Posted by jacauc on April 14, 2007 at 6:09am
| Project: | Troll |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
Is it possible to block an IP address range?
I keep getting comment spam from 81.177.38.0/24 and 81.177.15.0/24
Is there an easy way to do a "blanket" block for these subnets, instead of manually adding the IPs one by one? If so, how/where?
If not... Can we reassign this as a feature request.
Thanks
jacauc
Comments
#1
Hi there!
I was missing this feature too. So I played a little with the PHP code (Troll Module for Drupal 4.6!) and it seems to work that way. Now I can simply add a shortened IP address to the ip ban table like "81.177.38" or "81.177.15". Note the IP address may not end with a dot!
The user account I'm currently using here at drupal.org isn't my own; I simply took one from bugmenot.com - hope thats okay! I've attached a patch file and you can find a diff at http://www.pastebin.ca/463277.
Regards
FrankZabbath (http://bembelbee.wordpress.com/)
#2
Doh! I swapped the original and modified versions in my diff/patch. Here is the right one.
Regards
FrankZabbath (http://bembelbee.wordpress.com/)
#3
Thanks!
Unfortunately I am not a coder, so I would not even know where to start to convert this patch to a drupal 5 compatible patch.
Would someone be so friendly as to submitting a D5.1 patch please
thanks again
jacauc
#4
I've rewritten to allow for setting an IP block as _either_ a whitelist or a blacklist.
Basically I just took the code already used to create whitelist IP blocks and generalized it to be used
for either white or blacklists.
See attached patch.
#5
I didn't use the patch, but I am adding a textarea to import IP blocks through a textarea.
#6
Automatically closed -- issue fixed for 2 weeks with no activity.
#7
Was this ever added to the release? I have the latest 5.x version and just tried to add 208.53.133 to the IP blocking, and it just gave me an error saying invalid IP. I'm trying to block an anon proxy service who's IP always changes at the last octet. Not quite clear on how to use the blacklist to manually insert one range?
also, is it possible to use troll to automatically detect and block ALL proxies?
TIA
#8
@deekayen & all: Could you confirm if the below steps are correct? If yes I'll add a new section to Troll INSTALL.txt file.
--------------------------------------------------------------------------------
Steps to block an IP address range.
admin/user/troll/ip_blacklist/importOne IP per line.
The IP's format must be
*.*.*.*/32Replace
*by a number. You must add/32at the end of each IP. Do not change this number.For example if I want to block all IP range from 204.11.52.0 to 204.11.52.255 then the list would be 256 lines long.
204.11.52.1/32
204.11.52.2/32
204.11.52.3/32
[and so on until the below last line]
204.11.52.255/32
admin/user/troll/ip_blacklist/search--------------------------------------------------------------------------------
Is there an easier way than type in 255 lines of IPs? Like Token support? Anything else?
#9
Has there been any patch for the current 6.x-1.x.dev version to allow the blocking of ip ranges yet? Like found in message #4?
#10
Not that I know of. It's currently possible but you have to manually type in all lines. For example type in all 255 lines of IPs you want to block.
Changing to category to feature request. As this would be a new feature. Or simplification of an already existing feature. Any volunteer for a patch? I would be happy to contribute testing.
#11
Find below mockup to clarify expected result. What do you think? Is it easier to use? If not any easier idea?
Notice that for this to work I removed the red stars. So no field is mandatory.
#12
That looks like it would be easier...
Quick question.. what is the difference between ip ban ad blacklist? Sounds like they are both the same function.. How do you know which one to use? Sorry if this sounds dumb, just woke up and haven't had my 2nd cup of coffee yet.
#13
IP bans are just that, a list of IPs. The blacklisting works with realtime blacklist services to work against other lists of IPs similar to how mail servers do.
#14
deekayen is correct. They both have the same end result but they go there using different ways. They both have their use though. In my case I use blacklisting to automatically blacklist IPs listed in trusted blacklist servers. Then on top of that I use IP ban to manually block users with bad behaviours.
#15
Following my mockup in comment #11. There is similar code already existing under
admin/user/troll/ip_blacklist/whitelistMaybe part of this code could be re-use for blocking IP range.#16
okay that makes more sense.. thanks for the feedback on this.. So basically, just install the blacklists, then add suspicious or problem children in the ip ban section.. got it. Now to figure out how to solve the 404 error im getting when using 404 for all pages, even when using customerror module..get lots of php error log notices when trying to use this option.. so went and using the redirect to commonerror/403 instead.
#17
just discovered.. if you want to block a range of ips, say, 67.218.116.0 through 67.218.116.255, when you enter the blacklist info, instead of /32, use /24
info located at: http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
Just thought I would share this in case it may help you.
#18
Thanks for sharing #17 greywolfsspirit :)
greywolfsspirit could you confirm if the below 3 steps are correct? If yes I'll add a new section to Troll INSTALL.txt file.
--------------------------------------------------------------------------------
Steps to block an IP address range.
admin/user/troll/ip_blacklist/importFor example if you want to block 172.16.254.0 through 172.16.254.255 then type in
172.16.254.0/24Notes:
-The IP format must be
*.*.*.*/24-Replace
*by numbers. You must add/24at the end./24is a CIDR notation. Read more at http://en.wikipedia.org/wiki/IPv4_subnetting_referenceadmin/user/troll/ip_blacklist/search--------------------------------------------------------------------------------
#19
That's exactly what I did..
Because then they make the blacklists in CIDR format, China/Korea I think it is (off top of my head), their texts show with a different /## than the 32..
So, when I looked the WIKI up and found the chart, I tried the /24 on a single ip, and it shows the range: x.x.x.0 - x.x.x.255 (if your last digit was a '0' that you entered of course.)
But, as you asked in step 2: the /24 DOES indeed do the 256 address locations.
then in step 3: you do the search, and enter any ip in that range, and it shows as blacklisted.
#20
Thanks greywolfsspirit :) I'll update the INSTALL.txt file or README.txt file something like that.
I'm leaving this issue active because solution in comment #11 is for advanced admins. This feature request is for a simplify way for blocking IP address range. That beginner admins could use. See comment #11 to clarify.
#21
I have updated the README.txt file at http://drupal.org/node/789550#comment-2926148 Thanks again greywolfsspirit.
#22
I would like the block ip modification set up like the whitelist/black list abilties though.. where we can enter a range of ip's to block.. I mean, yeah, I can always go under users/access rules and block them there.. just would have been nice to have all the routines working in the same module.
With user/access rules, we can actually enter a % key for the ip address settings.. ie: 66.249.%.% to block 66.249.0.0 - 66.249.255.255
having issues with users accessing my files section anonymously, without logging in, even though the file system is set to private, and access to the file browser is not given to anonymous users.. in the access log, I see their activity getting an http code 302 or 304.. instead of 403 or 404s.. so.. just trying to batten down the hatches a bit more.
#23
Another advantage of mockup in comment #11 is that user could block an IP address range and set an expiration date on it. To clarify see mockup in #11 the bottom section title 'Expires'. For example I found useful to set a 30 days expire date on a block to give a warning to a troublesome user. Once the block expired it gives them a chance to change their behaviour. If they choose to not change their behaviour I then set a permanent IP address block. Would be great to be able to do that with IP address range.