rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: nmr50 on April 17, 2017, 06:46:56 AM
-
Hello everyone !
I've recently tried to block some unwanted network from accessing my web server (HFS v2.3j), and I got this:
(http://i.imgur.com/jYJRU6N.png)
Please, give me the clue - how to add CIDR based networks into ban list of HFS.
Thanks in advance!
-t
-
You will find the actually explanation of IP masks in the wiki
http://www.rejetto.com/wiki/index.php?title=HFS:_IP_masks
This is only my opinion, it will require the endorsement of Rejetto:
The integration of notation CIDR based networks seems quite feasible and could be envisaged in a future version, provided that this does not entail incompatibilities for the general functioning
EDIT:
The problem was limited to bans list, a solution was found not impacting the rest of the program because the IPs are scheduled to work in modes (SINGLE, BITMASK, RANGE), a fix could be applied as soon as the new version Will be published
-
I see.. Thanks for info! Let us wait for next release, then :)
-t
-
use X.X.X.X-Z.Z.Z.Z instead.
it's the same.
-
176.59.32.0/19 = 176.59.32.0-176.59.63.255
You can use this CIDR Calculator (http://blog.tonton-pixel.com/Scripts/cidr.html) (written in JavaScript, so it can be used offline if you save that HTML) [source (http://blog.tonton-pixel.com/goodies/cidr-calculator/)]. Or use this another online and rather complex CIDR Calculator (http://www.subnet-calculator.com/cidr.php) [source (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)].
-
for HFS with stunnel are you the method for block IPin stunnel ?
y use peerblock for this time
-
for HFS with stunnel are you the method for block IP in stunnel ?
y use peerblock for this time
stunel is a third party application adding ssl/tls authentication.
https://www.stunnel.org/faq.html
https://www.stunnel.org/howto.html
in regards to blocking ip stunel done't have a "block" section, nor is one programmed, as it a net ad-on packet python tool, that reads a config file for base info on what to connect to (advance auth nat...).
http://git.net/ml/network.stunnel.user/2002-12/msg00064.html
#####################
peerblock is a third party tool that can be used to block ip address in its stead as a third layer data to packets, with can be set to deny access to services on the PC
https://en.wikipedia.org/wiki/PeerBlock
http://www.thewindowsclub.com/peerblock-identify-block-ip-address-known-bad-computers
Other wise your going into advance packets and networking with revers proxy. in with case i would have you look at hardware option for blocking (witch are slightly better than the software versions.)
https://www.haproxy.com/blog/preserve-source-ip-address-despite-reverse-proxies/
##################################
so since stunel is on the hfs machine as the server, all the traffic its going to got to is either the ip address of hfs or the loopback address (127.0.0.1) so a ban in hfs will not work as that ip address is nevr touching HFS.
Silentplz had a setup with another program with in HFS (as a source that gave some block protections), but it was being blocked by a different feature.
-
My HFS Server uses the autoit package in this post:
Y updated the two software HFS (2.93kB299) and Stunnel to v5.41
I have the log stunnel in HFS
That works well
Y have add the peerblock software, because I had a lot of ports scans
I blocked all countries except mine however I find it heavy
My question could be made simpler?
What you propose to the area to be even more complicated ;)
-
My HFS Server uses the autoit package in this post:
Y updated the two software HFS (2.93kB299) and Stunnel to v5.41
I have the log stunnel in HFS
That works well
Y have add the peerblock software, because I had a lot of ports scans
I blocked all countries except mine however I find it heavy
My question could be made simpler?
What you propose to the area to be even more complicated ;)
??? there is no autoit package zip or other file noted on this post...
all mater of opinions at this point :P