Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can I block ips with a custom script with Stingray Traffic Manager?

SOLVED
Go to solution
moviedo
Occasional Contributor
‎10-09-2013 07:43:AM
‎10-09-2013 07:43:AM

How can I block ips with a custom script with Stingray Traffic Manager?

Hi, I want to know if is possible to block ips direct with a custom script from Stingray Traffic Manager. Maybe with an action in Protection->Access Restrictions->Banned IPs?

My custom script detect a bad ip to try to hack our site, so I will need to block this ip, but I don't know how?

Help please!!!

Reply
1 ACCEPTED SOLUTION

Accepted Solutions
owen
Frequent Contributor
‎10-15-2013 01:51:AM
‎10-15-2013 01:51:AM

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Mario,

If you need to store the information permanently, then you can't rely on the global data segment as it is discarded when the traffic manager software is restarted.

You can store the information in the resources section of the Stingray configuration.  The article Slowing down busy users - driving the REST API from TrafficScript illustrates how to do this.

You could also store the information in an external database (this is much more difficult).  Use a Java Extension or an event handler to push information into the database, and a Java Extension to read data from the database.  There are some examples here:

It might be easier to use a database with an HTTP interface (such as Riak) to get and set the per-IP records.

Here's another example: Detecting false login attempts and blocking the attackers

Best regards

Owen

View solution in original post

0 Kudos
Reply
7 REPLIES 7
owen
Frequent Contributor
‎10-09-2013 07:55:AM
‎10-09-2013 07:55:AM

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Mario,

You can inspect and modify the Stingray configuration from within a TrafficScript rule.  This article (Slowing down busy users - driving the REST API from TrafficScript) gives an example.

The basic principle is that you can make a REST request using http.request.get to retrieve the configuration file for a service protection policy.  The config file is plain-text; you can modify it in the rule with a little care, and then store the changes using http.request.put.

This should help to solve your problem.

Alternatively, you could use a modified version of the Slowing down busy users - driving the REST API from TrafficScript article.  The advantage of this solution is that it would let you implement a timeout - users don't have to be blocked forever and you don't have an ever-growing list of banned IP addresses.

Hope that this helps - best regards

Owen

0 Kudos
Reply
moviedo
Occasional Contributor
‎10-14-2013 11:53:AM
‎10-14-2013 11:53:AM

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Owen, excuse me, is posible to use the memory segment DATA  to store blocked ips? For example:

  data.set($prefix.$ip, 1 );

  if(data.get($prefix.$ip))

      ip is blocked

  else

     ip not blocked and continue

Thanks

Mario

0 Kudos
Reply
owen
Frequent Contributor
‎10-14-2013 02:34:PM
‎10-14-2013 02:34:PM

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Mario,

Yes - you can use the global data segment to store the list. This is simpler than the solution I described above, but it has two disadvantages:

  • Data does not persist - it is lost when the traffic manager restarts
  • Data is not shared between traffic managers in a cluster

Either will work - you can select the approach that is best for you

Best regards

Owen

0 Kudos
Reply
moviedo
Occasional Contributor
‎10-14-2013 02:38:PM
‎10-14-2013 02:38:PM

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Where can I store the information, because I will need this always! I can

not lost the information of the ips stored? Thanks Mario

El oct 14, 2013 3:34 PM, "Owen Garrett" <[email protected]> escribió:

**

Riverbed Splash

<https://splash.riverbed.com/?et=watches.email.thread> How can I

block ips with a custom script with Stingray Traffic Manager?

reply from Owen Garrett<https://splash.riverbed.com/people/owen?et=watches.email.thread>in

Stingray - View the full discussion<https://splash.riverbed.com/message/17000?et=watches.email.thread#17000>

0 Kudos
Reply
owen
Frequent Contributor
‎10-15-2013 01:51:AM
‎10-15-2013 01:51:AM

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Mario,

If you need to store the information permanently, then you can't rely on the global data segment as it is discarded when the traffic manager software is restarted.

You can store the information in the resources section of the Stingray configuration.  The article Slowing down busy users - driving the REST API from TrafficScript illustrates how to do this.

You could also store the information in an external database (this is much more difficult).  Use a Java Extension or an event handler to push information into the database, and a Java Extension to read data from the database.  There are some examples here:

It might be easier to use a database with an HTTP interface (such as Riak) to get and set the per-IP records.

Here's another example: Detecting false login attempts and blocking the attackers

Best regards

Owen

View solution in original post

0 Kudos
Reply
moviedo
Occasional Contributor
‎10-18-2013 11:06:AM
‎10-18-2013 11:06:AM

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Owen thanks for all your help!! If is possible I have other question?

For security:

When I make a redirect:

http.redirect( "http://".$host. "/mypage.php?userAgent=".$user."&ip=".$ip."&url=".$url

In browser:

http://myhost/mypage.php?userAgent=Mozilla/5.0 Firefox/24.0&ip=10.0.0.0&url=mypage

Is possible to make a redirect but maybe implement a technique for the parameters in the browser will be invisible or transparent to the user?

I don't want the user can see the values ​​of the parameters.

Is this possible?

Thanks

Mario

0 Kudos
Reply
owen
Frequent Contributor
‎10-22-2013 01:44:AM
‎10-22-2013 01:44:AM

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Mario,

If you use a redirect, then the remote user will see the parameters.

You could modify the URL, for example, to add a query string, and then forward the request on to a back-end server as normal.

regards

Owen

0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.