Re: Protector and Bad Ips [Module usage questions] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

Protector and Bad Ips

2017/7/23 14:38
goffy
Just can't stay away
Posts: 543
Since: 2010/12/27

Hi together

Module Protector - Protector Center:
how can I add a IP to the list of bad IPs. I want to ban all Sub-IPs from a certain IP, e.g. 216.244.66.67, 216.244.66.68, 216.244.66.69,.....
I tried
216.244.66
216.244.66.
216.244.66.*
but nothing works

2

Re: Protector and Bad Ips

2017/7/23 15:58
geekwright
Quite a regular
Posts: 314
Since: 2010/10/15

The wildcard is supposed to be ending the address with a dot, i.e. 216.244.66.

What XOOPS version are you using?

3

Re: Protector and Bad Ips

2017/7/23 18:31
goffy
Just can't stay away
Posts: 543
Since: 2010/12/27

hi geekwright

XOOPS 2.5.7.2
Protector 3,52 Final

4

Re: Protector and Bad Ips

2017/7/25 16:15
geekwright
Quite a regular
Posts: 314
Since: 2010/10/15

Ending with a dot should ban everything that matches up to the dot, i.e. 216.244.66. will ban 216.244.66.1, 216.244.66.2, 216.244.66.3, etc.

I've tested that on 2.5.7 and 2.5.9, and both are working as expected here. (The code changed to support IPV6 between the two versions.)

If there was a problem reading or writing the xoops_lib/modules/protector/config/badips file, you would be able to see that in the protector center.

I'm not sure what is going on in your case, as it works here.

5

Re: Protector and Bad Ips

2017/7/25 20:54
goffy
Just can't stay away
Posts: 543
Since: 2010/12/27

Hi geekwright

I don't know?

Settings in protector:
Resized Image

Resized Image

screenshot from access.log of my server:
Resized Image

Resized Image

6

Re: Protector and Bad Ips

2017/7/26 1:07
geekwright
Quite a regular
Posts: 314
Since: 2010/10/15

Actually, that looks like it is working.

Protector's bad IP works at the application level. That means Apache still gets the request, and launches the task. Protector checks the list, and when it matches, it sends out a short message like "You are registered as BAD_IP by Protector." Then it ends the task.

In the apache log, that will still be a 200 (found) with a small byte count.

In your log screen shot, all the 216.244.66.230 requests are logged as:
...HTTP/1.0" 200 289 "-"...

The 289 is the byte count of the reply, which is about right for the banned message, and much too small for a real page view.

That indicates that it is doing what it is supposed to do. To stop the transactions completely would require a firewall that stopped the requests before they reached Apache. The protector filter is just minimizing the load as best it can from inside the PHP script.

7

Re: Protector and Bad Ips

2017/7/26 20:23
goffy
Just can't stay away
Posts: 543
Since: 2010/12/27

hi geekwright

ok, nice to hear.
I recongnized again, that there is a big gap in my IT knowlegde

thank you very much for detailed explanation.

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

11/18 11:08 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/18 11:06 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/16 12:32 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 18:06 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 5:33 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 5:29 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 4:39 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 3:50 liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 3:31 Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

11/15 1:48 Mamba

Who's Online

335 user(s) are online (203 user(s) are browsing Support Forums)

Members: 0

Guests: 335

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}