andyhill Posted November 5, 2022 Share Posted November 5, 2022 The Log File shows: ...[HandleFileRequest[107.189.3.179]]:Access denied:... Can we have an event so that we can capture intrusive RemoteIP's trying to access physical files and add them to our BlockedIPList dynamically - thanks Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 5, 2022 Share Posted November 5, 2022 3 hours ago, andyhill said: The Log File shows: ...[HandleFileRequest[107.189.3.179]]:Access denied:... Can we have an event so that we can capture intrusive RemoteIP's trying to access physical files and add them to our BlockedIPList dynamically - thanks Is this can help ? 1. I check Ip from wich country is if is not in my country i block it 2. If remoteIP try to get, send or change some file different of my temp directory, i block it 3. if RemoteIP try to execute some specific commands , then i block it more of this I explane in my topic, using UniGUIServerModuleHTTPCommand: Can you explain more about what your log file saved for this attack? 1 Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 5, 2022 Author Share Posted November 5, 2022 As far as I can tell we do not get Server notification on a "Access denied" event, I want to be notified ? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 5, 2022 Share Posted November 5, 2022 11 minutes ago, andyhill said: As far as I can tell we do not get Server notification on a "Access denied" event, I want to be notified ? OK, this is for unigui Team. I will write my method (maybe I cant understand You). any suspicious activity I add to the block IP list via UniGUIServerModuleHTTPCommand: UniServerModule.BlockedIPList : TStringLIst, because standart BlockedIPList is limited with small records. rocedure serverBlockIPAddres (sRemIP, sReason : String); begin try UniServerModule.Lock; //If is not in LISt , i add it If UniServerModule.BlockedIPList.IndexOf (sRemIP) <= 0 then begin //check if LIst is full TRY UniServerModule.BlockedIPList.Add (sRemIP); UniServerModule.BlockedIPList.SaveToFile (ExtractFilePath(UniServerModule.StartPath) + 'YourpathToFilewithBlockedIPList'); EXCEPT on E : Exception do uniMainModule.ApplicationEvents1Exception (uniApplication,e); END; end; finally UniServerModule.UnLock; end; end; after every call to serverBlockIPAddres you must reload UniServerModule.BlockedIPList I add function that send me email when new IP is added to BlockedIPList. 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 5, 2022 Share Posted November 5, 2022 Did you use protection against web scanners? Scanners are very intrusive , so I block it directly when catch some of them by IP or By UserAgent. 1 Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 6, 2022 Author Share Posted November 6, 2022 Questions: What is the maximum number one can add to the BlockedIPList ? Can we use wildcards with the BlockedIPList, eg. 114.119.136.* and 114.119.*.* etc. ? Is there any special way you Re-Load your BlockedIPList at runtime without stopping/starting the server ? I want to investigate IP's that cause "File not found" and "Access Denied" Farshad, these appear to be handled internally - I would like an event for these so I can process/investigate them at runtime. Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 6, 2022 Author Share Posted November 6, 2022 This is my Add IP to BlockedIP list which dynamically reloads in memory at runtime. Also my testing shows wildcards are not acknowledged procedure TUniServerModule.BlockIPAddress(RemoteIP: String); begin try UniServerModule.Lock; // Is It In The List if UniServerModule.BlockedIPList.IndexOf(RemoteIP) <= 0 then begin UniServerModule.BlockedIPList.BeginUpdate; // Add try UniServerModule.BlockedIPList.Add(RemoteIP); // Save For Future ReLoad if SrvQry2.Active then SrvQry2.Close; SrvQry2.Params.Clear; SrvQry2.SQL.Clear; SrvQry2.SQL.Add('INSERT INTO System (ParamID, Param1) '+ 'VALUES(:NUM, :TXT1) ;'); SrvQry2.ParamByName('NUM').AsInteger:= 1000; SrvQry2.ParamByName('TXT1').AsString:= RemoteIP; SrvQry2.ExecSQL; except on E: Exception do begin // List Is Full end; end; UniServerModule.BlockedIPList.EndUpdate; end; // New finally UniServerModule.UnLock; end; end; Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 7, 2022 Share Posted November 7, 2022 Hello, "What is the maximum number one can add to the BlockedIPList ?" BlockedIPList is limited to small amount of records, so I use my own StringLIst variable! I also add list with UserAgents of all scanners founded in web, I share this in topic of forum: "Can we use wildcards with the BlockedIPList, eg. 114.119.136.* and 114.119.*.* etc. ?" there is topic with that function: "Is there any special way you Re-Load your BlockedIPList at runtime without stopping/starting the server ?" Using my own TStringLIst variable I reload it after every execution of my procedure "blockingIP" without restart server. I want to investigate IP's that cause "File not found" and "Access Denied" - I save all this events in my own log file with different reasons: 1. try to access directory 2. try to execute some commands 3. try from Country different from my own 4. I enable antiflood 5. control size of packets 6. block if try to access via IP not by domain (security certificate is by domain not by IP) 7. block if you try to login with wrong password some times 8. block if use some mimetypes 9. block if send some HTML tags 10. block if send some POST headers 11. I use many headers to control CORS 12. perform a validation and sanitisation of input data 13. use FrameBusting 14. and some other .... all that in UniGUIServerModuleHTTPCommand this is how I use wildcard based on topic //I use settings with selected IP range, and load in when server starts UniGUIServerModuleBeforeInit if (TRIM (MySettings.Values ['LIPRange']) <> '') then begin for IPThird := 0 to 255 do begin IPThirdString := CheckStrLength(inttostr(IPThird)); for IPFourth := 0 to 255 do begin IPFourthString := CheckStrLength(inttostr(IPFourth)); IP := MySettings.Values ['LIPRange'] {'111.222.'} + IPThirdString + '.' + IPFourthString; //add if BlockedIPList.IndexOf (IP) <= 0 then BlockedIPList.Append(IP); end; end; //save into file BlockedIPList.SaveToFile ('MyPathToFile'); end; this is all summarized in my thread and I expand on it when I find a new problem or solution: If You write some solution please share in topic, thank you 1 Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 7, 2022 Author Share Posted November 7, 2022 I have no issue adding and saving Wild Card IP's. My testing showed wildcard IP's in BlockIPList are ignored ??? Admittedly I tested with 127.0.0.* (which was not blocked and treated as a non entry) so I will setup a real external test and advise. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 7, 2022 Share Posted November 7, 2022 21 minutes ago, andyhill said: I have no issue adding and saving Wild Card IP's. My testing showed wildcard IP's in BlockIPList are ignored ??? Admittedly I tested with 127.0.0.* (which was not blocked and treated as a non entry) so I will setup a real external test and advise. just adding wild card IP's in blockIPList is not working, you must add exact IP 127.0.0.1, but not 127.0.0.* for that reason I add function that when server starts get IPRange and create IPlist from that range and add it in BlockIPList. Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 7, 2022 Author Share Posted November 7, 2022 I also add IP's to the BlockIPList at runtime, as I mentioned before based on my testing, any runtime added IP with wildcards is ignored (not rejected - just skipped over). Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 8, 2022 Share Posted November 8, 2022 7 hours ago, andyhill said: I also add IP's to the BlockIPList at runtime, as I mentioned before based on my testing, any runtime added IP with wildcards is ignored (not rejected - just skipped over). In my logic if RemoteIP is in BlockedIPLIst (TStringLIst) i CloseSession. UniGUIServerModuleHTTPCommand IF BlockedIPList.Count > 0 then begin if BlockedIPList.IndexOf (ARequestInfo.RemoteIP) > -1 then begin AResponseInfo.ContentText := '<h1>Access denied</h1>'; Handled := True; AResponseInfo.CloseConnection := true; AResponseInfo.CloseSession; //Reload BlockedIPList TRY unIServerModule.Lock; If FileExists ('PathToMyFile') then begin BlockedIPList.LoadFromFile ('PathToMyFile'); end; FINALLY unIServerModule.UnLock; END; exit; end; end;//If Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 8, 2022 Share Posted November 8, 2022 can You explain with example how you add IP with wild card at runtime? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.