hi! i have this guestbook similar to what is shown in the zope book. i'd like to know if there are possibilities to write a script or a code which blocks unwanted ip addresses. thanks __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
On Wednesday 12 February 2003 2:34 pm, Sungmook Kim wrote:
hi!
i have this guestbook similar to what is shown in the zope book. i'd like to know if there are possibilities to write a script or a code which blocks unwanted ip addresses. thanks
For protectiong a single page you can check REQUEST[`REMOTE_ADDR`], or in Zope 2.7 REQUEST.getClientAddr() If you really care about security then it is best to run Zope behind a proxy such as squid, pound, or apache. All these proxies have IP address filtering. -- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson
Is this how I block an IP Adress? All I want is just to block or ban some IP Addresses to maybe a specific page or the whole website. I know that with REQUEST[`REMOTE_ADDR`] you can find out one's ip address. but what i am looking is for a code or any function which allows me to block certain IP that I chose. cheers --- Toby Dickenson <tdickenson@geminidataloggers.com> schrieb: > On Wednesday 12 February 2003 2:34 pm, Sungmook Kim
wrote:
hi!
i have this guestbook similar to what is shown in the zope book. i'd like to know if there are possibilities to write a script or a code which blocks unwanted ip addresses. thanks
For protectiong a single page you can check REQUEST[`REMOTE_ADDR`], or in Zope 2.7 REQUEST.getClientAddr()
If you really care about security then it is best to run Zope behind a proxy such as squid, pound, or apache. All these proxies have IP address filtering.
-- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
__________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
Is this how I block an IP Adress? All I want is just to block or ban some IP Addresses to maybe a specific page or the whole website. I know that with REQUEST[`REMOTE_ADDR`] you can find out one's ip address. but what i am looking is for a code or any function which allows me to block certain IP that I chose.
It's part of the way there. The quick-hack way to do it is to 1) put a list of banned IPs in a 'lines' property of the object you're blocking on. 2) wrap your content in a conditional check against those IPs. In Python something like if REQUEST[`REMOTE_ADDR`] in blocked_ips: print "You are at a blocked address. Sorry." else: print content Similar for DTML (dtml-if) and Page Templates (tal:condition). You could do this for one page or stick it in a header for broader application. If this doesn't scale too well, one could write a product to do it, say a 'RestrictedFolder' that would only allow call or traverse if the IP isn't banned. If you want to block the whole site, you can use an outside proxy as previously mentioned. --jcc
You already got the very best answer you're going to get on this one: use squid or another cache/proxy. That's because blocking IPs is usually the wrong answer to the wrong question. The very few number of applications where it's appropriate are best accomplished by a program like squid that has the facilities to detect "red flag" requests. It's something you almost surely want to do dynamically in response to particular behavior. So... the short answer, really, is you may want to think up a different strategy. There are a number of existing ways of dealing with abusive users and odds are you'll be far better off making use of those than crafting your own solution. However... if you really must have a hosts_deny kind of thing for your Zope, I'd read up on Access Rules and implement it that way. HTH, Dylan At 10:40 AM 2/12/2003, Sungmook Kim wrote:
Is this how I block an IP Adress? All I want is just to block or ban some IP Addresses to maybe a specific page or the whole website. I know that with REQUEST[`REMOTE_ADDR`] you can find out one's ip address. but what i am looking is for a code or any function which allows me to block certain IP that I chose. cheers
--- Toby Dickenson <tdickenson@geminidataloggers.com> schrieb: > On Wednesday 12 February 2003 2:34 pm, Sungmook Kim
wrote:
hi!
i have this guestbook similar to what is shown in the zope book. i'd like to know if there are possibilities to write a script or a code which blocks unwanted ip addresses. thanks
For protectiong a single page you can check REQUEST[`REMOTE_ADDR`], or in Zope 2.7 REQUEST.getClientAddr()
If you really care about security then it is best to run Zope behind a proxy such as squid, pound, or apache. All these proxies have IP address filtering.
-- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
__________________________________________________________________
Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Sungmook Kim wrote at 2003-2-12 15:34 +0100:
i have this guestbook similar to what is shown in the zope book. i'd like to know if there are possibilities to write a script or a code which blocks unwanted ip addresses. thanks Either place Apache before Zope (and do it in Apache) or use a SiteAccess AccessRule (search Zope.org for details).
Dieter
Hi, On Wed, 12 Feb 2003 15:34:15 +0100 (CET) Sungmook Kim <dotorimook@yahoo.com> wrote:
hi!
i have this guestbook similar to what is shown in the zope book. i'd like to know if there are possibilities to write a script or a code which blocks unwanted ip addresses. thanks
Beside the tips you got already. I believe such a black IP list is almost unmaintainable. What if you instead design your guestbook to be able to review a message before it gets public? Regards Tino
Hi,
What if you instead design your guestbook to be able to review a message before it gets public?
This idea seems to be interesting. But how do I do that? cheers, sm --- Tino Wildenhain <tino@ertragsberater.de> schrieb:
Hi,
On Wed, 12 Feb 2003 15:34:15 +0100 (CET) Sungmook Kim <dotorimook@yahoo.com> wrote:
hi!
i have this guestbook similar to what is shown in the zope book. i'd like to know if there are possibilities to write a script or a code which blocks unwanted ip addresses. thanks
Beside the tips you got already. I believe such a black IP list is almost unmaintainable. What if you instead design your guestbook to be able to review a message before it gets public?
Regards Tino
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
__________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de
participants (6)
-
Dieter Maurer -
Dylan Reinhardt -
J Cameron Cooper -
Sungmook Kim -
Tino Wildenhain -
Toby Dickenson