rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: snoop on December 07, 2018, 11:55:57 PM

Title: ban on the run
Post by: snoop on December 07, 2018, 11:55:57 PM
hello! How can I ban IP not directly from HFS? I need to do it using my own program.
I see HFS settings are saved in ini or in registry
So I can modify them using my own tools. But HFS wont reload it in runtime. So how can I solve this problem?
Maybe somehow send a command to HFS to add a ban?
Title: Re: ban on the run
Post by: Mars on December 09, 2018, 01:36:07 AM
 Start HFS
In Menu/Limits/Bans…, enter the ip you will to be banned  example “192.168.1.10” without the quotation marks and yoy can check “Disconnect with no reply”

Apply + OK --> that's all!  ;)
Title: Re: ban on the run
Post by: LeoNeeson on December 10, 2018, 07:26:20 AM
@Snoop: Welcome to the forum. It's not totally clear how you want to "send a command to HFS to add a ban" using your own program. May I ask you what type of program you want to use?. If you add more details it would be easier to help you. If you need to issue a ban from an external connection (because you are not sitting behind the HFS server), perhaps using some HFS's macro you could do the same and much easier. Please add more details.

@Mars: If I'm not mistaken, this user wants to 'add a ban' using an external program (or from an external connection). But if he externally edits the .ini settings file, HFS won't read those configurations until HFS is restarted. He needs a 'live' way to issue a ban from an external program (and not using HFS's menu option). OR perhaps he wants to issue a ban from an external connection, and using a macro this could be more easier to achieve (it would require an admin login that executes a macro that adds to HFS the IP to be banned).
Title: Re: ban on the run
Post by: Mars on December 10, 2018, 09:02:39 AM
if it is necessary to send the addition of a ban ip remotely, it must be sended a form to an hfs script that will support the addition of the value using the macro {.set ini | .} but it is delicate from a safe point of view

you must retrieve the set using {.get ini | ban-list.}
but the data in return are in the form
192.168.1.1#banned|193.169.10.2#not allowed|255.3.45.36 # NO!|

including pipes and making the management pretty tricky because of the macros.

it is probably necessary to use these macros, but I do not know the exact effects in the handling of text strings

     'no pipe'        replace '|'  by '{:|:}'
     'no pipe'        replace '{:|:}'  by '|'

the fields must be separated and then reassembled to be fed back into the configuration, which will have to be saved automatically at the output or at regular intervals or in force by means of a macro.
everything that includes remote hfs configuration management is a risk for hacking, especially when the exchanges are not done in SSL

it must be remembered that mishandling or erroneous data may create a ban rendering hfs unreachable

I do not know if there is an equivalent in English but as we say in France, "the game is not worth the candle"
Title: Re: ban on the run
Post by: Fysack on December 15, 2018, 01:06:50 AM
hardcore *muselarm*
Title: Re: ban on the run
Post by: bmartino1 on December 16, 2018, 04:41:38 PM
I can come up with a few things for this.

Open a protected resoce vitural folder that runs the separate program (such as peer guardian or peer blocker)

One macro .exec cmd batch (closes app / pipeline write/ relaunch app)...

-------

The other is create a text box and submit field that runs a macro to ban the IP in the box

Both would take advance macro/html.programong to accomplish.

The best solution I have found is a ddwrt ssh firewall
Using ipta Les to completely remove and reject said IP coming in.
http://rejetto.com/forum/index.php?topic=11405.msg1059288#msg1059288
Title: Re: ban on the run
Post by: Fysack on December 27, 2018, 01:37:46 AM
yes yes yes. ooooo loooove. reply buton. so, what is the question?

Title: Re: ban on the run
Post by: rejetto on January 06, 2019, 12:50:48 PM
sorry for the late reply.
i can only think of one method at the moment, and it's to use the "-c" parameter to manipulate the "ban-list" entry
http://rejetto.com/wiki/index.php?title=HFS:_Command_line_parameters

this works if you have the "only 1 instance" enabled. Instead of running another hfs, all parameters will be passed to the running one.

this is just to write. Maybe it's possible to have a read/write solution, by having the settings saved to file (menu > save options > to file) that you can read when it changes.

Title: ban on the run
Post by: Warnercag on January 17, 2019, 12:28:27 PM
I say we set up a commitee to discuss this.....

But if it is kept, then make sure it's only TM3 members cars. Maybe rename it to the TorontoMazda3 sticker sightings? :
Title: Re: ban on the run
Post by: Fysack on October 12, 2019, 02:11:06 AM
impossible, we are toyota landcruiser dudes