[Zope] blacklisting referers and/or specific hosts

David Pratt fairwinds at eastlink.ca
Mon Jul 4 00:31:58 EDT 2005 

Hi Tim.  I think what Jens has to say is the best solution. I have also 
made my own thing with zope as well since I don't always have control 
of the firewall.  I worked out a simple ip and country-ip solution. I 
made a simple interface for adding ips to a black list or selecting 
countries to add to black list. The logic makes a final connection to 
my main site template so ips in black list or ip turning out to be from 
a black listed country get nothing but an empty page (including an 
empty page header) while those that I want to view my site will get 
rendered pages.  I use a county-ip database that gets updated once per 
week (about 50,000 records) representing ranges from all countries.

I think is is becoming clearer that many of the threats on the Net come 
not only come from specific ips but specific countries as well.
To me, blacklisting and filtering those who see your site based on ip 
or ip ranges is just a little more risk management and less expense on 
bandwidth for those you don't want to invite in.  As Yens has pointed 
out, it would be best to stop this at the firewall if you can.  This 
may not be possible based on how you are serving your sites as in a 
hosted arrangement.  My feeling is that if someone is visiting (by 
looking at your site or sending a robot) it may deter some if they are 
seeing or collecting nothing. But it would do little for those sniffing 
for the server you are running and testing purely to see that your 
alive for some future exploit attempt.

Regards
David

On Sunday, July 3, 2005, at 04:05 PM, Tim Hicks wrote:

> Hi,
>
> I have a zope site up and running which has recently had a *lots* of 
> hits
> from a client (or clients) that show referers pointing at various
> gambling, meds, and loan sites.  Requests only come in for the main 
> page,
> not for the associated images, css, etc that should go with it.
>
> The consequence is that my server is working harder to service a client
> that isn't interested in what it has to say, and my Z2.log is now far 
> less
> useful to me as all these bogus requests drown out most of the useful
> information.
>
> So, I'm wondering if there's a way to blacklist those clients that I 
> don't
> like based on host/ip and/or on referer.
>
> If I hook into the traversal process in the same way as the virtual 
> host
> monster objects do, could I check the request against my blacklist and
> then do a REQUEST.close()?  Would that still appear in my logs?  Does 
> that
> even make sense?  Is there a HTTP response code that I could return to
> these clients that would stop them being interested in my server?
>
> Any ideas much appreciated.
>
> Tim
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>

More information about the Zope mailing list