rejetto forum

blocking ip-addresses by country

ALEX · 28 · 22488

0 Members and 1 Guest are viewing this topic.

Offline ALEX

  • Occasional poster
  • *
    • Posts: 15
    • View Profile
Still, attacks will slow down the performance of the system....

I would like to ask if you know a program or a method that blocks external ip addresses?


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 859
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
Still, attacks will slow down the performance of the system....

I would like to ask if you know a program or a method that blocks external ip addresses?
There is nothing I know, besides PeerBlock, to block incoming connections at country level (at least, as 'easy to use' like that program). Another option is installing a firewall, like TinyWall (which is a free and lightweight firewall for Windows), but you can NOT install it when you are using a VPS, since you will end up blocking your own access to your VPS (I repeat: do not install it over a remote connection, as they state on their FAQ), so, forget that option. Most of the time, a firewall cannot stop a DDoS Attack but mitigate the effects, since usually a DDoS attack will flood your network connection or exhaust hardware resources (as you can read here). But keep in mind that ANY software you install on your VPS, no matter how lightweight it is, it will have some kind of impact on the performance of the system.

If you were not using a VPS (if this were your local computer), I would recommend filtering those connections using a firewall at router level. Since most home routers don't offer that feature, in that case you would need to buy a router compatible with OpenWRT. Then you would need to configure OpenWRT's firewall. But since you use a VPS, your last resort would be commenting your problem with your VPN's support team (perhaps they could block those IPs for you).

I don't know how they do that 'DDoS attack' to your HFS website, if it's by accessing your direct IP or your Hostname, but if it's by your Hostname, then you could configure Cloudflare as a 'protection layer' between your server and the end user (and you should block direct access to your IP).

Another simpler option: change your VPS to another "DDoS Protected VPS" (so you don't have to worry about this), like: BuyVM, Cloudzy, Alexhost, BlueVPS, JavaPipe, UltaHost, DDoS-Guard, etc. (I've found them doing a simple Google Search).

I've run out of ideas... :-[
I truly don't know other way to help you, sorry... :(
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
and I wanted to find out if I am blocking the ip address ranges correctly, for example 192.168.1.10-192.168.1.50?

yes, this syntax for ranges is supported since version 0.48
i'm going to update the documentation about this


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
Still, attacks will slow down the performance of the system....

it is possible that most of these attacks get to you by scanning IPs, and don't know your domain.
You can block all requests that come without knowing your domain.
The easiest way is by using the vhosting plugin. Enter your domain with root "/", and enable "Block requests that are not using any of the domains above".
Let me know how it goes


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 859
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
I Use HFS 3
Sorry, my bad, now I realize that you use HFS v3 (I thought you were using HFS v2). All my comments apply only to version HFS v2.x, not HFS v3. Ignore my comments then, and follow what Rejetto says. :)
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
The only way I know how to do geo ip blocking is to run a separate firewall instance.

tiny wall. to lock down your windows for only 1 application if need be

peerblocker with geo ip list

Otherwise, run dockers like piehole

my current home network now consist of firewalla. Firewall uses firebase and other software to accomplish geo ip blocking.

What i'm getting at is networking outside hfs as a web server will require hardware and other software, not something build into hfs.

HFS has a ip range and single ip block feature. Manually add theses.

Current free ish system atm is rdpguard...

https://rdpguard.com/geoip-blocking.aspx#:~:text=The%20Geo%2DIP%20Blocking%20feature,update%20the%20blocking%20rules%20accordingly.

Networking and cyber security of your systems is on you.
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
guys, initial I had planned to work on this after official release of HFS 3, but i opted to have something special to celebrate next release 0.50, nearing the 2 years anniversary (december 8 ).
hopefully... work in progress



Offline ALEX

  • Occasional poster
  • *
    • Posts: 15
    • View Profile
we are waiting for this release

guys, initial I had planned to work on this after official release of HFS 3, but i opted to have something special to celebrate next release 0.50, nearing the 2 years anniversary (december 8 ).
hopefully... work in progress




Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile

Offline ALEX

  • Occasional poster
  • *
    • Posts: 15
    • View Profile
consider helping with testing. You can enable Admin > Options > Update to beta
https://github.com/rejetto/hfs/releases/tag/v0.50.0-alpha2

This release will be very powerful.

How can I add a script in this version?
using plugins...


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
yes, plugins, but if you don't intend to distribut your scripts/changes, you can just use "custom html" and "server code".
It depends on what you want to do....


Offline ALEX

  • Occasional poster
  • *
    • Posts: 15
    • View Profile
yes, plugins, but if you don't intend to distribut your scripts/changes, you can just use "custom html" and "server code".
It depends on what you want to do....

I would like to configure the program so that one specific agent can download


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
I would like to configure the program so that one specific agent can download

this is the server code:
exports.middleware = ctx => ctx.get('user-agent') === 'YOUR_AGENT' || ctx.socket.destroy()

this code check for exact text. Otherwise you can use, for example, ctx.get('user-agent').startsWith('YOUR_AGENT')

be careful, because this code can stop you from using your browser, and to recover you will have to edit file "config.yaml" with an editor

https://github.com/rejetto/hfs/wiki/Middlewares
« Last Edit: November 16, 2023, 04:48:54 PM by rejetto »