IP Blacklist

[RayA]

Bruce,
What is the best way to implement a IP blacklist on the NetWebServer.  Any Ideas?

Ray Abadie
Lafayette, La.
U.S.A.

[Bruce]

Hi Ray,

Ideally of course you would block the IP address "up-stream" because blocking it in the server doesn't help with DOS or DDOS attacks. On the other hand, it can be tricky to block it up-stream, so you can do it in the server as well.

Note that this is in the WebServer procedure, so if you were running in the Multi-Host, you would need to add this in the Multi-Host program.

This goes into the ThisWebServer.Process method;

  case self.Packet.PacketType
  of NET:SimpleNewConnection 
    if blacklisted(self.packet.fromip)
      self._wait()
      self.closeServerConnection(self.packet.OnSocket,self.packet.SockID)
      self._release()
    end
  End 


I would also caution that this will get called for _every_ incoming connection - ie potentially thousands and thousands of calls per day, so your Blacklisted function had pretty be _fast_. Definitely a memory-lookup, don't go reading a disk file at this point.

cheers
Bruce

[kevin plummer]

Hi Bruce,

when you say "upstream" is that on the firewall?

Cheers,

Kev

[RayA]

I am assuming that blacklisted is the list of IP's and if so what is the best way to make this list. Plait txt, Asci, Dos, or would a  in memory tps file  thats loaded on server start up work faster..

Ray ....................

[Bruce]

Hi Ray,

I'd (personally) use an XML file (on disk) which is loaded into an In-Memory table on startup (a one liner with xFiles.)

That makes it easy to edit, but also fast.

cheers
Bruce

PS - Kevin - yes "upstream" would be the firefall or router - preferably not on the same machine. But this can be tricky depending on how much control you have over the infrastructure.

[RayA]

Thanks Bruce,
I appreciate your help and your suggestions.