blocking ip-addresses by country

[ALEX]

Can I block an entire country so that this country does not have access to hfs ?
or allow one country and ban the rest

[rejetto]

there's no such feature in HFS 2, but i don't exclude that one could script it.
for HFS 3, i don't plan to add it, but one day we may have a plugin for it.

[ALEX]

there's no such feature in HFS 2, but i don't exclude that one could script it.
for HFS 3, i don't plan to add it, but one day we may have a plugin for it.

It’s just that every day they send me a DDoS attack, I set it to block agents, but all the same the requests will cause the server to freeze
because they do it from abroad,
so I wanted to know how to block by country

[ALEX]

I Use HFS 3

[rejetto]

i took note, but i won't make it soon.
if you know programming you can make it yourself

[ALEX]

i took note, but i won't make it soon.
if you know programming you can make it yourself

No, i Can't

[LeoNeeson]

As Rejetto said, this is not implemented internally on HFS (for those who are expert on coding, something basic could be done using HFS's Macros, but it could make HFS slow, since we need to filter a lot of IP ranges for blocking an entirely country).

In your particular case, you have to use an external software. The most effective and easy to use solution, is using PeerBlock. Once you have installed PeerBlock, you have to use one list listed here (selecting the country you want to block). But keep in mind that PeerBlock works blocking connection system-wide (and you can't select only one software to block). So, it will block ALL connections you configure, for ALL the programs running on your Windows system (not only HFS). If you need to connect to some of the IPs you have blocked, you would need to temporary disable PeerBlock, or use another solution. As far I know, this is the only most easy solution.

» IMPORTANT: if you are targeted with DDoS attacks by someone expert, you could end blocking up almost the whole world (it could be like a witch-hunt), since the attacker could try to access your server from ANY other country using a VPN (or a proxy). Most of the time blocking an entirely country works, but sometimes it doesn't (and you will end blocking legitimate -good- users), so this is only an extreme measure. It's best NOT blocking an entirely country, but starting blocking ONLY the IP ranges of your attacker.

I hope it helps (please report back if that helped).
Cheers,
Leo.-

[ALEX]

As Rejetto said, this is not implemented internally on HFS (for those who are expert on coding, something basic could be done using HFS's Macros, but it could make HFS slow, since we need to filter a lot of IP ranges for blocking an entirely country).

In your particular case, you have to use an external software. The most effective and easy to use solution, is using PeerBlock. Once you have installed PeerBlock, you have to use one list listed here (selecting the country you want to block). But keep in mind that PeerBlock works blocking connection system-wide (and you can't select only one software to block). So, it will block ALL connections you configure, for ALL the programs running on your Windows system (not only HFS). If you need to connect to some of the IPs you have blocked, you would need to temporary disable PeerBlock, or use another solution. As far I know, this is the only most easy solution.

» IMPORTANT: if you are targeted with DDoS attacks by someone expert, you could end blocking up almost the whole world (it could be like a witch-hunt), since the attacker could try to access your server from ANY other country using a VPN (or a proxy). Most of the time blocking an entirely country works, but sometimes it doesn't (and you will end blocking legitimate -good- users), so this is only an extreme measure. It's best NOT blocking an entirely country, but starting blocking ONLY the IP ranges of your attacker.

I hope it helps (please report back if that helped).
Cheers,
Leo.-

Thanks Leo

PeerBlock is only supported up to Windows 7
I have windows server 2019
I have another question: can I block an IP range in HFS?
and yes, if I block ranges, will requests still reach hfs?

[LeoNeeson]

PeerBlock is only supported up to Windows 7
I have windows server 2019

Have you tried PeerBlock on Windows Server 2019? (I've read reports that it works fine on Windows 10, so it should work). There is no better solution than PeerBlock for Windows.

I have another question: can I block an IP range in HFS?
and yes, if I block ranges, will requests still reach hfs?

Yes, as far I know, requests will still reach HFS (it don't prevent people from trying, and it could affect performance, the same as filtering by 'UserAgent', but you have to try it and see what happens). My previous comment could lead to confusion, so to make it clear: HFS v3 doesn't have 'IP filtering feature' (like Rejetto said), and HFS v2 doesn't have an option to block IP addresses by country, but it has 'IP Banning' and you can configure some 'IP ranges' to block (of course, expert users can also use a macro script to filter by IP range, but it's not needed, since it works the same as using the HFS's GUI).

You can configure this, by going to HFS's Menu > Limits > Bans... (it will open a window where you have to enter the IP ranges). Remember to check 'Disconnect with no reply'. Before doing this, please take a look HERE to know how to configure an IP range to be excluded (remember to put a backslash \ before the IP range). Please report back if that affects performance (compared to filtering by 'UserAgent').

[ALEX]

Have you tried PeerBlock on Windows Server 2019? (I've read reports that it works fine on Windows 10, so it should work). There is no better solution than PeerBlock for Windows.
Yes, as far I know, requests will still reach HFS (it don't prevent people from trying, and it could affect performance, the same as filtering by 'UserAgent', but you have to try it and see what happens). My previous comment could lead to confusion, so to make it clear: HFS v3 doesn't have 'IP filtering feature' (like Rejetto said), and HFS v2 doesn't have an option to block IP addresses by country, but it has 'IP Banning' and you can configure some 'IP ranges' to block (of course, expert users can also use a macro script to filter by IP range, but it's not needed, since it works the same as using the HFS's GUI).

You can configure this, by going to HFS's Menu > Limits > Bans... (it will open a window where you have to enter the IP ranges). Remember to check 'Disconnect with no reply'. Before doing this, please take a look HERE to know how to configure an IP range to be excluded (remember to put a backslash \ before the IP range). Please report back if that affects performance (compared to filtering by 'UserAgent').

Thanks Leo
I configured both options, monitored them for several days, and the attacks became much smaller, but unfortunately peerblock greatly affects performance

[LeoNeeson]

Thanks Leo
I configured both options, monitored them for several days, and the attacks became much smaller, but unfortunately peerblock greatly affects performance

I guess you are running HFS on a VPS, where resources are shared and limited (I do understand). Have you tried using HFS's banning option ONLY, without PeerBlock? (instead of running both options). Perhaps you don't need PeerBlock, if you add (in HFS) the IP ranges that attack your website.

You can configure this, by going to HFS's Menu > Limits > Bans... (it will open a window where you have to enter the IP ranges). Remember to check 'Disconnect with no reply'. Before doing this, please take a look HERE to know how to configure an IP range to be excluded (remember to put a backslash \ before the IP range)..

Try using this ONLY (without PeerBlock).

[ALEX]

yes, I use it on a vps, I'm afraid this option does not help because every time the ip address is updated.
But I'll try.
Thanks Leo

[ALEX]

and I wanted to find out if I am blocking the ip address ranges correctly, for example 192.168.1.10-192.168.1.50?

[LeoNeeson]

and I wanted to find out if I am blocking the ip address ranges correctly, for example 192.168.1.10-192.168.1.50?

Yes, you are doing right. Use a semicolon ; to specify several IP ranges. To avoid any confusion (from my previous comments) if you put a backslash \ before the IP range, that IP range will be excluded from the 'IP Banning'. In the Wiki this is explained.

[ALEX]

Thank you Leo.
I'll keep monitoring....