The following code examples demonstrate how to use the Fraudlogix API response values to automatically block and redirect users based on their risk profile. These practical implementations show how to evaluate different API response fields (like RiskScore, Proxy, VPN, CountryCode, etc.) and take protective actions by redirecting suspicious traffic to a blocked page.
This single, configurable example covers all 6 security scenarios. Enable/disable scenarios by modifying the configuration array.
<?php
/**
* Fraudlogix API Security Implementation - All 6 Scenarios
*/
// Configuration - Enable/disable scenarios as needed
$config = [
'api_key' => 'YOUR_API_KEY_HERE',
'blocked_page' => 'https://yourdomain.com/blocked.html', // Full URL for redirect
'captcha_page' => 'https://yourdomain.com/verify.html', // Full URL for captcha challenge
'scenarios' => [
'block_high_extreme' => true, // Scenario 1: Block high/extreme risk outright
'quarantine_medium' => false, // Scenario 2: Quarantine medium risk for verification
'strict_mode' => false, // Scenario 3: Only allow low-risk + bots
'block_proxies' => true, // Scenario 4: Block proxies but permit search-engine bots
'block_anonymizers' => false, // Scenario 5: Block anonymizers or extreme cases
'geo_blocking' => true, // Scenario 6: Geo-block high-risk IPs from disallowed countries
],
'banned_countries' => ['CN', 'RU'], // Countries to block
];
// Main security check - call at top of protected pages
function fraudlogixSecurityCheck($config) {
$visitor_ip = $_SERVER['REMOTE_ADDR'];
// Get risk data from API
$risk_data = checkIPRisk($visitor_ip, $config['api_key']);
if (!$risk_data) return; // Allow if API fails
// Scenario 1: Block high and extreme risk outright
if ($config['scenarios']['block_high_extreme'] && in_array($risk_data['RiskScore'] ?? '', ['High', 'Extreme'])) {
header("Location: " . $config['blocked_page']); exit();
}
// Scenario 2: Quarantine medium risk for verification (redirect to captcha/verification page)
if ($config['scenarios']['quarantine_medium'] && $risk_data['RiskScore'] === 'Medium') {
// Instead of blocking, challenge with captcha - redirect to verification page
// You can implement captcha, 2FA, or additional verification steps here
header("Location: " . $config['captcha_page']); exit();
}
// Scenario 3: Allow only low-risk visitors and known crawlers
if ($config['scenarios']['strict_mode'] && $risk_data['RiskScore'] !== 'Low' && !$risk_data['SearchEngineBot']) {
header("Location: " . $config['blocked_page']); exit();
}
// Scenario 4: Block proxies but permit search-engine bots
if ($config['scenarios']['block_proxies'] && ($risk_data['Proxy'] || $risk_data['VPN'] || $risk_data['TOR']) && !$risk_data['SearchEngineBot']) {
header("Location: " . $config['blocked_page']); exit();
}
// Scenario 5: Block anonymizers or extreme cases
if ($config['scenarios']['block_anonymizers'] && ($risk_data['RiskScore'] === 'Extreme' || $risk_data['Proxy'] || $risk_data['VPN'] || $risk_data['TOR'])) {
header("Location: " . $config['blocked_page']); exit();
}
// Scenario 6: Geo-block high-risk IPs from disallowed countries
if ($config['scenarios']['geo_blocking'] && in_array($risk_data['CountryCode'] ?? '', $config['banned_countries'])) {
header("Location: " . $config['blocked_page']); exit();
}
}
// API call function
function checkIPRisk($ip, $api_key) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://iplist.fraudlogix.com/v5?ip=" . urlencode($ip));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["x-api-key: $api_key"]);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return ($http_code === 200) ? json_decode($response, true) : false;
}
// Usage: Include at top of any protected page
// require_once('fraudlogix_security.php');
// fraudlogixSecurityCheck($config);
?>This Flask/Django implementation covers all 6 security scenarios with configurable options.
"""
Fraudlogix API Security Implementation - All 6 Scenarios (Python)
"""
import requests
from functools import wraps
from flask import Flask, request, redirect, session
# Configuration - Enable/disable scenarios as needed
CONFIG = {
'api_key': 'YOUR_API_KEY_HERE',
'blocked_page': 'https://yourdomain.com/blocked', # Full URL for redirect
'captcha_page': 'https://yourdomain.com/verify', # Full URL for captcha challenge
'scenarios': {
'block_high_extreme': True, # Scenario 1: Block high/extreme risk outright
'quarantine_medium': False, # Scenario 2: Quarantine medium risk for verification
'strict_mode': False, # Scenario 3: Only allow low-risk + bots
'block_proxies': True, # Scenario 4: Block proxies but permit search-engine bots
'block_anonymizers': False, # Scenario 5: Block anonymizers or extreme cases
'geo_blocking': True, # Scenario 6: Geo-block high-risk IPs from disallowed countries
},
'banned_countries': ['CN', 'RU'], # Countries to block
}
app = Flask(__name__)
def fraudlogix_security_check(config=CONFIG):
"""Decorator that applies Fraudlogix security checks to any route"""
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
visitor_ip = request.remote_addr
# Get risk data from API
risk_data = check_ip_risk(visitor_ip, config['api_key'])
if not risk_data:
return f(*args, **kwargs) # Allow if API fails
# Process scenarios
# Scenario 1: Block high and extreme risk outright
if config['scenarios']['block_high_extreme'] and risk_data.get('RiskScore', '') in ['High', 'Extreme']:
return redirect(config['blocked_page'])
# Scenario 2: Quarantine medium risk for verification (redirect to captcha/verification page)
if config['scenarios']['quarantine_medium'] and risk_data.get('RiskScore', '') == 'Medium':
# Instead of blocking, challenge with captcha - redirect to verification page
# You can implement captcha, 2FA, or additional verification steps here
return redirect(config['captcha_page'])
# Scenario 3: Allow only low-risk visitors and known crawlers
if config['scenarios']['strict_mode'] and risk_data.get('RiskScore', '') != 'Low' and not risk_data.get('SearchEngineBot'):
return redirect(config['blocked_page'])
# Scenario 4: Block proxies but permit search-engine bots
if config['scenarios']['block_proxies'] and (risk_data.get('Proxy') or risk_data.get('VPN') or risk_data.get('TOR')) and not risk_data.get('SearchEngineBot'):
return redirect(config['blocked_page'])
# Scenario 5: Block anonymizers or extreme cases
if config['scenarios']['block_anonymizers'] and (risk_data.get('RiskScore', '') == 'Extreme' or risk_data.get('Proxy') or risk_data.get('VPN') or risk_data.get('TOR')):
return redirect(config['blocked_page'])
# Scenario 6: Geo-block high-risk IPs from disallowed countries
if config['scenarios']['geo_blocking'] and risk_data.get('CountryCode') in config['banned_countries']:
return redirect(config['blocked_page'])
return f(*args, **kwargs)
return decorated_function
return decorator
def check_ip_risk(ip_address, api_key):
"""Check IP risk using Fraudlogix API"""
try:
headers = {'x-api-key': api_key}
response = requests.get(
'https://iplist.fraudlogix.com/v5',
headers=headers,
params={'ip': ip_address},
timeout=5
)
return response.json() if response.status_code == 200 else None
except:
return None
# Example usage
@app.route('/')
@fraudlogix_security_check()
def home():
return "Welcome! You have passed our security checks."
@app.route('/blocked')
def blocked():
return "Access Denied", 403
# Usage: Apply @fraudlogix_security_check() decorator to any route
# Customize CONFIG dictionary to enable/disable scenariosThis Express.js implementation covers all 6 security scenarios with configurable middleware.
/**
* Fraudlogix API Security Implementation - All 6 Scenarios (Node.js/Express)
*/
const express = require('express');
const axios = require('axios');
// Configuration - Enable/disable scenarios as needed
const CONFIG = {
apiKey: 'YOUR_API_KEY_HERE',
blockedPage: 'https://yourdomain.com/blocked', // Full URL for redirect
captchaPage: 'https://yourdomain.com/verify', // Full URL for captcha challenge
scenarios: {
blockHighExtreme: true, // Scenario 1: Block high/extreme risk outright
quarantineMedium: false, // Scenario 2: Quarantine medium risk for verification
strictMode: false, // Scenario 3: Only allow low-risk + bots
blockProxies: true, // Scenario 4: Block proxies but permit search-engine bots
blockAnonymizers: false, // Scenario 5: Block anonymizers or extreme cases
geoBlocking: true, // Scenario 6: Geo-block high-risk IPs from disallowed countries
},
bannedCountries: ['CN', 'RU'], // Countries to block
};
const app = express();
// Fraudlogix security middleware
function fraudlogixSecurity(config = CONFIG) {
return async (req, res, next) => {
const visitorIP = req.ip || req.connection.remoteAddress;
try {
// Get risk data from API
const riskData = await checkIPRisk(visitorIP, config.apiKey);
if (!riskData) return next(); // Allow if API fails
// Process scenarios
// Scenario 1: Block high and extreme risk outright
if (config.scenarios.blockHighExtreme && ['High', 'Extreme'].includes(riskData.RiskScore)) {
return res.redirect(config.blockedPage);
}
// Scenario 2: Quarantine medium risk for verification (redirect to captcha/verification page)
if (config.scenarios.quarantineMedium && riskData.RiskScore === 'Medium') {
// Instead of blocking, challenge with captcha - redirect to verification page
// You can implement captcha, 2FA, or additional verification steps here
return res.redirect(config.captchaPage);
}
// Scenario 3: Allow only low-risk visitors and known crawlers
if (config.scenarios.strictMode && riskData.RiskScore !== 'Low' && !riskData.SearchEngineBot) {
return res.redirect(config.blockedPage);
}
// Scenario 4: Block proxies but permit search-engine bots
if (config.scenarios.blockProxies && (riskData.Proxy || riskData.VPN || riskData.TOR) && !riskData.SearchEngineBot) {
return res.redirect(config.blockedPage);
}
// Scenario 5: Block anonymizers or extreme cases
if (config.scenarios.blockAnonymizers && (riskData.RiskScore === 'Extreme' || riskData.Proxy || riskData.VPN || riskData.TOR)) {
return res.redirect(config.blockedPage);
}
// Scenario 6: Geo-block high-risk IPs from disallowed countries
if (config.scenarios.geoBlocking && config.bannedCountries.includes(riskData.CountryCode)) {
return res.redirect(config.blockedPage);
}
next(); // Allow access
} catch (error) {
console.error('Fraudlogix security error:', error);
next(); // Fail open - allow access on error
}
};
}
// API call function
async function checkIPRisk(ipAddress, apiKey) {
try {
const response = await axios.get('https://iplist.fraudlogix.com/v5', {
headers: { 'x-api-key': apiKey },
params: { ip: ipAddress },
timeout: 5000
});
return response.data;
} catch (error) {
return null;
}
}
// Apply security middleware to all routes
app.use(fraudlogixSecurity());
// Example routes
app.get('/', (req, res) => {
res.send('Welcome! You have passed our security checks.');
});
app.get('/blocked', (req, res) => {
res.status(403).send('Access Denied');
});
app.listen(3000, () => {
console.log('Server running on port 3000');
});
// Usage: Apply fraudlogixSecurity() middleware to protect routes
// Customize CONFIG object to enable/disable scenariosSpring Boot interceptor implementation covering all 6 security scenarios.
/**
* Fraudlogix API Security Implementation - All 6 Scenarios (Java/Spring)
*/
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.http.ResponseEntity;
import org.springframework.web.client.RestTemplate;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
// Configuration class
public class FraudlogixConfig {
public static final String API_KEY = "YOUR_API_KEY_HERE";
public static final String BLOCKED_PAGE = "https://yourdomain.com/blocked"; // Full URL for redirect
public static final String CAPTCHA_PAGE = "https://yourdomain.com/verify"; // Full URL for captcha challenge
public static final String[] BANNED_COUNTRIES = {"CN", "RU"};
public static class Scenarios {
public static final boolean BLOCK_HIGH_EXTREME = true; // Scenario 1: Block high/extreme risk outright
public static final boolean QUARANTINE_MEDIUM = false; // Scenario 2: Quarantine medium risk for verification
public static final boolean STRICT_MODE = false; // Scenario 3: Only allow low-risk + bots
public static final boolean BLOCK_PROXIES = true; // Scenario 4: Block proxies but permit search-engine bots
public static final boolean BLOCK_ANONYMIZERS = false; // Scenario 5: Block anonymizers or extreme cases
public static final boolean GEO_BLOCKING = true; // Scenario 6: Geo-block high-risk IPs from disallowed countries
}
}
// Spring interceptor
@Component
public class FraudlogixSecurityInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
String visitorIP = getClientIP(request);
try {
RiskData riskData = checkIPRisk(visitorIP);
if (riskData == null) return true; // Allow if API fails
// Process scenarios
// Scenario 1: Block high and extreme risk outright
if (FraudlogixConfig.Scenarios.BLOCK_HIGH_EXTREME && isHighOrExtremeRisk(riskData)) {
response.sendRedirect(FraudlogixConfig.BLOCKED_PAGE);
return false;
}
// Scenario 2: Quarantine medium risk for verification (redirect to captcha/verification page)
if (FraudlogixConfig.Scenarios.QUARANTINE_MEDIUM && riskData.getRiskScore().equals("Medium")) {
// Instead of blocking, challenge with captcha - redirect to verification page
// You can implement captcha, 2FA, or additional verification steps here
response.sendRedirect(FraudlogixConfig.CAPTCHA_PAGE);
return false;
}
// Scenario 3: Allow only low-risk visitors and known crawlers
if (FraudlogixConfig.Scenarios.STRICT_MODE && !riskData.getRiskScore().equals("Low") && !riskData.isSearchEngineBot()) {
response.sendRedirect(FraudlogixConfig.BLOCKED_PAGE);
return false;
}
// Scenario 4: Block proxies but permit search-engine bots
if (FraudlogixConfig.Scenarios.BLOCK_PROXIES && isProxyUser(riskData) && !riskData.isSearchEngineBot()) {
response.sendRedirect(FraudlogixConfig.BLOCKED_PAGE);
return false;
}
// Scenario 5: Block anonymizers or extreme cases
if (FraudlogixConfig.Scenarios.BLOCK_ANONYMIZERS && (riskData.getRiskScore().equals("Extreme") || isProxyUser(riskData))) {
response.sendRedirect(FraudlogixConfig.BLOCKED_PAGE);
return false;
}
// Scenario 6: Geo-block high-risk IPs from disallowed countries
if (FraudlogixConfig.Scenarios.GEO_BLOCKING && isCountryBanned(riskData.getCountryCode())) {
response.sendRedirect(FraudlogixConfig.BLOCKED_PAGE);
return false;
}
return true; // Allow access
} catch (Exception e) {
return true; // Fail open
}
}
private RiskData checkIPRisk(String ipAddress) {
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.set("x-api-key", FraudlogixConfig.API_KEY);
HttpEntity entity = new HttpEntity<>(headers);
ResponseEntity response = restTemplate.exchange(
"https://iplist.fraudlogix.com/v5?ip=" + ipAddress,
HttpMethod.GET, entity, RiskData.class);
return response.getStatusCode().is2xxSuccessful() ? response.getBody() : null;
}
private String getClientIP(HttpServletRequest request) {
return request.getRemoteAddr();
}
private boolean isCountryBanned(String countryCode) {
return Arrays.asList(FraudlogixConfig.BANNED_COUNTRIES).contains(countryCode);
}
private boolean isHighOrExtremeRisk(RiskData data) {
String risk = data.getRiskScore();
return "High".equals(risk) || "Extreme".equals(risk);
}
private boolean isProxyUser(RiskData data) {
return data.isProxy() || data.isVPN() || data.isTOR();
}
}
// Usage: Register interceptor in WebMvcConfigurer
// @Override
// public void addInterceptors(InterceptorRegistry registry) {
// registry.addInterceptor(new FraudlogixSecurityInterceptor());
// } ASP.NET Core middleware implementation covering all 6 security scenarios.
/**
* Fraudlogix API Security Implementation - All 6 Scenarios (C#/.NET)
*/
using Microsoft.AspNetCore.Http;
using System.Text.Json;
// Configuration
public static class FraudlogixConfig
{
public const string ApiKey = "YOUR_API_KEY_HERE";
public const string BlockedPage = "https://yourdomain.com/blocked"; // Full URL for redirect
public const string CaptchaPage = "https://yourdomain.com/verify"; // Full URL for captcha challenge
public static readonly string[] BannedCountries = { "CN", "RU" };
public static class Scenarios
{
public const bool BlockHighExtreme = true; // Scenario 1: Block high/extreme risk outright
public const bool QuarantineMedium = false; // Scenario 2: Quarantine medium risk for verification
public const bool StrictMode = false; // Scenario 3: Only allow low-risk + bots
public const bool BlockProxies = true; // Scenario 4: Block proxies but permit search-engine bots
public const bool BlockAnonymizers = false; // Scenario 5: Block anonymizers or extreme cases
public const bool GeoBlocking = true; // Scenario 6: Geo-block high-risk IPs from disallowed countries
}
}
// Middleware
public class FraudlogixSecurityMiddleware
{
private readonly RequestDelegate _next;
private readonly HttpClient _httpClient;
public FraudlogixSecurityMiddleware(RequestDelegate next, HttpClient httpClient)
{
_next = next;
_httpClient = httpClient;
}
public async Task InvokeAsync(HttpContext context)
{
var visitorIP = GetClientIP(context);
try
{
var riskData = await CheckIPRisk(visitorIP);
if (riskData == null)
{
await _next(context);
return;
}
// Process scenarios
// Scenario 1: Block high and extreme risk outright
if (FraudlogixConfig.Scenarios.BlockHighExtreme &&
IsHighOrExtremeRisk(riskData.RiskScore))
{
context.Response.Redirect(FraudlogixConfig.BlockedPage);
return;
}
// Scenario 2: Quarantine medium risk for verification (redirect to captcha/verification page)
if (FraudlogixConfig.Scenarios.QuarantineMedium &&
riskData.RiskScore == "Medium")
{
// Instead of blocking, challenge with captcha - redirect to verification page
// You can implement captcha, 2FA, or additional verification steps here
context.Response.Redirect(FraudlogixConfig.CaptchaPage);
return;
}
// Scenario 3: Allow only low-risk visitors and known crawlers
if (FraudlogixConfig.Scenarios.StrictMode &&
riskData.RiskScore != "Low" && !riskData.SearchEngineBot)
{
context.Response.Redirect(FraudlogixConfig.BlockedPage);
return;
}
// Scenario 4: Block proxies but permit search-engine bots
if (FraudlogixConfig.Scenarios.BlockProxies &&
IsProxyUser(riskData) && !riskData.SearchEngineBot)
{
context.Response.Redirect(FraudlogixConfig.BlockedPage);
return;
}
// Scenario 5: Block anonymizers or extreme cases
if (FraudlogixConfig.Scenarios.BlockAnonymizers &&
(riskData.RiskScore == "Extreme" || IsProxyUser(riskData)))
{
context.Response.Redirect(FraudlogixConfig.BlockedPage);
return;
}
// Scenario 6: Geo-block high-risk IPs from disallowed countries
if (FraudlogixConfig.Scenarios.GeoBlocking &&
FraudlogixConfig.BannedCountries.Contains(riskData.CountryCode))
{
context.Response.Redirect(FraudlogixConfig.BlockedPage);
return;
}
await _next(context);
}
catch
{
await _next(context); // Fail open
}
}
private async Task CheckIPRisk(string ipAddress)
{
try
{
_httpClient.DefaultRequestHeaders.Clear();
_httpClient.DefaultRequestHeaders.Add("x-api-key", FraudlogixConfig.ApiKey);
var response = await _httpClient.GetAsync($"https://iplist.fraudlogix.com/v5?ip={ipAddress}");
if (response.IsSuccessStatusCode)
{
var json = await response.Content.ReadAsStringAsync();
return JsonSerializer.Deserialize(json);
}
return null;
}
catch
{
return null;
}
}
private string GetClientIP(HttpContext context)
{
return context.Connection.RemoteIpAddress?.ToString();
}
private bool IsHighOrExtremeRisk(string riskScore)
{
return riskScore == "High" || riskScore == "Extreme";
}
private bool IsProxyUser(RiskData data)
{
return data.Proxy || data.VPN || data.TOR;
}
}
// Usage: Add to Program.cs
// app.UseMiddleware(); Go HTTP middleware implementation covering all 6 security scenarios.
/**
* Fraudlogix API Security Implementation - All 6 Scenarios (Go)
*/
package main
import (
"encoding/json"
"fmt"
"net/http"
"strings"
"time"
)
// Configuration
type Config struct {
APIKey string
BlockedPage string // Full URL for redirect
CaptchaPage string // Full URL for captcha challenge
BannedCountries []string
Scenarios ScenarioConfig
}
type ScenarioConfig struct {
BlockHighExtreme bool // Scenario 1: Block high/extreme risk outright
QuarantineMedium bool // Scenario 2: Quarantine medium risk for verification
StrictMode bool // Scenario 3: Only allow low-risk + bots
BlockProxies bool // Scenario 4: Block proxies but permit search-engine bots
BlockAnonymizers bool // Scenario 5: Block anonymizers or extreme cases
GeoBlocking bool // Scenario 6: Geo-block high-risk IPs from disallowed countries
}
var config = Config{
APIKey: "YOUR_API_KEY_HERE",
BlockedPage: "https://yourdomain.com/blocked",
CaptchaPage: "https://yourdomain.com/verify",
BannedCountries: []string{"CN", "RU"},
Scenarios: ScenarioConfig{
BlockHighExtreme: true,
QuarantineMedium: false,
StrictMode: false,
BlockProxies: true,
BlockAnonymizers: false,
GeoBlocking: true,
},
}
type RiskData struct {
IP string `json:"IP"`
RecentlySeen int `json:"RecentlySeen"`
RiskScore string `json:"RiskScore"`
MaskedDevices bool `json:"MaskedDevices"`
Proxy bool `json:"Proxy"`
TOR bool `json:"TOR"`
VPN bool `json:"VPN"`
DataCenter bool `json:"DataCenter"`
SearchEngineBot bool `json:"SearchEngineBot"`
AbnormalTraffic bool `json:"AbnormalTraffic"`
ASN string `json:"ASN"`
Organization string `json:"Organization"`
ISP string `json:"ISP"`
City string `json:"City"`
Country string `json:"Country"`
CountryCode string `json:"CountryCode"`
Region string `json:"Region"`
Timezone string `json:"Timezone"`
ConnectionType string `json:"ConnectionType"`
}
// Middleware function
func FraudlogixSecurity(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
visitorIP := getClientIP(r)
riskData, err := checkIPRisk(visitorIP)
if err != nil || riskData == nil {
next(w, r) // Allow if API fails
return
}
// Process scenarios
// Scenario 1: Block high and extreme risk outright
if config.Scenarios.BlockHighExtreme && isHighOrExtremeRisk(riskData.RiskScore) {
http.Redirect(w, r, config.BlockedPage, http.StatusFound)
return
}
// Scenario 2: Quarantine medium risk for verification (redirect to captcha/verification page)
if config.Scenarios.QuarantineMedium && riskData.RiskScore == "Medium" {
// Instead of blocking, challenge with captcha - redirect to verification page
// You can implement captcha, 2FA, or additional verification steps here
http.Redirect(w, r, config.CaptchaPage, http.StatusFound)
return
}
// Scenario 3: Allow only low-risk visitors and known crawlers
if config.Scenarios.StrictMode && riskData.RiskScore != "Low" && !riskData.SearchEngineBot {
http.Redirect(w, r, config.BlockedPage, http.StatusFound)
return
}
// Scenario 4: Block proxies but permit search-engine bots
if config.Scenarios.BlockProxies && isProxyUser(riskData) && !riskData.SearchEngineBot {
http.Redirect(w, r, config.BlockedPage, http.StatusFound)
return
}
// Scenario 5: Block anonymizers or extreme cases
if config.Scenarios.BlockAnonymizers && (riskData.RiskScore == "Extreme" || isProxyUser(riskData)) {
http.Redirect(w, r, config.BlockedPage, http.StatusFound)
return
}
// Scenario 6: Geo-block high-risk IPs from disallowed countries
if config.Scenarios.GeoBlocking && contains(config.BannedCountries, riskData.CountryCode) {
http.Redirect(w, r, config.BlockedPage, http.StatusFound)
return
}
next(w, r) // Allow access
}
}
func checkIPRisk(ipAddress string) (*RiskData, error) {
client := &http.Client{Timeout: 5 * time.Second}
req, err := http.NewRequest("GET", fmt.Sprintf("https://iplist.fraudlogix.com/v5?ip=%s", ipAddress), nil)
if err != nil {
return nil, err
}
req.Header.Set("x-api-key", config.APIKey)
resp, err := client.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
return nil, fmt.Errorf("API returned status %d", resp.StatusCode)
}
var riskData RiskData
err = json.NewDecoder(resp.Body).Decode(&riskData)
return &riskData, err
}
func getClientIP(r *http.Request) string {
return strings.Split(r.RemoteAddr, ":")[0]
}
func isHighOrExtremeRisk(riskScore string) bool {
return riskScore == "High" || riskScore == "Extreme"
}
func isProxyUser(data *RiskData) bool {
return data.Proxy || data.VPN || data.TOR
}
func contains(slice []string, item string) bool {
for _, s := range slice {
if s == item {
return true
}
}
return false
}
func main() {
http.HandleFunc("/", FraudlogixSecurity(func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Welcome! You have passed our security checks.")
}))
http.HandleFunc("/blocked", func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusForbidden)
fmt.Fprintf(w, "Access Denied")
})
fmt.Println("Server running on port 8080")
http.ListenAndServe(":8080", nil)
}
// Usage: Wrap handlers with FraudlogixSecurity() middleware
// Customize config struct to enable/disable scenariosRuby on Rails middleware implementation covering all 6 security scenarios.
# Fraudlogix API Security Implementation - All 6 Scenarios (Ruby/Rails)
require 'net/http'
require 'json'
require 'uri'
# Configuration
class FraudlogixConfig
API_KEY = 'YOUR_API_KEY_HERE'
BLOCKED_PAGE = 'https://yourdomain.com/blocked' # Full URL for redirect
CAPTCHA_PAGE = 'https://yourdomain.com/verify' # Full URL for captcha challenge
BANNED_COUNTRIES = ['CN', 'RU']
SCENARIOS = {
block_high_extreme: true, # Scenario 1: Block high/extreme risk outright
quarantine_medium: false, # Scenario 2: Quarantine medium risk for verification
strict_mode: false, # Scenario 3: Only allow low-risk + bots
block_proxies: true, # Scenario 4: Block proxies but permit search-engine bots
block_anonymizers: false, # Scenario 5: Block anonymizers or extreme cases
geo_blocking: true # Scenario 6: Geo-block high-risk IPs from disallowed countries
}
end
# Rails Middleware
class FraudlogixSecurityMiddleware
def initialize(app)
@app = app
end
def call(env)
request = Rack::Request.new(env)
visitor_ip = get_client_ip(request)
begin
risk_data = check_ip_risk(visitor_ip)
return @app.call(env) unless risk_data # Allow if API fails
# Process scenarios
# Scenario 1: Block high and extreme risk outright
if FraudlogixConfig::SCENARIOS[:block_high_extreme] &&
['High', 'Extreme'].include?(risk_data['RiskScore'])
return redirect_response(FraudlogixConfig::BLOCKED_PAGE)
end
# Scenario 2: Quarantine medium risk for verification (redirect to captcha/verification page)
if FraudlogixConfig::SCENARIOS[:quarantine_medium] &&
risk_data['RiskScore'] == 'Medium'
# Instead of blocking, challenge with captcha - redirect to verification page
# You can implement captcha, 2FA, or additional verification steps here
return redirect_response(FraudlogixConfig::CAPTCHA_PAGE)
end
# Scenario 3: Allow only low-risk visitors and known crawlers
if FraudlogixConfig::SCENARIOS[:strict_mode] &&
risk_data['RiskScore'] != 'Low' && !risk_data['SearchEngineBot']
return redirect_response(FraudlogixConfig::BLOCKED_PAGE)
end
# Scenario 4: Block proxies but permit search-engine bots
if FraudlogixConfig::SCENARIOS[:block_proxies] &&
proxy_user?(risk_data) && !risk_data['SearchEngineBot']
return redirect_response(FraudlogixConfig::BLOCKED_PAGE)
end
# Scenario 5: Block anonymizers or extreme cases
if FraudlogixConfig::SCENARIOS[:block_anonymizers] &&
(risk_data['RiskScore'] == 'Extreme' || proxy_user?(risk_data))
return redirect_response(FraudlogixConfig::BLOCKED_PAGE)
end
# Scenario 6: Geo-block high-risk IPs from disallowed countries
if FraudlogixConfig::SCENARIOS[:geo_blocking] &&
FraudlogixConfig::BANNED_COUNTRIES.include?(risk_data['CountryCode'])
return redirect_response(FraudlogixConfig::BLOCKED_PAGE)
end
@app.call(env) # Allow access
rescue => e
@app.call(env) # Fail open
end
end
private
def check_ip_risk(ip_address)
uri = URI("https://iplist.fraudlogix.com/v5?ip=#{ip_address}")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.read_timeout = 5
request = Net::HTTP::Get.new(uri)
request['x-api-key'] = FraudlogixConfig::API_KEY
response = http.request(request)
return JSON.parse(response.body) if response.code == '200'
nil
rescue
nil
end
def get_client_ip(request)
request.ip
end
def proxy_user?(risk_data)
risk_data['Proxy'] || risk_data['VPN'] || risk_data['TOR']
end
def redirect_response(url)
[302, {'Location' => url}, ['']]
end
end
# Rails Controller Concern (Alternative approach)
module FraudlogixSecurity
extend ActiveSupport::Concern
included do
before_action :check_fraudlogix_security
end
private
def check_fraudlogix_security
visitor_ip = request.remote_ip
risk_data = check_ip_risk(visitor_ip)
return unless risk_data # Allow if API fails
# Process scenarios (same logic as middleware)
# Scenario 1: Block high and extreme risk outright
if FraudlogixConfig::SCENARIOS[:block_high_extreme] &&
['High', 'Extreme'].include?(risk_data['RiskScore'])
redirect_to FraudlogixConfig::BLOCKED_PAGE and return
end
# Scenario 2: Quarantine medium risk for verification (redirect to captcha/verification page)
if FraudlogixConfig::SCENARIOS[:quarantine_medium] &&
risk_data['RiskScore'] == 'Medium'
# Instead of blocking, challenge with captcha - redirect to verification page
# You can implement captcha, 2FA, or additional verification steps here
redirect_to FraudlogixConfig::CAPTCHA_PAGE and return
end
# Additional scenarios follow same pattern...
end
def check_ip_risk(ip_address)
# Same implementation as middleware
end
end
# Usage in Rails:
#
# For middleware approach:
# config.middleware.use FraudlogixSecurityMiddleware
#
# For controller concern approach:
# class ApplicationController < ActionController::Base
# include FraudlogixSecurity
# end