rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: Bugger on February 26, 2020, 10:44:04 AM
-
Is there an easy way to deny or ban requests that aren't for a certain file, or group of files? I'm having bots or something request for root and trying different login names (user@ip) for a public server I use to host downloadable content for a game server. What I would like to do is automatically ban any ip that doesn't 'GET /myfile.xyz', or maybe any file that is in a folder like 'GET /myfolder/myfile.xyz' so multiple files can be hosted.
I was thinking maybe I can add a line to hfs.events to deal with this, but I didn't see anything related to banning in the wiki, so I don't really know how to go about it.
Please note: this server will never be used for anything other than public file hosting of 1-3 files, so preserving any functionality of user accounts or anything else along those lines is not necessary
Thanks for any input!
-
https://en.m.wikipedia.org/wiki/Robots_exclusion_standard
https://www.robotstxt.org/robotstxt.html#:~:text=
By adding a robot.txt file, as it seems you are have scripts scan your server.
I would recommend making and adding a custom robot
.txt file with disallow option...
-
I really need something more along the lines of banning any address that doesn't request a hosted file as I have been having several bad apples trying exploitation methods as well, and I don't want anything in a list somewhere. There only should be game clients requesting specific files, so is there a simple line I can add to events that will accomplish this?
-
I really need something more along the lines of banning any address that doesn't request a hosted file as I have been having several bad apples trying exploitation methods as well, and I don't want anything in a list somewhere. There only should be game clients requesting specific files, so is there a simple line I can add to events that will accomplish this?
A template (or diff-template) could do a default disconnect on error, to imitate a firewall:
[error-page]
{.disconnect.}
However, it would be better to use a filtered approach (help users but disconnect miscreants), such as in https://rejetto.com/forum/index.php?topic=12055.msg1065326#msg1065326 See the error-handler pages, to give you some ideas on how to arrange your filters.
-
welcome,
not found
{.set ini|{.no pipe|ban-list={.from table|#ini|ban-list.}%ip%#are you trying to break me? {.time.}|.}.}
-
Pretty much exactly what I had in mind, thanks!
Edit: For anyone who is trying to do the same thing, this line from @dj in combination with thishttp://rejetto.com/forum/index.php?topic=11738.0 (http://rejetto.com/forum/index.php?topic=11738.0), solved my problem completely for the time being. Since my particular use case has a unique user-agent, this seemed the best route to take. I know how and that it can be spoofed, but mainly this was an effort to save bandwidth and keep the logs clear. All my files are public anyway, and I just didn't want my logs filling up with spam for no good reason because some jackass wanted to find out if I had any secured accounts set up.
a couple of things to note:
You MUST set the root directory to a real folder
Try to put everything in root/properties/Diff template, and event scripts (alt+f6)
(If you don't know any better in the first place, thankfully I avoided some work by reading a little)
Cheers! 8)