Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feldsam/show ban info page #5796

Open
wants to merge 2 commits into
base: staging
Choose a base branch
from
Open

Feldsam/show ban info page #5796

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
873863f
Show custom 403 page when user ip/network is banned by netfilter
feldsam Mar 19, 2024
e3cf005
Added simple self-unban process
feldsam Mar 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 22 additions & 2 deletions data/Dockerfiles/netfilter/modules/IPTables.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,16 @@ def initChainIPv4(self):
rule.target = target
if rule not in chain.rules:
chain.insert_rule(rule)

# always allow TCP connections to 80 and 443 ports to show 403 page in case of ban
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), self.chain_name)
rule = iptc.Rule()
rule.create_target("ACCEPT")
match = rule.create_match('multiport')
rule.protocol = 'tcp'
match.dports = '80,443'
if rule not in chain.rules:
chain.insert_rule(rule)

def initChainIPv6(self):
if not iptc.Chain(iptc.Table6(iptc.Table6.FILTER), self.chain_name) in iptc.Table6(iptc.Table6.FILTER).chains:
Expand All @@ -32,6 +42,16 @@ def initChainIPv6(self):
rule.target = target
if rule not in chain.rules:
chain.insert_rule(rule)

# always allow TCP connections to 80 and 443 ports to show 403 page in case of ban
chain = iptc.Chain(iptc.Table6(iptc.Table6.FILTER), self.chain_name)
rule = iptc.Rule6()
rule.create_target("ACCEPT")
match = rule.create_match('multiport')
rule.protocol = 'tcp'
match.dports = '80,443'
if rule not in chain.rules:
chain.insert_rule(rule)

def checkIPv4ChainOrder(self):
filter_table = iptc.Table(iptc.Table.FILTER)
Expand Down Expand Up @@ -98,7 +118,7 @@ def banIPv4(self, source):
rule.target = target
if rule in chain.rules:
return False
chain.insert_rule(rule)
chain.append_rule(rule)
return True

def banIPv6(self, source):
Expand All @@ -109,7 +129,7 @@ def banIPv6(self, source):
rule.target = target
if rule in chain.rules:
return False
chain.insert_rule(rule)
chain.append_rule(rule)
return True

def unbanIPv4(self, source):
Expand Down
25 changes: 25 additions & 0 deletions data/conf/nginx/fastcgi_params
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
Loading