75 lines
2.5 KiB
Bash
75 lines
2.5 KiB
Bash
#!/bin/bash
|
|
|
|
# Usage function
|
|
display_usage() {
|
|
echo "Usage: $0 -d <domain> -i <expected_ip> [-t <timeout>]"
|
|
exit 1
|
|
}
|
|
|
|
# Parse arguments
|
|
while getopts "d:i:t:" opt; do
|
|
case ${opt} in
|
|
d) DOMAIN=${OPTARG} ;;
|
|
i) EXPECTED_IP=${OPTARG} ;;
|
|
t) TIMEOUT=${OPTARG} ;;
|
|
*) display_usage ;;
|
|
esac
|
|
done
|
|
|
|
# Validate required arguments
|
|
if [[ -z "$DOMAIN" || -z "$EXPECTED_IP" ]]; then
|
|
display_usage
|
|
fi
|
|
|
|
# Set default timeout if not provided
|
|
TIMEOUT=${TIMEOUT:-5}
|
|
|
|
# Check A record using multiple resolvers
|
|
GLOBAL_A_RECORD=$(dig +short A "$DOMAIN" @8.8.8.8 | tail -n1)
|
|
CLOUDFLARE_A_RECORD=$(dig +short A "$DOMAIN" @1.1.1.1 | tail -n1)
|
|
OPENDNS_A_RECORD=$(dig +short A "$DOMAIN" @208.67.222.222 | tail -n1)
|
|
CNAME_RECORD=$(dig +short CNAME "$DOMAIN" @1.1.1.1)
|
|
|
|
if [[ "$GLOBAL_A_RECORD" == "$EXPECTED_IP" || "$CLOUDFLARE_A_RECORD" == "$EXPECTED_IP" || "$OPENDNS_A_RECORD" == "$EXPECTED_IP" ]]; then
|
|
echo "Domain $DOMAIN is globally resolving to $EXPECTED_IP."
|
|
exit 0
|
|
fi
|
|
|
|
# Detect Cloudflare Proxy
|
|
if [[ -n "$CNAME_RECORD" ]]; then
|
|
echo "Cloudflare proxy detected! Domain is proxied via CNAME: $CNAME_RECORD"
|
|
fi
|
|
|
|
# Check for DNS challenge (Let's Encrypt)
|
|
DNS_CHALLENGE=$(dig +short TXT "_acme-challenge.$DOMAIN")
|
|
if [[ ! -z "$DNS_CHALLENGE" ]]; then
|
|
echo "DNS challenge found: $DNS_CHALLENGE. Domain might be using a proxy."
|
|
fi
|
|
|
|
# Check for HTTP challenge
|
|
ROOT_FOLDER="/var/www/webroot/ROOT"
|
|
HTTP_RESPONSE=$(curl -s --max-time $TIMEOUT "http://$DOMAIN/.well-known/acme-challenge/test" --output "$ROOT_FOLDER/http_challenge_response.txt")
|
|
if [[ ! -z "$HTTP_RESPONSE" ]]; then
|
|
echo "HTTP challenge response found: $HTTP_RESPONSE. Domain might be using a proxy."
|
|
fi
|
|
|
|
# Direct verification using forced connection
|
|
echo "Verifying domain reaches expected server via direct connection..."
|
|
HTTP_TEST=$(curl -s --max-time $TIMEOUT --connect-to "$DOMAIN:443:$EXPECTED_IP" "https://$DOMAIN" -H "Host: $DOMAIN" -k | grep -o "VALID_RESPONSE_MARKER")
|
|
|
|
if [[ "$HTTP_TEST" == "VALID_RESPONSE_MARKER" ]]; then
|
|
echo "Domain is correctly routing to expected server at $EXPECTED_IP. (Proxy bypass successful)"
|
|
exit 0
|
|
fi
|
|
|
|
# Test direct TCP connection using telnet
|
|
echo "Testing direct TCP connection to backend..."
|
|
echo -e "HEAD / HTTP/1.1\nHost: $DOMAIN\n\n" | timeout $TIMEOUT telnet "$EXPECTED_IP" 80 &>/dev/null
|
|
if [[ $? -eq 0 ]]; then
|
|
echo "Successfully connected to expected server at $EXPECTED_IP via TCP."
|
|
exit 0
|
|
fi
|
|
|
|
# Final failure message
|
|
echo "Domain does not resolve to the expected server. Cloudflare proxy might be active."
|
|
exit 0 |