Can Abyss X2 read in a list of IPs into Denied IP Addresses?

JMMotyer

Hello, folks,
I have a PHP script that I am running on one of my X2 hosts. This script has been running great for years.
There is an add-in that I added to that script, which detects Bots, and adds the Bots' IP addresses to an .htaccess file in the root of that host (the add-in created that .htaccess file when I installed the add-in). Yes, I know that Abyss does not use, and ignores, .htaccess files. But that add-in was written for Apache 2.4 websites, and therefor writes the IP addresses of the Bots to that .htaccess file, so that Apache 2.4 websites can block those Bots.
A sample of the pertinent information in that .htaccess file looks like this:

# Access file for Apache 2.4 - Modified by Bot-trap
<RequireAll>
    Require all granted
    # Anything below this line was added by Bot-trap
    Require not ip 65.108.76.15
    Require not ip 144.76.68.70
    Require not ip 157.245.70.98
    Require not ip 135.181.82.112
    Require not ip 50.21.188.64
</RequireAll>

Can anyone think of a way that I can get those IPs into Abyss, perhaps into the Denied IP Addresses field in Abyss' IP Address Control Rules?
It would be great if Abyss could read in that file automatically, and extract just the IPs into Denied IP Addresses field in Abyss' IP Address Control Rules. But I can manually do that myself... I extracted just the IPs from that file & tried to paste them all into the Denied IP Addresses field in Abyss' IP Address Control Rules, but it seems that Abyss accepts only a single IP at a time, so my copy & paste did not work.
Anyone have any thoughts or ideas? If I am wanting to do the impossible, just let me know... I won't be offended :-)).
Thanks in advance, and have yourselves a great day.
Regards,
John

tfh

I haven't tried this, but... all the IP address that you block in the "Denied IP Addresses" list end up in your abyss.conf in the following section:
<ipcontrol>
<rules>
<rule>
</rule>
</rules>
</ipcontrol>
You can find multiple entries for every host. Maybe you can make a script that add's the IP address there? You might have to stop the server, update the file, restart the server though.
And I woul suggest trying this on a backup first before you kill your config ;-)

JMMotyer

My apologies for not posting this reply until now...
I am aware that Abyss places each IP in its separate <rule></rule> section, so if I were to add 100 different IPs to be denied, I would have 100 separate <rule></rule> items, which would each need to be added separately.
I tried copying all the IPs into Abyss' Denied IP Addresses field, with each IP address separated first by spaces and then by commas, but neither method worked. I realize that in Abyss' User Guide, Appendix C: IP Addresses and Ranges Format, it does not mention anything about entering multiple IP addresses together, but it was worth a try :-).
Thanks anyway, and have yourself a great day.
Regards,
John

pkSML

Just thinking out loud here...
Is this a problem you could address with a firewall? That might be more script-able. This would block bots from establishing another TCP connection with the server, which would greater preserve your server resources than blocking in Abyss.
Are you running Linux? If so, firewalling with ufw would be pretty simple. You'd just want to run the script regularly so it stays updated.
Otherwise, you're looking at tfh's solution -- directly modifying the abyss.conf file, which would require you to stop the server, update the ruleset, and restart the server. This could easily be done at low traffic times, but you'd need a lot of logic. You'd want to make a backup conf file and make sure Abyss restarts properly with the new config. Otherwise roll back to the previous working config.

JMMotyer

Hi, Stephen, thanks for your thoughts.

pkSML wrote
Are you running Linux? If so, firewalling with ufw would be pretty simple. You'd just want to run the script regularly so it stays updated.

I'm running Abyss on Windows10, actually. And I did play around with a script in my SonicWall a few months ago, whereby it was supposed to read in a text file every 5 minutes, with that text file containing only IP addresses, all of which are bots. It seemed to read in the IPs (at least, there were no errors), so as a test I temporarily connected my PC to my VPN (in order to get a new external IP address), then added my new external IP address to that text file, hoping that within 5 minutes my SonicWall would next read in the IPs along with my new IP external IP address, and block me. It worked once, and then never worked again after that :-).

pkSML wrote
Otherwise, you're looking at tfh's solution -- directly modifying the abyss.conf file.....

I've tested this method of blocking IPs a few times during the past 19 years that I've been using Abyss, but with this method it would require me to add many hundred's of IPs to Abyss individually, one at a time. If it would be possible for me to copy ALL of the IPs all at once into memory, and then paste them once into Abyss, that would work for me too, as that is a process that I can do from time-to-time. But unfortunately, I don't think Abyss is capable of accepting multiple IPs at a time... I tried with all the IPs separated by spaces, then commas, then tabs, etc., but none of those separators worked.
One of these days, I'll experiment some more with my firewall method of having my SonicWall read in IPs from a text file, and see if I can get further this time.
Thanks again for your thoughts, and have yourself a great day.
Regards,
John