vADC Forum

Reply
Occasional Contributor
Posts: 5
Registered: ‎10-08-2013
Accepted Solution

How can I block ips with a custom script with Stingray Traffic Manager?

Hi, I want to know if is possible to block ips direct with a custom script from Stingray Traffic Manager. Maybe with an action in Protection->Access Restrictions->Banned IPs?

My custom script detect a bad ip to try to hack our site, so I will need to block this ip, but I don't know how?

Help please!!!

Frequent Contributor
Posts: 321
Registered: ‎11-29-2012

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Mario,

You can inspect and modify the Stingray configuration from within a TrafficScript rule.  This article (Slowing down busy users - driving the REST API from TrafficScript) gives an example.

The basic principle is that you can make a REST request using http.request.get to retrieve the configuration file for a service protection policy.  The config file is plain-text; you can modify it in the rule with a little care, and then store the changes using http.request.put.

This should help to solve your problem.

Alternatively, you could use a modified version of the Slowing down busy users - driving the REST API from TrafficScript article.  The advantage of this solution is that it would let you implement a timeout - users don't have to be blocked forever and you don't have an ever-growing list of banned IP addresses.

Hope that this helps - best regards

Owen

Occasional Contributor
Posts: 5
Registered: ‎10-08-2013

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Owen, excuse me, is posible to use the memory segment DATA  to store blocked ips? For example:

  data.set($prefix.$ip, 1 );

  if(data.get($prefix.$ip))

      ip is blocked

  else

     ip not blocked and continue

Thanks

Mario

Frequent Contributor
Posts: 321
Registered: ‎11-29-2012

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Mario,

Yes - you can use the global data segment to store the list. This is simpler than the solution I described above, but it has two disadvantages:

  • Data does not persist - it is lost when the traffic manager restarts
  • Data is not shared between traffic managers in a cluster

Either will work - you can select the approach that is best for you

Best regards

Owen

Occasional Contributor
Posts: 5
Registered: ‎10-08-2013

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Where can I store the information, because I will need this always! I can

not lost the information of the ips stored? Thanks Mario

El oct 14, 2013 3:34 PM, "Owen Garrett" <no-reply@riverbed.com> escribió:

**

Riverbed Splash

<https://splash.riverbed.com/?et=watches.email.thread> How can I

block ips with a custom script with Stingray Traffic Manager?

reply from Owen Garrett<https://splash.riverbed.com/people/owen?et=watches.email.thread>in

Stingray - View the full discussion<https://splash.riverbed.com/message/17000?et=watches.email.thread#17000>

Frequent Contributor
Posts: 321
Registered: ‎11-29-2012

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Mario,

If you need to store the information permanently, then you can't rely on the global data segment as it is discarded when the traffic manager software is restarted.

You can store the information in the resources section of the Stingray configuration.  The article Slowing down busy users - driving the REST API from TrafficScript illustrates how to do this.

You could also store the information in an external database (this is much more difficult).  Use a Java Extension or an event handler to push information into the database, and a Java Extension to read data from the database.  There are some examples here:

It might be easier to use a database with an HTTP interface (such as Riak) to get and set the per-IP records.

Here's another example: Detecting false login attempts and blocking the attackers

Best regards

Owen

Occasional Contributor
Posts: 5
Registered: ‎10-08-2013

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Owen thanks for all your help!! If is possible I have other question?

For security:

When I make a redirect:

http.redirect( "http://".$host. "/mypage.php?userAgent=".$user."&ip=".$ip."&url=".$url

In browser:

http://myhost/mypage.php?userAgent=Mozilla/5.0 Firefox/24.0&ip=10.0.0.0&url=mypage

Is possible to make a redirect but maybe implement a technique for the parameters in the browser will be invisible or transparent to the user?

I don't want the user can see the values ​​of the parameters.

Is this possible?

Thanks

Mario

Frequent Contributor
Posts: 321
Registered: ‎11-29-2012

Re: How can I block ips with a custom script with Stingray Traffic Manager?

Hi Mario,

If you use a redirect, then the remote user will see the parameters.

You could modify the URL, for example, to add a query string, and then forward the request on to a back-end server as normal.

regards

Owen

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Download FREE NVMe eBook