/{hash}", new { controller = "ToolsToFileManager", action = "Thumbs" });
            });
            #endregion

            #region Триггеры
            app.UseMvc(routes =>
            {
                routes.MapRoute(null, "triggers", new { controller = "ToolsToTriggers", action = "Index" });

                routes.MapRoute(null, "trigger", new { controller = "ToolsToTriggerSettings", action = "Index" });
                routes.MapRoute(null, "trigger/faq", new { controller = "ToolsToTriggerSettings", action = "FAQ" });
                routes.MapRoute(null, "trigger/save", new { controller = "ToolsToTriggerSettings", action = "Save" });
                routes.MapRoute(null, "trigger/remove", new { controller = "ToolsToTriggerSettings", action = "Remove" });
                routes.MapRoute(null, "trigger/export", new { controller = "ToolsToTriggerSettings", action = "Export" });
                routes.MapRoute(null, "trigger/import", new { controller = "ToolsToTriggerSettings", action = "Import" });

                routes.MapRoute(null, "trigger/nodes", new { controller = "ToolsToTriggerNodes", action = "Index" });
                routes.MapRoute(null, "trigger/nodes/save", new { controller = "ToolsToTriggerNodes", action = "Save" });
            });
            #endregion

            // Уведомления
            app.UseMvc(routes => {
                routes.MapRoute(null, "notifications", new { controller = "Notifications", action = "Index" });
            });

            // Ошибка 404
            app.Run(async(context) =>
            {
                await RewriteTo.Local(context, "404" + (context.Request.QueryString.Value.Contains("ajax=true") ? "?ajax=true" : ""));
            });
        }