{"id":28816360,"url":"https://github.com/cyberkatalog/cert-warning-list-proxy","last_synced_at":"2026-05-18T19:10:16.589Z","repository":{"id":299478408,"uuid":"989795445","full_name":"CyberKatalog/cert-warning-list-proxy","owner":"CyberKatalog","description":"A Cloudflare Worker proxy that enables file downloads through Cloudflare infrastructure instead of directly from the source server.","archived":false,"fork":false,"pushed_at":"2025-06-16T18:43:33.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-06-16T19:55:24.637Z","etag":null,"topics":["cloudflare","cloudflare-worker","cloudflare-workers","cors","cors-proxy","cybersecurity","cybersecurity-tools","domains","domains-list","proxy","proxy-scraper","proxy-server"],"latest_commit_sha":null,"homepage":"https://cyberkatalog.pl/narzedzia/lista-ostrzezen","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberKatalog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-24T20:58:03.000Z","updated_at":"2025-06-16T18:43:36.000Z","dependencies_parsed_at":"2025-06-18T04:30:35.580Z","dependency_job_id":null,"html_url":"https://github.com/CyberKatalog/cert-warning-list-proxy","commit_stats":null,"previous_names":["cyberkatalog/cert-warning-list-proxy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CyberKatalog/cert-warning-list-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberKatalog%2Fcert-warning-list-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberKatalog%2Fcert-warning-list-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberKatalog%2Fcert-warning-list-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberKatalog%2Fcert-warning-list-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberKatalog","download_url":"https://codeload.github.com/CyberKatalog/cert-warning-list-proxy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberKatalog%2Fcert-warning-list-proxy/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260595649,"owners_count":23033788,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudflare","cloudflare-worker","cloudflare-workers","cors","cors-proxy","cybersecurity","cybersecurity-tools","domains","domains-list","proxy","proxy-scraper","proxy-server"],"created_at":"2025-06-18T17:03:06.830Z","updated_at":"2026-05-18T19:10:16.583Z","avatar_url":"https://github.com/CyberKatalog.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CERT.PL Warning List Proxy - Cloudflare Worker\n\nA Cloudflare Worker that proxies the `hole.cert.pl/domains/` and `hole.cert.pl/domains/v2/` endpoints, providing reliable access to CERT Polska's phishing domain warning list through Cloudflare's distributed infrastructure.\n\n## Why this proxy exists\n\n**Problem:** `hole.cert.pl` frequently blocks GitHub IP ranges, making it impossible to consume the API in CI/CD pipelines and applications hosted on GitHub infrastructure.\n\n**Solution:** Cloudflare's globally distributed edge network is significantly harder to block en masse, making this proxy a more reliable intermediary.\n\n## Installation and Configuration\n\n### Prerequisites\n\n- Node.js `\u003e=24.0.0` (a `.nvmrc` file is included - run `nvm use` to switch automatically)\n- pnpm `\u003e=10.0.0`\n\n```bash\n# Switch to the correct Node.js version (requires nvm)\nnvm use\n\n# Install pnpm (if not already installed)\nnpm install -g pnpm\n\n# Install Wrangler CLI globally\npnpm add -g wrangler\n\n# Authenticate with Cloudflare\nwrangler login\n```\n\n### Install dependencies and deploy\n\n```bash\n# Install dependencies\npnpm install\n\n# Deploy to Cloudflare Workers\npnpm deploy\n\n# Run locally for development\npnpm dev\n\n# Stream real-time logs from the deployed worker\npnpm logs\n```\n\n### Custom domain (optional)\n\nEdit `wrangler.toml` to bind the worker to your own domain:\n\n```toml\n# Uncomment and replace with your domain\nroute = \"proxy.your-domain.com/domains/*\"\n```\n\n## Usage\n\n### URL mapping\n\nReplace `\u003cworker-name\u003e` and `\u003ccf-username\u003e` with your Cloudflare Worker name and account subdomain.\n\n| Original URL | Proxy URL |\n| ------------------------------------------------------ | --------------------------------------------------------------------------------- |\n| `https://hole.cert.pl/domains/domains.json` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/domains.json` |\n| `https://hole.cert.pl/domains/v2/domains.json` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains.json` |\n| `https://hole.cert.pl/domains/v2/domains.csv` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains.csv` |\n| `https://hole.cert.pl/domains/v2/domains.txt` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains.txt` |\n| `https://hole.cert.pl/domains/v2/domains.xml` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains.xml` |\n| `https://hole.cert.pl/domains/v2/domains_adblock.txt` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains_adblock.txt` |\n| `https://hole.cert.pl/domains/v2/domains_hosts.txt` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains_hosts.txt` |\n| `https://hole.cert.pl/domains/v2/domains_mikrotik.rsc` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains_mikrotik.rsc` |\n| `https://hole.cert.pl/domains/v2/domains_rpz.db` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains_rpz.db` |\n| `https://hole.cert.pl/domains/v2/domains_ublock.txt` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains_ublock.txt` |\n| `https://hole.cert.pl/domains/v2/actions_2026.log` | `https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/actions_2026.log` |\n\nAll `actions_YYYY.log` files (2020–2026) are available under `/domains/v2/`.\n\n### Available formats\n\n| Format | Path |\n| ---------------------------------------------- | ---------------------------------- |\n| Plain text - active domains only, one per line | `/domains/v2/domains.txt` |\n| TSV (tab-separated values) | `/domains/v2/domains.csv` |\n| JSON | `/domains/v2/domains.json` |\n| XML | `/domains/v2/domains.xml` |\n| AdBlock / uBlock Origin / AdGuard compatible | `/domains/v2/domains_adblock.txt` |\n| uBlock Origin (compact) | `/domains/v2/domains_ublock.txt` |\n| Hosts file | `/domains/v2/domains_hosts.txt` |\n| MikroTik / RouterOS `.rsc` (max 4 096 B) | `/domains/v2/domains_mikrotik.rsc` |\n| Response Policy Zones | `/domains/v2/domains_rpz.db` |\n| Legacy JSON | `/domains/domains.json` |\n\n### Postman collection\n\nThree files are included for Postman:\n\n| File | Purpose |\n| ------------------------------------- | --------------------------------------------------------- |\n| `postman_collection.json` | All requests - import once |\n| `postman_environment_local.json` | Points `base_url` to `http://localhost:8787` (`pnpm dev`) |\n| `postman_environment_production.json` | Points `base_url` to your deployed Cloudflare Worker |\n\n**Setup:**\n\n1. Import `postman_collection.json` into Postman\n2. Import both environment files\n3. Edit the **Production** environment and replace `\u003cyour-cf-username\u003e` with your Cloudflare account subdomain\n4. Switch between **Local** and **Production** using the environment dropdown in the top-right corner of Postman\n\nEvery request uses the `{{base_url}}` variable - switching the environment is all it takes to target a different deployment.\n\n### JavaScript / Fetch API\n\n```javascript\nconst response = await fetch(\n \"https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains.json\",\n);\nconst data = await response.json();\nconsole.log(data);\n```\n\n### cURL\n\n```bash\n# JSON - active domains\ncurl -H \"Accept: application/json\" \\\n https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains.json\n\n# Plain text - active domains\ncurl https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains.txt\n\n# Legacy endpoint\ncurl https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/domains.json\n```\n\n## Security features\n\n- **CORS headers** - enables access from browser-based applications\n- **Path filtering** - only `/domains/` and `/domains/v2/*` paths are handled\n- **Restricted upstream** - only ever forwards requests to `hole.cert.pl`\n- **Allowed methods** - `GET`, `HEAD`, `OPTIONS` only\n- **Header sanitization** - only safe, necessary headers are forwarded upstream\n- **Rate limiting** - provided by Cloudflare's platform\n\n## Monitoring and debugging\n\n```bash\n# Stream live logs from the deployed worker\npnpm logs\n```\n\n### Test commands\n\n```bash\n# Basic connectivity\ncurl -v https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains.json\n\n# CORS preflight\ncurl -H \"Origin: https://example.com\" \\\n -H \"Access-Control-Request-Method: GET\" \\\n -X OPTIONS \\\n https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/domains/v2/domains.json\n\n# Invalid path - should return 404\ncurl https://\u003cworker-name\u003e.\u003ccf-username\u003e.workers.dev/invalid-path\n```\n\n### Common errors\n\n| Error | Likely cause |\n| --------------------------- | --------------------------------------------------------------- |\n| `404 Not Found` | Path does not start with `/domains/` or `/domains/v2/` |\n| `500 Internal Server Error` | Inspect with `pnpm logs` |\n| CORS error in browser | Ensure you are using the proxy URL, not `hole.cert.pl` directly |\n| Rate limited | Review limits in the Cloudflare Dashboard |\n\n## Project structure\n\n```\ncert-warning-list-proxy/\n├── src/\n│ └── worker.js # Cloudflare Worker source\n├── postman_collection.json # Postman collection\n├── postman_environment_local.json # Postman environment - Local (localhost:8787)\n├── postman_environment_production.json # Postman environment - Production (workers.dev)\n├── package.json # pnpm config and scripts\n├── wrangler.toml # Cloudflare Worker config\n├── .nvmrc # Node.js version pin\n├── .gitignore\n├── LICENSE\n└── README.md\n```\n\n## License\n\nReleased under the MIT License. See [LICENSE](./LICENSE) for details.\n\n## Author\n\nCreated for [Cyber Katalog](https://cyberkatalog.pl) by [Silesian Solutions](https://silesiansolutions.com).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberkatalog%2Fcert-warning-list-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberkatalog%2Fcert-warning-list-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberkatalog%2Fcert-warning-list-proxy/lists"}