This is a simple script that takes a list of payment domains, finds their IP addresses, and adds them to your firewall to be blocked. That's it.
It's a straightforward way to guard your proxy against connecting to payment sites. You give it domains, it blocks the IPs.
The repo already has a list of payment domains ready to go. If you just want to block those without cloning the project, run this one-liner.
To apply the block:
curl -sSL https://raw.githubusercontent.com/ByteZeroLabs/proxy-guard/main/output/block_payment_domains.sh | sudo bashTo remove the block:
curl -sSL https://raw.githubusercontent.com/ByteZeroLabs/proxy-guard/main/output/unblock_payment_domains.sh | sudo bashThis is a basic solution, and you should know its limits:
- IPs change. The script blocks the IPs it finds right now. Big services use tons of IPs, and they change all the time. It won't catch every single one.
- SOCKS5 is a different beast. If you're running a SOCKS5 proxy, the domain lookup usually happens on the user's end, not on your server. So, this kind of server-side blocking won't work for that.
The whole point of this tool is to have something in place without setting up a full-blown SNI check, which is a much bigger project. It's a decent first line of defense.
If you want to use your own list of domains:
- Drop your domains in
data/domains.txt. Just a plain list, one per line. - Run the main script.
python3 scripts/run_all.py
- Apply the block. The script you just ran created a new script in the
output/folder. Run it with sudo.sudo ./output/block_payment_domains.sh
To undo it, just run the unblock_payment_domains.sh script that's also in the output/ folder.
This project was put together with the help of Large Language Models (LLMs). They're great for getting things done quickly, but it's always a good idea to review the code and understand what it does before running it on your systems.