xoops forums

goffy

Quite a regular
Posted on: 7/23 14:38
goffy
goffy (Show more)
Quite a regular
Posts: 297
Since: 2010/12/27
#1

Protector and Bad Ips

Hi together

Module Protector - Protector Center:
how can I add a IP to the list of bad IPs. I want to ban all Sub-IPs from a certain IP, e.g. 216.244.66.67, 216.244.66.68, 216.244.66.69,.....
I tried
216.244.66
216.244.66.
216.244.66.*
but nothing works

geekwright

Quite a regular
Posted on: 7/23 15:58
geekwright
geekwright (Show more)
Quite a regular
Posts: 226
Since: 2010/10/15
#2

Re: Protector and Bad Ips

The wildcard is supposed to be ending the address with a dot, i.e. 216.244.66.

What XOOPS version are you using?

goffy

Quite a regular
Posted on: 7/23 18:31
goffy
goffy (Show more)
Quite a regular
Posts: 297
Since: 2010/12/27
#3

Re: Protector and Bad Ips

hi geekwright

XOOPS 2.5.7.2
Protector 3,52 Final

geekwright

Quite a regular
Posted on: 7/25 16:15
geekwright
geekwright (Show more)
Quite a regular
Posts: 226
Since: 2010/10/15
#4

Re: Protector and Bad Ips

Ending with a dot should ban everything that matches up to the dot, i.e. 216.244.66. will ban 216.244.66.1, 216.244.66.2, 216.244.66.3, etc.

I've tested that on 2.5.7 and 2.5.9, and both are working as expected here. (The code changed to support IPV6 between the two versions.)

If there was a problem reading or writing the xoops_lib/modules/protector/config/badips file, you would be able to see that in the protector center.

I'm not sure what is going on in your case, as it works here.

goffy

Quite a regular
Posted on: 7/25 20:54
goffy
goffy (Show more)
Quite a regular
Posts: 297
Since: 2010/12/27
#5

Re: Protector and Bad Ips

Hi geekwright

I don't know?

Settings in protector:
Resized Image


screenshot from access.log of my server:
Resized Image

geekwright

Quite a regular
Posted on: 7/26 1:07
geekwright
geekwright (Show more)
Quite a regular
Posts: 226
Since: 2010/10/15
#6

Re: Protector and Bad Ips

Actually, that looks like it is working.

Protector's bad IP works at the application level. That means Apache still gets the request, and launches the task. Protector checks the list, and when it matches, it sends out a short message like "You are registered as BAD_IP by Protector." Then it ends the task.

In the apache log, that will still be a 200 (found) with a small byte count.

In your log screen shot, all the 216.244.66.230 requests are logged as:
...HTTP/1.0" 200 289 "-"...

The 289 is the byte count of the reply, which is about right for the banned message, and much too small for a real page view.

That indicates that it is doing what it is supposed to do. To stop the transactions completely would require a firewall that stopped the requests before they reached Apache. The protector filter is just minimizing the load as best it can from inside the PHP script.

goffy

Quite a regular
Posted on: 7/26 20:23
goffy
goffy (Show more)
Quite a regular
Posts: 297
Since: 2010/12/27
#7

Re: Protector and Bad Ips

hi geekwright

ok, nice to hear.
I recongnized again, that there is a big gap in my IT knowlegde

thank you very much for detailed explanation.