NetTalk Central

Author Topic: IP Blacklist  (Read 7030 times)

RayA

  • Newbie
  • *
  • Posts: 43
    • View Profile
    • My Web Site
    • Email
IP Blacklist
« on: May 08, 2012, 10:11:30 PM »
Bruce,
What is the best way to implement a IP blacklist on the NetWebServer.  Any Ideas?

Ray Abadie
Lafayette, La.
U.S.A.

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11321
    • View Profile
Re: IP Blacklist
« Reply #1 on: May 08, 2012, 10:59:35 PM »
Hi Ray,

Ideally of course you would block the IP address "up-stream" because blocking it in the server doesn't help with DOS or DDOS attacks. On the other hand, it can be tricky to block it up-stream, so you can do it in the server as well.

Note that this is in the WebServer procedure, so if you were running in the Multi-Host, you would need to add this in the Multi-Host program.

This goes into the ThisWebServer.Process method;

  case self.Packet.PacketType
  of NET:SimpleNewConnection 
    if blacklisted(self.packet.fromip)
      self._wait()
      self.closeServerConnection(self.packet.OnSocket,self.packet.SockID)
      self._release()
    end
  End 


I would also caution that this will get called for _every_ incoming connection - ie potentially thousands and thousands of calls per day, so your Blacklisted function had pretty be _fast_. Definitely a memory-lookup, don't go reading a disk file at this point.

cheers
Bruce

kevin plummer

  • Hero Member
  • *****
  • Posts: 1195
    • View Profile
    • Production Accounting and Software Payroll
Re: IP Blacklist
« Reply #2 on: May 08, 2012, 11:18:01 PM »
Hi Bruce,

when you say "upstream" is that on the firewall?

Cheers,

Kev

RayA

  • Newbie
  • *
  • Posts: 43
    • View Profile
    • My Web Site
    • Email
Re: IP Blacklist
« Reply #3 on: May 09, 2012, 12:23:53 AM »
I am assuming that blacklisted is the list of IP's and if so what is the best way to make this list. Plait txt, Asci, Dos, or would a  in memory tps file  thats loaded on server start up work faster..

Ray ....................

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11321
    • View Profile
Re: IP Blacklist
« Reply #4 on: May 09, 2012, 02:46:40 AM »
Hi Ray,

I'd (personally) use an XML file (on disk) which is loaded into an In-Memory table on startup (a one liner with xFiles.)

That makes it easy to edit, but also fast.

cheers
Bruce

PS - Kevin - yes "upstream" would be the firefall or router - preferably not on the same machine. But this can be tricky depending on how much control you have over the infrastructure.

RayA

  • Newbie
  • *
  • Posts: 43
    • View Profile
    • My Web Site
    • Email
Re: IP Blacklist
« Reply #5 on: May 09, 2012, 02:09:54 PM »
Thanks Bruce,
I appreciate your help and your suggestions.