API routes

API Routes

These routes provide a secure, token-authenticated interface for interacting with blocklists, agent configurations, and unblocking systems.

All routes are protected via the TokenAuthentication middleware.

All API endpoints require a valid token passed via headers or parameters.

Method	Path	Description
POST	`/blocklist/report`	Report an IP to be blocked
POST	`/blocklist/unblock`	Request removal of an IP from blocklist
GET	`/blocklist/check`	Check if an IP is blocked
GET	`/blocklist/fetch`	Fetch all blocklisted IPs

Method	Path	Description
POST	`/whitelist/report`	Report a whitelisted IP or domain
POST	`/whitelist/remove`	Remove a record from the whitelist

Method	Path	Description
GET/POST	`/agent/config-check`	Validate agent config from server side
GET/POST	`/agent/list-files`	List tracked files for integrity checks
GET	`/blocklist/pending-unblocks`	Fetch unblock requests for review
POST	`/blocklist/unblock-confirm`	Confirm that an IP was unblocked

These routes form the backbone of external system interaction with the CFM platform, especially useful for:

These routes handle the core frontend and admin-facing interactions, including redirects, unblock forms, and feed outputs.

Method	Path	Behavior
GET	`/`	Redirects to `/admin` if logged in, otherwise to `/admin/login`

Method	Path	Description
GET	`/unblock`	Shows unblock request form
POST	`/unblock`	Submits unblock request to backend

Used by users or systems mistakenly blocked to appeal removal.

Accessible only with valid token via TokenAuthentication.

Method	Path	Description
GET	`/whitelist.txt`	IP/domain whitelist
GET	`/blacklist.txt`	IP blacklist (for CSF, etc.)
GET	`/phishlist.txt`	Phishing domain list
GET	`/domainblacklist.txt`	Domain blocklist for RBLDNSD
GET	`/domainwhitelist.txt`	Domain whitelist for RBLDNSD