Solved: How can I block ips with a custom script with Stin...

moviedo · ‎10-09-2013

Hi, I want to know if is possible to block ips direct with a custom script from Stingray Traffic Manager. Maybe with an action in Protection->Access Restrictions->Banned IPs?

My custom script detect a bad ip to try to hack our site, so I will need to block this ip, but I don't know how?

Help please!!!

owen · ‎10-15-2013

Hi Mario,

If you need to store the information permanently, then you can't rely on the global data segment as it is discarded when the traffic manager software is restarted.

You can store the information in the resources section of the Stingray configuration. The article Slowing down busy users - driving the REST API from TrafficScript illustrates how to do this.

You could also store the information in an external database (this is much more difficult). Use a Java Extension or an event handler to push information into the database, and a Java Extension to read data from the database. There are some examples here:

Being Lazy with Java Extensions - writing to a MySQL database
Authenticating users with Active Directory and Stingray Java Extensions - reading from LDAP

It might be easier to use a database with an HTTP interface (such as Riak) to get and set the per-IP records.

Here's another example: Detecting false login attempts and blocking the attackers

Best regards

Owen

View solution in original post

owen · ‎10-09-2013

Hi Mario,

You can inspect and modify the Stingray configuration from within a TrafficScript rule. This article (Slowing down busy users - driving the REST API from TrafficScript) gives an example.

The basic principle is that you can make a REST request using http.request.get to retrieve the configuration file for a service protection policy. The config file is plain-text; you can modify it in the rule with a little care, and then store the changes using http.request.put.

This should help to solve your problem.

Alternatively, you could use a modified version of the Slowing down busy users - driving the REST API from TrafficScript article. The advantage of this solution is that it would let you implement a timeout - users don't have to be blocked forever and you don't have an ever-growing list of banned IP addresses.

Hope that this helps - best regards

Owen

moviedo · ‎10-14-2013

Hi Owen, excuse me, is posible to use the memory segment DATA to store blocked ips? For example:

data.set($prefix.$ip, 1 );

if(data.get($prefix.$ip))

ip is blocked

else

ip not blocked and continue

Thanks

Mario

owen · ‎10-14-2013

Hi Mario,

Yes - you can use the global data segment to store the list. This is simpler than the solution I described above, but it has two disadvantages:

Data does not persist - it is lost when the traffic manager restarts
Data is not shared between traffic managers in a cluster

Either will work - you can select the approach that is best for you

Best regards

Owen

moviedo · ‎10-14-2013

Where can I store the information, because I will need this always! I can

not lost the information of the ips stored? Thanks Mario

El oct 14, 2013 3:34 PM, "Owen Garrett" <[email protected]> escribió:

**
Riverbed Splash
<https://splash.riverbed.com/?et=watches.email.thread> How can I
block ips with a custom script with Stingray Traffic Manager?
reply from Owen Garrett<https://splash.riverbed.com/people/owen?et=watches.email.thread>in
Stingray - View the full discussion<https://splash.riverbed.com/message/17000?et=watches.email.thread#17000>

owen · ‎10-15-2013

Hi Mario,

If you need to store the information permanently, then you can't rely on the global data segment as it is discarded when the traffic manager software is restarted.

You can store the information in the resources section of the Stingray configuration. The article Slowing down busy users - driving the REST API from TrafficScript illustrates how to do this.

You could also store the information in an external database (this is much more difficult). Use a Java Extension or an event handler to push information into the database, and a Java Extension to read data from the database. There are some examples here:

Being Lazy with Java Extensions - writing to a MySQL database
Authenticating users with Active Directory and Stingray Java Extensions - reading from LDAP

It might be easier to use a database with an HTTP interface (such as Riak) to get and set the per-IP records.

Here's another example: Detecting false login attempts and blocking the attackers

Best regards

Owen

moviedo · ‎10-18-2013

Hi Owen thanks for all your help!! If is possible I have other question?

For security:

When I make a redirect:

http.redirect( "http://".$host. "/mypage.php?userAgent=".$user."&ip=".$ip."&url=".$url

In browser:

http://myhost/mypage.php?userAgent=Mozilla/5.0 Firefox/24.0&ip=10.0.0.0&url=mypage

Is possible to make a redirect but maybe implement a technique for the parameters in the browser will be invisible or transparent to the user?

I don't want the user can see the values of the parameters.

Is this possible?

Thanks

Mario

owen · ‎10-22-2013

Hi Mario,

If you use a redirect, then the remote user will see the parameters.

You could modify the URL, for example, to add a query string, and then forward the request on to a back-end server as normal.

regards

Owen

How can I block ips with a custom script with Stingray Traffic Manager?

How can I block ips with a custom script with Stingray Traffic Manager?

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Re: How can I block ips with a custom script with Stingray Traffic Manager?