Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Fail2ban notifier #206

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Conversation

etdsoft
Copy link

@etdsoft etdsoft commented Jan 2, 2014

A fail2ban notifier that creates a log file with every exception so you can parse it with fail2ban.

See file comments for fail2ban configuration (which you can also add to the wiki, I'll try adding them myself, but not sure if I got perms).

This PR- references
#205

@coveralls
Copy link

Coverage Status

Coverage decreased (-3.03%) when pulling 30b3302 on etdsoft:issue-205 into 8a8c6a4 on smartinez87:master.

@coveralls
Copy link

Coverage Status

Coverage decreased (-1.43%) when pulling b13628c on etdsoft:issue-205 into 8a8c6a4 on smartinez87:master.

@smartinez87 smartinez87 force-pushed the master branch 2 times, most recently from b2b9f49 to c1976c8 Compare August 26, 2015 23:46
@michenriksen
Copy link

michenriksen commented Sep 15, 2016

Hey @etdsoft,

I was just reading your blog post on this and spotted a potential problem with the code, so thought I would report it here for your consideration:

Using the ActionDispatch::Request#remote_ip method to determine the acting IP is opening up the module for easy circumvention and potential Denial Of Service for legit users.

ActionDispatch::Request#remote_ip usually defers the IP detection to the ActionDispatch::RemoteIp Middleware, which does some magic detection of the remote IP by looking at various request headers, such as X-Forwarded-For, in case the application is sitting behind Nginx or another proxy. This usually makes sense to do, but it also makes it possible for a malicious client to spoof the origin of the request by adding the X-Forwarded-For header to their requests. This makes it relatively trivial to circumvent the banning by shuffling between random IPs. It also opens up the possibility for the attacker to actively deny access to legit users by flooding the server with malicious request and spoofing the legit user's IP or even a whole IP range.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants