Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
ISAPI_Rewrite 3.0 support forum
 Helicon Tech : ISAPI_Rewrite 3.0 support forum
Subject Topic: Multiple Banning Rules Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
thomasr79
Newbie
Newbie


Joined: 04 February 2008
Location: United Kingdom
Online Status: Offline
Posts: 23
Posted: 08 October 2008 at 6:03am | IP Logged Quote thomasr79

Hi,

 

We urgently need to add various rules and am hoping that ISAPI Reqrite is the one to use here:

Allow <list of ip addresses/netmasks)

Allow Robots

Ban <List of ip addresses/netmasks)

Allow Rest

The <lists> are fairly large, approx 9000 lines. Is this the best way to do this? Also the rewrite rule looks like a pain for this, can it just read in a list of ip addreses/ranges with netmasks from a file?
Back to Top View thomasr79's Profile Search for other posts by thomasr79
 
thomasr79
Newbie
Newbie


Joined: 04 February 2008
Location: United Kingdom
Online Status: Offline
Posts: 23
Posted: 08 October 2008 at 6:32am | IP Logged Quote thomasr79

for example

start ip end ip netmask
3.0.0.0 3.255.255.255 8
4.0.0.0 4.15.255.255 12
4.16.0.0 4.16.255.255 16
4.17.0.0 4.17.127.255 17
4.17.128.0 4.17.131.255 22
4.17.132.0 4.17.133.255 23
4.17.134.0 4.17.134.255 24
4.17.135.0 4.17.135.31 27
4.17.135.64 4.17.135.127 26
4.17.135.128 4.17.135.255 25
4.17.136.0 4.17.139.255 22
4.17.140.0 4.17.141.255 23
4.17.142.0 4.17.142.255 24
4.17.143.16 4.17.143.31 28
4.17.143.32 4.17.143.63 27
4.17.143.64 4.17.143.127 26
4.17.143.128 4.17.143.255 25
4.17.144.0 4.17.159.255 20
4.17.160.0 4.17.191.255 19
4.17.192.0 4.17.255.255 18
4.18.0.0 4.18.31.255 19
4.18.32.0 4.18.32.63 26
4.18.32.64 4.18.32.71 29
4.18.32.80 4.18.32.95 28
4.18.32.96 4.18.32.127 27
4.18.32.128 4.18.32.255 25
4.18.33.0 4.18.33.255 24
4.18.34.0 4.18.35.255 23
4.18.36.0 4.18.39.255 22
4.18.40.0 4.18.40.127 25
4.18.40.128 4.18.40.135 29
4.18.40.144 4.18.40.159 28
4.18.40.160 4.18.40.191 27
4.18.40.192 4.18.40.255 26
4.18.41.0 4.18.41.255 24
4.18.42.0 4.18.43.255 23
4.18.44.0 4.18.47.255 22
4.18.48.0 4.18.63.255 20
4.18.64.0 4.18.65.255 23
4.18.68.0 4.18.71.255 22
4.18.72.0 4.18.79.255 21
4.18.80.0 4.18.95.255 20
4.18.96.0 4.18.99.255 22
4.18.100.0 4.18.100.31 27
4.18.100.40 4.18.100.47 29
4.18.100.48 4.18.100.63 28
4.18.100.64 4.18.100.127 26
4.18.100.128 4.18.100.255 25
4.18.101.0 4.18.101.255 24
4.18.102.0 4.18.103.255 23
4.18.104.0 4.18.111.255 21
4.18.112.0 4.18.127.255 20
4.18.128.0 4.18.255.255 17
4.19.0.0 4.19.127.255 17
4.19.128.0 4.19.159.255 19
4.19.160.0 4.19.161.255 23
4.19.162.0 4.19.162.127 25
4.19.162.128 4.19.162.143 28
4.19.162.152 4.19.162.159 29
Back to Top View thomasr79's Profile Search for other posts by thomasr79
 
thomasr79
Newbie
Newbie


Joined: 04 February 2008
Location: United Kingdom
Online Status: Offline
Posts: 23
Posted: 08 October 2008 at 6:33am | IP Logged Quote thomasr79

But we need to allow robots first hence trying to do this in ISAPI rewrite rather than at firewall level.

If thers is some script rules which could be applied to lists like this, then we can generate that againat the list of US addresses to ban. Little worried about server performance on how long 9000 would take to go through?
Back to Top View thomasr79's Profile Search for other posts by thomasr79
 
Vyacheslav
Moderator Group
Moderator Group


Joined: 02 July 2008
Location: Ukraine
Online Status: Offline
Posts: 673
Posted: 08 October 2008 at 7:13am | IP Logged Quote Vyacheslav
Hi,
You can use map-files feature. Please put all IP addresses into text document, e.g. ban-list.txt
Then you may use these rules for baning specified addresses:
Code:
RewriteMap BanList txt:ban-list.txt
RewriteCond %{REMOTE_ADDR} (.*)
RewriteCond ${BanList:%1|NOT_FOUND} !NOT_FOUND
RewriteRule .? - [F]


Please explain more about your desire to allow robots. You may also see an example in FAQ about spiders-blocking

__________________
Kind regards!
Vyacheslav Shinkarenko, HeliconTech.
Back to Top View Vyacheslav's Profile Search for other posts by Vyacheslav Visit Vyacheslav's Homepage
 
thomasr79
Newbie
Newbie


Joined: 04 February 2008
Location: United Kingdom
Online Status: Offline
Posts: 23
Posted: 08 October 2008 at 7:16am | IP Logged Quote thomasr79

Hi,

 

this is great thanks. however, Will this file take in to account netmasks?

As you can see, an example is a range of

Begin 4.19.162.0

End 4.19.162.127

Netmask 25
Back to Top View thomasr79's Profile Search for other posts by thomasr79
 
thomasr79
Newbie
Newbie


Joined: 04 February 2008
Location: United Kingdom
Online Status: Offline
Posts: 23
Posted: 08 October 2008 at 7:26am | IP Logged Quote thomasr79
The problem is that our list and what would be a list of ip addresses rather than ranges would amount to over 100,000 ip addresses.
Back to Top View thomasr79's Profile Search for other posts by thomasr79
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You can vote in polls in this forum