I've implemented a mandatory security update to be able to access this blog that enforces proper proxy server usage for all team members - for a very limited number of IP addresses only
This update introduces an access control barrier that prevents access from certain external IP addresses (which can not be overridden by the user)
Visual of the Block
When the visit IP is matched to the block list then you will see this notification and the website will be blurred, when you enter the password you may need to press F5 (refresh) for the content to load.
Mandatory Access Control
The system now enforces a hard barrier - users cannot access content without either using the designated proxy server or providing the override password. All page content becomes blurred and inaccessible until authentication requirements are met.
function createAccessWarning() {
// Create a wrapper div for existing content and blur it
const existingContent = document.body.innerHTML;
document.body.innerHTML = '';
const contentWrapper = document.createElement('div');
contentWrapper.id = 'blurred-content';
contentWrapper.innerHTML = existingContent;
contentWrapper.style.cssText = `
filter: blur(10px);
pointer-events: none;
user-select: none;
`;
}
IP-Based Detection
The script automatically detects visitor IP addresses and compares them against a list of addresses that should be using the proxy server:
async function checkVisitorIP() {
try {
const response = await fetch('https://api.ipify.org?format=json');
const data = await response.json();
const visitorIP = data.ip;
const blockedIPs = [
'<ip-address1>',
'<ip-address2>',
'31.94.66.143'
];
return blockedIPs.includes(visitorIP);
} catch (error) {
console.error('Error checking IP:', error);
return false;
}
}
Cryptographic Security
The script employs AES-256 equivalent hashing with UTF-16LE encoding, making it impossible to reverse-engineer the access credentials by examining the code:
async function hashPasswordUTF16LE(password) {
password = password.trim();
let byteArray = [];
for (let i = 0; i < password.length; i++) {
let charCode = password.charCodeAt(i);
byteArray.push(charCode & 0xFF);
byteArray.push(charCode >> 8 & 0xFF);
}
let hashBuffer = await crypto.subtle.digest("SHA-256", new Uint8Array(byteArray));
let hashArray = Array.from(new Uint8Array(hashBuffer));
return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
}
6-Hour Override System
For authorized users who need to bypass the restriction, I've implemented a 6-hour authentication period to reduce repeated password entries:
// Set 6-hour access token
localStorage.setItem('passExp', Date.now() + (6 * 60 * 60 * 1000));
// Check existing token
if (localStorage.getItem('passExp') && Date.now() < parseInt(localStorage.getItem
('passExp'))) {
return; // Allow access
}
Tamper Protection
The script includes comprehensive protection against tampering attempts:
document.addEventListener('keydown', function(e) {
if (
(e.key === 'F12') ||
(e.ctrlKey && e.shiftKey && e.key === 'I') ||
(e.ctrlKey && e.key === 'u') ||
(e.key === 'Escape') ||
(e.key === 'F11')
) {
e.preventDefault();
}
}, true);
document.addEventListener('contextmenu', function(e) {
e.preventDefault();
}, true);
System Activation
The script automatically activates when users from specified IP ranges access the system without proper proxy configuration.
This implementation ensures complete compliance with our proxy server requirements while maintaining system security and preventing unauthorized access attempts.