Usage of IP Access control

  • Resolved ecdltf

    (@ecdltf)


    9 years, 6 months ago

    ~2 weeks ago I started to regularly pick IP addresses from the firewall log and adding them to the Access control. Against my expectations, the big part of these addresses seems to be rather static, and the FW log has become considerably “cleaner” (I’ve set the blocked IP addresses to not appear in the log).

    But nevertheless the IP block list is slowly growing, of course. Is there any significant penalty having too much IPs in the block list, computingwise, resourcewise?

    In theory, I think it should be less expensive to block attacks via the IP access control than through the various detection mechanisms. Is this correct?

    Thanks,
    Tom

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    Rejecting an IP because it is blacklisted is faster than rejecting it while parsing all rules. You can see the firewall directives processing order here.

    NinjaFirewall uses the PHP strpos() function to compare the client IP to the blacklisted (and whitelisted) IPs. That is quite fast and does not make use of regex.

    Thread Starter ecdltf

    (@ecdltf)

    and does make use of regex.

    I guess, you meant does not make use of regex. (?)

    Plugin Author nintechnet

    (@nintechnet)

    Should read “does not” ??
    I edited my previous message.

    Thread Starter ecdltf

    (@ecdltf)

    Ok, thanks

    Is there any way to get the entered IPs by entry date? (to delete the oldest entries, e.g. after 12 weeks)?

    Plugin Author nintechnet

    (@nintechnet)

    It is not possible because the firewall does not keep the entry date.

    Thread Starter ecdltf

    (@ecdltf)

    Yep. Would it significate much work to implement a time-ordered list? It could be written at entry time to a separate list, not the FW.

    But it’s too early to demand that feature. I first should see how things are going with my IP access block list.


    Tom

    Plugin Author nintechnet

    (@nintechnet)

    That would make probably the parser x2.5 to x3 slower than it is now. That may not be visible on a regular blog, but on a very busy multi-site with 500+ blogs it should make a noticeable difference.

    Thread Starter ecdltf

    (@ecdltf)

    That would make probably the parser x2.5 to x3 slower than it is now.

    I think you misunderstood. With “time-ordered” I didn’t mean the time when a block is applied, but simply when an IP was added to the list. The display order, sorted by the time when an entry was added.

    BTW, is there any way to paste a whole IP list, instead of individual entries?

    Plugin Author nintechnet

    (@nintechnet)

    You cannot paste an entire list.
    We may implement it one day, though.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Usage of IP Access control’ is closed to new replies.