irigsoft Posted January 12, 2022 Share Posted January 12, 2022 Hello, I want to block from my uniGui application all IP addresses from locations (Countries) other than my country. Is there a way integrated in unigui ? Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 12, 2022 Share Posted January 12, 2022 Hello, As you know, UniServerModule.BlockedIPList And this post may help you: Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 12, 2022 Author Share Posted January 12, 2022 2 hours ago, Sherzod said: Hello, As you know, UniServerModule.BlockedIPList And this post may help you: Thanks, but this is fine if I know the IP addresses of the attackers, but I want to allow access only to the IP addresses from the location (Country) of my server. I found some IP location detection APIs, but I think this will block the server in case of strong attacks because it will check the location of each IP. something like that: https://stackoverflow.com/questions/3489460/how-to-get-visitors-location-i-e-country-using-geolocation function getIPDetails() { var ipAddress = document.getElementById("txtIP").value; var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function () { if (this.readyState == 4 && this.status == 200) { console.log(JSON.parse(xhttp.responseText)); } }; xhttp.open("GET", "http://ip-api.io/json/" + ipAddress, true); xhttp.send(); } <input type="text" id="txtIP" placeholder="Enter the ip address" /> <button onclick="getIPDetails()">Get IP Details</button> but if is possible on server side : UniGUIServerModuleHTTPCommand Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 12, 2022 Share Posted January 12, 2022 46 minutes ago, irigsoft said: but I want to allow access only to the IP addresses from the location (Country) of my server. Here you can add logic and modify the code: Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 12, 2022 Author Share Posted January 12, 2022 11 minutes ago, Sherzod said: Here you can add logic and modify the code: Thanks, I have already integrated this. I have an application in which I want to allow access only to users from the country where the server is located. For example, only consumers from Germany. I have a procedure that blocks IP addresses when they try some suspicious activity. But I want to block all addresses that are not from my country. When an IP address tries to open a session (when connecting to the server), I want to check its Country and block it (add to Blockiplist) if it is not on my Country. Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 12, 2022 Share Posted January 12, 2022 Well, you have to store in a list a range of IP addresses of a certain country and check I think... Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 12, 2022 Author Share Posted January 12, 2022 24 minutes ago, Sherzod said: Well, you have to store in a list a range of IP addresses of a certain country and check I think... My plan is: 1. Client try to connect - send GET (or POST) command to uniGui 2. On UniGUIServerModuleHTTPCommand I get RemoteIP address 3. Check IP lookup with this API (like example) function getIPDetails() { var ipAddress = document.getElementById("txtIP").value; var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function () { if (this.readyState == 4 && this.status == 200) { console.log(JSON.parse(xhttp.responseText)); } }; xhttp.open("GET", "http://ip-api.io/json/" + ipAddress, true); xhttp.send(); } 4. If Country is different from my Country, then add this IP address to BlockedIPList. The Question1 is: Is there some integrated getIPDetails on uniGui ? The Question2 is:If there is no integrated getIPDetails in uniGui, then how to use this function on UniGUIServerModuleHTTPCommand and return Country name on some variable ? Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 12, 2022 Share Posted January 12, 2022 I will try to analyze... Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 12, 2022 Author Share Posted January 12, 2022 1 minute ago, Sherzod said: I will try to analyze... Thanks Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 12, 2022 Author Share Posted January 12, 2022 38 minutes ago, Sherzod said: I will try to analyze... I have done this so far: function getIPDetails (sRemIP: String): String; begin UniSession.AddJS (' new Promise(function(resolve, reject) {' + + ' const xhttp = new XMLHttpRequest();' + ' xhttp.onreadystatechange = function () {' + ' if (this.readyState == 4 && this.status == 200) {' + ' console.log(JSON.parse(xhttp.responseText));' + ' }' + '};' + ' xhttp.open("GET", "http://ip-api.io/json/" + ' + sRemIP + ', true);' + ' xhttp.send();' + '}' ); Result := ?????? end; usage TUniServerModule.UniGUIServerModuleHTTPCommand begin IF AnsiUpperCase (getIPDetails (ARequestInfo.RemoteIP)) <> AnsiUpperCase (MySettings ['AcceptRequestFromCountry']) then begin AResponseInfo.ContentText := '<h1>Restricted Country</h1>'; Handled := True; AResponseInfo.CloseSession; exit; end; end; I didn't try it. Quote Link to comment Share on other sites More sharing options...
Frederick Posted January 12, 2022 Share Posted January 12, 2022 6 hours ago, irigsoft said: Hello, I want to block from my uniGui application all IP addresses from locations (Countries) other than my country. Is there a way integrated in unigui ? How do you handle users who use a VPN to access the Internet? Quote Link to comment Share on other sites More sharing options...
Norm Posted January 13, 2022 Share Posted January 13, 2022 I use the following trick to achieve what you are trying to do: I extract the country from the javascript Date function and include this as part of the ajaxRequest login script. I check this in Delphi as part of the login verification and reject if the country is not what I expect. my javascript login function : function doLogin(){ let date = (new Date()).toString().toUpperCase(); countryName = date.substring(date.indexOf("(") + 1, date.lastIndexOf(")")); let loginName = $('#login_username').val(); let loginPsw = $('#login_password').val(); let remember = $('#login_remember').prop('checked'); if(remember){ rememberLogin = 'Y' } else { rememberLogin = 'N' } let params = {loginname : loginName, loginpsw : loginPsw, loginremember : rememberLogin, country : countryName}; params= JSON.stringify(params); top.ajaxRequest(top.frmLogin.htmlFrame, 'login',['json_param='+ params]) } Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 13, 2022 Author Share Posted January 13, 2022 6 hours ago, Frederick said: How do you handle users who use a VPN to access the Internet? Good question, but if it uses a VPN, it means that this user has default connectivity rights. (VPN connection to the server is activated) Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 13, 2022 Author Share Posted January 13, 2022 5 hours ago, Norm said: I use the following trick to achieve what you are trying to do: I extract the country from the javascript Date function and include this as part of the ajaxRequest login script. I check this in Delphi as part of the login verification and reject if the country is not what I expect. my javascript login function : function doLogin(){ let date = (new Date()).toString().toUpperCase(); countryName = date.substring(date.indexOf("(") + 1, date.lastIndexOf(")")); let loginName = $('#login_username').val(); let loginPsw = $('#login_password').val(); let remember = $('#login_remember').prop('checked'); if(remember){ rememberLogin = 'Y' } else { rememberLogin = 'N' } let params = {loginname : loginName, loginpsw : loginPsw, loginremember : rememberLogin, country : countryName}; params= JSON.stringify(params); top.ajaxRequest(top.frmLogin.htmlFrame, 'login',['json_param='+ params]) } Thanks, this is a good way to get a "state" by date, but what if the user's regional settings are wrong? my goal is to protect myself from attacks from foreign countries, so it is assumed that they will try to circumvent the proper login Quote Link to comment Share on other sites More sharing options...
Norm Posted January 13, 2022 Share Posted January 13, 2022 You can avoid regional setting hack by using the free ip lookup service (ipapi.co). In my example above replace the country from date function with: $.get('https://ipapi.co/json/', function(data) { countryName = data.country_name; }) You obviously need to use a promise to retrieve the value. I am aware that you are wanting to completely block connections outside your country. In my case I simply want to disallow logins from foreign countries. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 13, 2022 Author Share Posted January 13, 2022 12 minutes ago, Norm said: You can avoid regional setting hack by using the free ip lookup service (ipapi.co). In my example above replace the country from date function with: $.get('https://ipapi.co/json/', function(data) { countryName = data.country_name; }) You obviously need to use a promise to retrieve the value. I am aware that you are wanting to completely block connections outside your country. In my case I simply want to disallow logins from foreign countries. Thank You. How to get country_name in global variable on uniMainmodule ? Quote Link to comment Share on other sites More sharing options...
Frederick Posted January 13, 2022 Share Posted January 13, 2022 1 hour ago, irigsoft said: Good question, but if it uses a VPN, it means that this user has default connectivity rights. (VPN connection to the server is activated) Let's say that I am from ABC country and you are located in XYZ country. Using a VPN, I can set it such that I am from XYZ country. How do you block me since my IP address would show that I am from your home country? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 13, 2022 Author Share Posted January 13, 2022 2 minutes ago, Frederick said: Let's say that I am from ABC country and you are located in XYZ country. Using a VPN, I can set it such that I am from XYZ country. How do you block me since my IP address would show that I am from your home country? OK, how You will connect to my VPN server, without knowing user and password ? I think if you know the VPN user and password for the VPN server, then you have every right to connect. Quote Link to comment Share on other sites More sharing options...
Frederick Posted January 13, 2022 Share Posted January 13, 2022 Just now, irigsoft said: OK, how You will connect to my VPN server ? You have a VPN server that users must connect to? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 13, 2022 Author Share Posted January 13, 2022 Just now, Frederick said: You have a VPN server that users must connect to? At this moment no. Quote Link to comment Share on other sites More sharing options...
Norm Posted January 13, 2022 Share Posted January 13, 2022 As far as I know there is no way of circumventing VPN use. I would be very interested to know if I'm wrong. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 13, 2022 Author Share Posted January 13, 2022 1 minute ago, Norm said: As far as I know there is no way of circumventing VPN use. I would be very interested to know if I'm wrong. If this question was to me. I dont use VPN, i have StandAloneApplication, and I see in my log files some trys to hack from different IP's from different countries. This makes me look for ways to block access to the server from certain destinations (Countries) Quote Link to comment Share on other sites More sharing options...
Norm Posted January 13, 2022 Share Posted January 13, 2022 I was responding to Frederick's question regarding VPN hacks. He is making a valid point that hackers can break through your IP lookup solution by connecting to your server using their own VPNs to pretend they are in your country. The only way to avoid VPN hacks is to gradually build up a list of allowed IP's. Quote Link to comment Share on other sites More sharing options...
Frederick Posted January 13, 2022 Share Posted January 13, 2022 18 minutes ago, Norm said: As far as I know there is no way of circumventing VPN use. I would be very interested to know if I'm wrong. I feel that it would not be possible to block a user from a different country once they use a VPN because you are trying to block them by their IP address, which can be spoofed. Quote Link to comment Share on other sites More sharing options...
Frederick Posted January 13, 2022 Share Posted January 13, 2022 15 minutes ago, Norm said: The only way to avoid VPN hacks is to gradually build up a list of allowed IP's. Even this would be difficult because it is possible that the user has a dynamic IP address. Imagine your workload to build up an unending list. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.