Careful with iptables, you can cut yourself off of your server (or the
whole server off the net) that way real easy. Not to mention that you
can cut off hotspots or whole ISP-s/campuses that use transparent
proxies or NAT. Another reason not to do stuff this way is that on a
busy site you will accumulate a LOT of addresses over time which might
impact overall network performance. If you really want to do host-
level filtering, use apache and it's vast array of mod_authz modules,
it's really powerful and mature (not to mention cross platform).
Personally, I also think that packet level operations belong to the
firewall, not the framework. You could of course still do a malign
request check, but react to it with measures available on the http/
application level, either directly or augmenting the apache modules
mentioned above. The very notion of giving sudo iptables to apache (or
any other http daemon or it's subprocesses) make my eyes twitch, but I
guess that's just me :)
On Dec 18, 7:59 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> simple way to block attackers on Linux
>
> 1) give sudo access to user running web2py to /sbin/iptables
> 2) create a new app, let's call it "gatekeeper" with the following
> default.py controller
>
> def block():
> import os
> os.system('sudo iptables -I INPUT -s %s -j DROP' %
> request.client)
>
> 3) create a web2py routes.py file that maps suspicious URLs into the
> above action
>
> routes_in=[
> ['.*\.\..*','/gatekeeper/default/block'], # block clients
> attempting a directory traversal
> ['.*\.php','/gatekeeper/default/block'], # block clients
> looking for php scripts
> ]
>
> you can add your own filters using regular expressions.
>
> Massimo
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
