Hi, I want to know if is possible to block ips direct with a custom script from Stingray Traffic Manager. Maybe with an action in Protection->Access Restrictions->Banned IPs?
My custom script detect a bad ip to try to hack our site, so I will need to block this ip, but I don't know how?
Help please!!!
Solved! Go to Solution.
Hi Mario,
If you need to store the information permanently, then you can't rely on the global data segment as it is discarded when the traffic manager software is restarted.
You can store the information in the resources section of the Stingray configuration. The article Slowing down busy users - driving the REST API from TrafficScript illustrates how to do this.
You could also store the information in an external database (this is much more difficult). Use a Java Extension or an event handler to push information into the database, and a Java Extension to read data from the database. There are some examples here:
It might be easier to use a database with an HTTP interface (such as Riak) to get and set the per-IP records.
Here's another example: Detecting false login attempts and blocking the attackers
Best regards
Owen
Hi Mario,
You can inspect and modify the Stingray configuration from within a TrafficScript rule. This article (Slowing down busy users - driving the REST API from TrafficScript) gives an example.
The basic principle is that you can make a REST request using http.request.get to retrieve the configuration file for a service protection policy. The config file is plain-text; you can modify it in the rule with a little care, and then store the changes using http.request.put.
This should help to solve your problem.
Alternatively, you could use a modified version of the Slowing down busy users - driving the REST API from TrafficScript article. The advantage of this solution is that it would let you implement a timeout - users don't have to be blocked forever and you don't have an ever-growing list of banned IP addresses.
Hope that this helps - best regards
Owen
Hi Owen, excuse me, is posible to use the memory segment DATA to store blocked ips? For example:
data.set($prefix.$ip, 1 );
if(data.get($prefix.$ip))
ip is blocked
else
ip not blocked and continue
Thanks
Mario
Hi Mario,
Yes - you can use the global data segment to store the list. This is simpler than the solution I described above, but it has two disadvantages:
Either will work - you can select the approach that is best for you
Best regards
Owen
Where can I store the information, because I will need this always! I can
not lost the information of the ips stored? Thanks Mario
El oct 14, 2013 3:34 PM, "Owen Garrett" <[email protected]> escribió:
**
Riverbed Splash
<https://splash.riverbed.com/?et=watches.email.thread> How can I
block ips with a custom script with Stingray Traffic Manager?
reply from Owen Garrett<https://splash.riverbed.com/people/owen?et=watches.email.thread>in
Stingray - View the full discussion<https://splash.riverbed.com/message/17000?et=watches.email.thread#17000>
Hi Mario,
If you need to store the information permanently, then you can't rely on the global data segment as it is discarded when the traffic manager software is restarted.
You can store the information in the resources section of the Stingray configuration. The article Slowing down busy users - driving the REST API from TrafficScript illustrates how to do this.
You could also store the information in an external database (this is much more difficult). Use a Java Extension or an event handler to push information into the database, and a Java Extension to read data from the database. There are some examples here:
It might be easier to use a database with an HTTP interface (such as Riak) to get and set the per-IP records.
Here's another example: Detecting false login attempts and blocking the attackers
Best regards
Owen
Hi Owen thanks for all your help!! If is possible I have other question?
For security:
When I make a redirect:
http.redirect( "http://".$host. "/mypage.php?userAgent=".$user."&ip=".$ip."&url=".$url
In browser:
http://myhost/mypage.php?userAgent=Mozilla/5.0 Firefox/24.0&ip=10.0.0.0&url=mypage
Is possible to make a redirect but maybe implement a technique for the parameters in the browser will be invisible or transparent to the user?
I don't want the user can see the values of the parameters.
Is this possible?
Thanks
Mario
Hi Mario,
If you use a redirect, then the remote user will see the parameters.
You could modify the URL, for example, to add a query string, and then forward the request on to a back-end server as normal.
regards
Owen