svap Posted September 26, 2022 Share Posted September 26, 2022 Hi, in some occasion I need to close connection or send no reply back to client. Is there any function. I was trying aresponseInfo.close ... etc. but not workingnot found anything. Reason: when client is makeing request from disallowed area or is requesting IP adresess of server not DNS name. Thank you. Quote Link to comment Share on other sites More sharing options...
Sherzod Posted September 26, 2022 Share Posted September 26, 2022 Hello, This demo may help you: \FMSoft\Framework\uniGUI\Demos\Desktop\Session List Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 27, 2022 Share Posted September 27, 2022 12 hours ago, svap said: Hi, in some occasion I need to close connection or send no reply back to client. Is there any function. I was trying aresponseInfo.close ... etc. but not workingnot found anything. Reason: when client is makeing request from disallowed area or is requesting IP adresess of server not DNS name. Thank you. Hello maybe in this topic You can find good ideas and code: Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 27, 2022 Share Posted September 27, 2022 12 hours ago, svap said: Hi, in some occasion I need to close connection or send no reply back to client. Is there any function. I was trying aresponseInfo.close ... etc. but not workingnot found anything. Reason: when client is makeing request from disallowed area or is requesting IP adresess of server not DNS name. Thank you. But can you please explain in more detail for what purpose you will use this limit ? Quote Link to comment Share on other sites More sharing options...
svap Posted September 29, 2022 Author Share Posted September 29, 2022 HI thank all to reply, but still not found any way how do that. What purpose ? My domain for example www.test.com (ip 123.123.123.123) I have certificate for domain (*.test.com) So when user write www.test.com all is OK. But when enter IP address 123.123.123.123 I have no certificate so browser has certificate problem (I know, it's corret). But company which is dooing penetration test write incident about this. So this is my reason .. I think I have to look in Indy implementation / SSL response. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 30, 2022 Share Posted September 30, 2022 7 hours ago, svap said: But company which is dooing penetration test write incident about this. So this is my reason Hello, can You write what is exact answer from penetration testing ? I will try to write some code for that. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 30, 2022 Share Posted September 30, 2022 onServerSide You can check what is ARequestInfo.Host and block it if is Ip procedure TUniServerModule.UniGUIServerModuleHTTPCommand( ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo; var Handled: Boolean); var sDomain:String; //count how many dot's have in Request.Host function CountSubStrInString (const subtext: string; Text: string): Integer; begin Result := 0; if (Length(subtext) <> 0) or (Length(Text) <> 0) or (Pos(subtext, Text) <> 0) then Result := (Length(Text) - Length(StringReplace(Text, subtext, '', [rfReplaceAll]))) div Length (subtext); end; begin sDomain := Copy (ARequestInfo.Host,1,POS (':',ARequestInfo.Host) - 1); sDomain := StringReplace (sDomain,'https://','',[rfReplaceAll,rfIgnoreCase]); sDomain := StringReplace (sDomain,'http://','',[rfReplaceAll,rfIgnoreCase]); if (CountSubStrInString ('.',sDomain) >=3) then begin //block user and close session AResponseInfo.ContentText := '<h1>Access denied</h1>'; Handled := True; AResponseInfo.CloseConnection:=true; AResponseInfo.CloseSession; exit; end; end; this code is tested with: domain: localhost:8077 and IP 127.0.0.1:8077 and is work (close session when ip is used)! Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 30, 2022 Share Posted September 30, 2022 14 hours ago, svap said: But company which is dooing penetration test write incident about this Another solution, If you have https, you can disable http loading (which actually happens when turning IP), in my thread everything, this is shared, just read and try it Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 5, 2022 Share Posted November 5, 2022 Hello @svap, did you succeed with my code or you found another solution ? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 10, 2023 Share Posted January 10, 2023 On 9/29/2022 at 11:20 PM, svap said: HI thank all to reply, but still not found any way how do that. What purpose ? My domain for example www.test.com (ip 123.123.123.123) I have certificate for domain (*.test.com) So when user write www.test.com all is OK. But when enter IP address 123.123.123.123 I have no certificate so browser has certificate problem (I know, it's corret). But company which is dooing penetration test write incident about this. So this is my reason .. I think I have to look in Indy implementation / SSL response. Hi, can you provide some feedback on how you solved your problem Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.