IP Blacklist

From SEnginx
Jump to: navigation, search

Contents

IP Blacklist

Synopsis

This feature provides the functionality of dynamic IP blacklist. This feature can be used with other security modules to block an IP address for a while if the IP address performs specified-times attacks in 1 second.
This feature is availiable since version 1.5.5

Directives

ip_blacklist

Syntax ip_blacklist on/off
Default off
Context http

Enable or disable IP blacklist.

Example:

ip_blacklist on;


ip_blacklist_size

Syntax ip_blacklist_size size
Default 1024
Context http

Specify IP blacklist size, size is how many IP addresses could be stored in the blacklist.

Example:

ip_blacklist_size 10240;


ip_blacklist_timeout

Syntax ip_blacklist_timeout timeout
Default 60
Context http

Specify IP blacklist entries timeout in seconds. Entries in the 'timeout' period is blocked.

Example:

ip_blacklist_timeout 120;


ip_blacklist_log

Syntax ip_blacklist_log on/off
Default off
Context http/server/location

Enable error log or not.

Example:

ip_blacklist_log on;


ip_blacklist_show

Syntax ip_blacklist_show
Default
Context location

Show IP blacklist items.

Example:

location /show_blacklist {
       ip_blacklist_show;
}


ip_blacklist_flush

Syntax ip_blacklist_flush
Default
Context location

Flush all IP blacklist items.

Example:

location /flush_blacklist {
    ip_blacklist_flush;
}


Then use another browser or http client, such as wget, curl, etc., visit /flush_blacklist, you can clear the blacklist.

curl http://1.1.1.1/flush_blacklist


This request will return a status code 444 response, this response does not make any sense, it just closes the connection.

ip_blacklist_mode

Syntax ip_blacklist_mode sys/local
Default local
Context http

Specify blacklist's mode, which can be two types:

  • System command mode (sys): The IP addresses are added kept outside of SEnginx, for example, if you use iptables, the requests will be blocked at the kernel level.
  • Local mode (local): The IP addresses which are blacklisted are kept in SEnginx, subsequent requests will be blocked at the SEnginx.

Example:

System command mode (sys):
ip_blacklist_mode sys;
Local mode (local):
ip_blacklist_mode local;


ip_blacklist_syscmd

Syntax ip_blacklist_syscmd [system command]
Default
Context http

Specify what external system command will be called when SEnginx wants to blacklist an IP address. IP address in the command is given by %V.

Example:

Specify a script to handle the IP addresses which is added to the blacklist:
ip_blacklist_syscmd "sudo /path/to/a/scritp %V";

Use iptables to add an IP address and block:
ip_blacklist_syscmd "sudo /sbin/iptables -A INPUT -s %V -j DROP";



Example:

Examples used with robot mitigation module


http {
    ... ...
    ip_blacklist on;
    ip_blacklist_size 10240;
    ip_blacklist_timeout 60;
    ip_blacklist_log on;
    server {
        listen       80;
        server_name  localhost;       
        location /blacklist_flush {
            ip_blacklist_flush;
        }
        location /blacklist_show {
            ip_blacklist_show;
        }       
        location / {
            ... ...
            robot_mitigation on;
            robot_mitigation_mode js;
            robot_mitigation_blacklist 10;
            ... ...
        }
  }
}


Personal tools
Namespaces

Variants
Actions
Navigation
In other languages
Toolbox