rejetto forum

Ban Unless User

Age · 21 · 10163

0 Members and 1 Guest are viewing this topic.

Offline Age

  • Occasional poster
  • *
    • Posts: 17
    • View Profile
    • Integers of K
Hello, I was wondering how I might go about this if it's even possible.

I have setup a "ban" with reverse logic:

\132.*.*.*

So anyone who does not have a 132.x.x.x IP address is banned/blocked from accessing the server.  Is there anyway to override this block if I have a user account?

Basically, I want anyone who has a 132 IP or a user account to be able to access the server, but not the general public.  While there isn't a "Login" feature on the "You are currently banned" page in the default template, even after logging in, without having a 132 IP, I'm still not able to access it.

Thanks for any advice/input?  Thanks.


Offline bacter

  • Operator
  • Tireless poster
  • *****
    • Posts: 681
    • View Profile
if you ban a range of ip's, you ban them! no matter who's behind an ip.

With the beta version of hfs and using macros, you can make a welcomepage that shows up if %folder% = /.
In this welcomepage, you set links to login and, if allowed ip, to next folder.

Also at beginning of your template, you set conditions:
if the folder is not /  or no %user% is logged in, then disconnect that request.
your computer has no brain - use your own !


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
as bacter says.
something like this event handler (ALT+F6)

[request]
{.if
|{.and|{.%folder% != /.}|{.not|%user%.}|{.match address|\132.*|%ip%.}/and.}
|{:{.disconnection reason|i'm sorry.}:}
.}
« Last Edit: February 28, 2010, 10:52:30 PM by rejetto »


Offline Age

  • Occasional poster
  • *
    • Posts: 17
    • View Profile
    • Integers of K
This is great guys, thanks a lot.

Also, do you know how I could go about allowing users to log-in on the Unallowed page?
« Last Edit: February 28, 2010, 10:57:58 PM by Age »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
ok i applied the fix in my own post

Also, do you know how I could go about allowing users to log-in on the Unallowed page?

put a link like this
<a href="~login">please login</a>


Offline Age

  • Occasional poster
  • *
    • Posts: 17
    • View Profile
    • Integers of K
put a link like this
<a href="~login">please login</a>

Normally you'd think that would work, except that it would seem that the same rules that are preventing non-users/non-132.x.x.x IPs from having access, also prevents them from accessing the login page.

Is there anyway to prevent all folder access except ~login ?


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
use this line (untested)

|{.and|{.%folder% != /.}|{.not|{.match|*/~login|%folder%.}.}|{.not|%user%.}|{.match address|\132.*|%ip%.}/and.}


Offline Age

  • Occasional poster
  • *
    • Posts: 17
    • View Profile
    • Integers of K
use this line (untested)

|{.and|{.%folder% != /.}|{.not|{.match|*/~login|%folder%.}.}|{.not|%user%.}|{.match address|\132.*|%ip%.}/and.}

Alright, so I've been fiddling around. Using this:

[request]
{.if
|{.and|{.%folder% != /.}|{.not|{.match|*/~login|%folder%.}.}|{.not|%user%.}|{.match address|\132.*|%ip%.}/and.}
|{:{.disconnection reason|i'm sorry <a href="~login">please login</a>.}:}
.}

When I visit the server externally from a 132 IP it lets me in fine, so that's good. Also, when I login at that point, then go to http://localhost (to pretend that I'm not on a 132 IP) I am able to get in fine because I'm logged in already. Great. Perfect, that works.

But when I visit from a non-132 IP while not logged in, I continue to get the Unallowed page, even when going to http://localhost/~login in order to login.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
what's this "unallowed" page?
maybe you set a ban rule.
you should remove it.


Offline Age

  • Occasional poster
  • *
    • Posts: 17
    • View Profile
    • Integers of K
what's this "unallowed" page?
maybe you set a ban rule.
you should remove it.

Sorry, I don't think I explained that correctly. There aren't any ban rules.
|{:{.disconnection reason|i'm sorry.}:} appears to trigger the [deny] section of the template, which by default says "Unallowed."

Basically,
|{.and|{.%folder% != /.}|{.not|{.match|*/~login|%folder%.}.}|{.not|%user%.}|{.match address|\132.*|%ip%.}/and.}
still doesn't allow users to login if they're not on a 132 IP. I'll keep fiddling and re-read the wiki, thanks for your continued guidance. I'll post findings for people looking at this in the future.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
there's an error indeed:
try this:

|{.and|{.%folder% != /.}|{.match|\*/~login|%url%.}|{.not|%user%.}|{.match address|\132.*|%ip%.}/and.}


Offline Age

  • Occasional poster
  • *
    • Posts: 17
    • View Profile
    • Integers of K
rejetto you're amazing. Thank you so much.

To summarize:

My goal was to deny access to everyone except for those who a)Have a username and password or b)Are using IP addresses that begin with 132.
The problem was that the login page was being blocked from letting users who did not have a 132.x.x.x IP address from logging in.
The solution (thanks to rejetto) was to use the beta, press ALT-F6 to get into events and then paste this into it:

[request]
{.if
|{.and|{.%folder% != /.}|{.match|\*/~login|%url%.}|{.not|%user%.}|{.match address|\132.*|%ip%.}/and.}
|{:{.disconnection reason|You're either not logged in as a user or not on a 132.x.x.x IP address. <a href="~login">Please Login</a>.}:}
.}

Thanks again rejetto.


Offline KooolaNL

  • Occasional poster
  • *
    • Posts: 20
  • EY
    • View Profile
    • wat
i thought i reply here

i have kooola.nl/pic and kooola.nl/crap

i want a use 2 disconnect when he tries  kooola.nl/pic and kooola.nl/crap  without being logged in

what kinda line do i have 2 add where :3

thx in advance


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
right click on the folders > properties > permissions > any account


Offline KooolaNL

  • Occasional poster
  • *
    • Posts: 20
  • EY
    • View Profile
    • wat
when i do that can ppl olso not see kooola.nl/pic/photo.jpg because i only want ppl to not be able 2 browse the root of /pic/ get what i mean  :-*

i want everyone 2 see kooola.nl/pic/photo.jpg  but i want then to get a error message saying not logged in when they wanne inspect the root of /pic/

plz