1
goffy
Protector and Bad Ips
  • 2017/7/23 14:38

  • goffy

  • Just can't stay away

  • Posts: 535

  • Since: 2010/12/27


Hi together

Module Protector - Protector Center:
how can I add a IP to the list of bad IPs. I want to ban all Sub-IPs from a certain IP, e.g. 216.244.66.67, 216.244.66.68, 216.244.66.69,.....
I tried
216.244.66
216.244.66.
216.244.66.*
but nothing works

2
geekwright
Re: Protector and Bad Ips

The wildcard is supposed to be ending the address with a dot, i.e. 216.244.66.

What XOOPS version are you using?

3
goffy
Re: Protector and Bad Ips
  • 2017/7/23 18:31

  • goffy

  • Just can't stay away

  • Posts: 535

  • Since: 2010/12/27


hi geekwright

XOOPS 2.5.7.2
Protector 3,52 Final

4
geekwright
Re: Protector and Bad Ips

Ending with a dot should ban everything that matches up to the dot, i.e. 216.244.66. will ban 216.244.66.1, 216.244.66.2, 216.244.66.3, etc.

I've tested that on 2.5.7 and 2.5.9, and both are working as expected here. (The code changed to support IPV6 between the two versions.)

If there was a problem reading or writing the xoops_lib/modules/protector/config/badips file, you would be able to see that in the protector center.

I'm not sure what is going on in your case, as it works here.

5
goffy
Re: Protector and Bad Ips
  • 2017/7/25 20:54

  • goffy

  • Just can't stay away

  • Posts: 535

  • Since: 2010/12/27


Hi geekwright

I don't know?

Settings in protector:
Resized Image


screenshot from access.log of my server:
Resized Image

6
geekwright
Re: Protector and Bad Ips

Actually, that looks like it is working.

Protector's bad IP works at the application level. That means Apache still gets the request, and launches the task. Protector checks the list, and when it matches, it sends out a short message like "You are registered as BAD_IP by Protector." Then it ends the task.

In the apache log, that will still be a 200 (found) with a small byte count.

In your log screen shot, all the 216.244.66.230 requests are logged as:
...HTTP/1.0" 200 289 "-"...

The 289 is the byte count of the reply, which is about right for the banned message, and much too small for a real page view.

That indicates that it is doing what it is supposed to do. To stop the transactions completely would require a firewall that stopped the requests before they reached Apache. The protector filter is just minimizing the load as best it can from inside the PHP script.

7
goffy
Re: Protector and Bad Ips
  • 2017/7/26 20:23

  • goffy

  • Just can't stay away

  • Posts: 535

  • Since: 2010/12/27


hi geekwright

ok, nice to hear.
I recongnized again, that there is a big gap in my IT knowlegde

thank you very much for detailed explanation.

Login

Who's Online

230 user(s) are online (143 user(s) are browsing Support Forums)


Members: 0


Guests: 230


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits