range block still not written to htaccess

Sells PC To Pay For Divorce Joined: Posts: 5661

is there a reason why the writing to htaccess for blocked ranges isnt working?
i mentioned this before but it was never fixed ...

And another question....

if you search an ip it shows the results for tracked ip,or range....etc..
but in the table of the range it shows no function to block the range..
Why is that?

Any reason why we still have to put the range in manualy?

registered · Posted: Mon Jun 12, 2006 6:48 pm

hitwalker wrote:

is there a reason why the writing to htaccess for blocked ranges isnt working?
i mentioned this before but it was never fixed ...

Ack. I wanted to do this and didn't know that it wasn't working correctly. Thanks! I now know. Smile

Posted: Mon Jun 12, 2006 6:49 pm

does it write anything into the .htaccess?

Posted: Mon Jun 12, 2006 8:30 pm

i am currently looking into this and it seems that it writes to the .htaccess the first three sets but it strips the period and star...it seems to be in includes/nukesentinel.php im goin to attempt to remove som coding and hopefully that will work....is this the same issue ur having?

Posted: Mon Jun 12, 2006 8:53 pm

after looking into this..i believe i have found the line(more the one intance) where it strips the .*

Code:

      $i = 1;


      while ($i <= 3) {


        $tip = substr($clearblock['ip_addr'], -2);


        if ($tip == ".*") { $clearblock['ip_addr'] = substr($clearblock['ip_addr'], 0, -2); }


        $i++;


      }

not sure if this is anything that the nukesentinel team has done on purpose but it appears to be that so i will not alter that line myself till some1 from the team says its ok because i dont think this is an error...i think this was done on purpose..not sure why but i wont step on their coding till i know for sure.

Posted: Tue Jun 13, 2006 3:59 am

yeah sure it writes to the htaccess but only ip's that are banned...
that means...if i ban them or sentinel..
but ranges never worked...

Posted: Tue Jun 13, 2006 5:32 am

Actually, I think you are right. I cannot remember blocked ranges getting written to htaccess.
I am adding this to Mantis as a bug report.
Edited: Added as a feature request as I'm fairly sure the function was never meant to write ranges to htaccess.

registered · Posted: Tue Jun 13, 2006 5:42 am

Thanks Guardian! It is so good to see Bob "active" again and making improvements to the product. He may be willing to look into this one.

Posted: Tue Jun 13, 2006 5:47 am

ah thanks guardian...but this is wellknown... Sad

sentinel can be optimized in many ways....but for now...nothing happens...

like now with the egallery attacks...
when i check the ip's used...
it gives the option to delete or edit the range the ip is in.... killing me

But can i ban it ?...NOPE
i have to do it by hand.....
and then its only banned in the database...lol

btw guardian...
the write problem was mentioned here to..

http://www.ravenphpscripts.com/posts9600-highlight-range.html

Posted: Tue Jun 13, 2006 7:11 am

I believe that if you do an import of a country range to block the IPs in that range it is true that Sentinel doesn't write to htaccess. On the other hand if you block a range "manually" by putting in the starting and ending IP's then it does write to htaccess. The results are expressed as cidr's. Here is a couple of lines from my htaccess that I just wrote out this morning by banning a range manually:

deny from 200.128.0.0/11
deny from 200.160.0.0/9

I've googled cidrs and I think it is the /11 for instance is the number of 255 address groups that are banned starting from 200.128.0.0. But I'm not sure about that and I don't have any ambitions to become an expert on IP address arithmetic.

The blocked range menu is a little funky, in some cases it takes you to a screen that seems to be generated "outside" of the default theme and it gives you a list of a bunch of ranges with the option to "go back". It's not at all clear to me what you are supposed to do with this. The first time I tried to ban a range this morning it didn't "take" but possibly I had some error in stating the range I wanted to ban. The second time it did take.

I don't know if there might be performance reasons for not writing a huge range of addresses to htaccess. The file has to be read for every access anyone makes into your web site so "normal" users will be paying any penalty that's incurred by having a whole bunch of entries for banned ranges in there. On the other hand it could be cached somehow and not matter. That's beyond me too.

Posted: Tue Jun 13, 2006 7:20 am

well writing a range to the htacces is just one line..
if when you search an ip in sentinel it shows the ip in the range table.....
in there it should show a function to directly ban the range...

Posted: Wed Aug 02, 2006 7:18 am

I have verified in NS 2.5.0 that it is in fact writing to .htaccess the CIDRs corresponding to the range that you enter into the Blocked Ranges.

Posted: Wed Aug 02, 2006 9:53 pm

fkelly wrote:

Here is a couple of lines from my htaccess that I just wrote out this morning by banning a range manually:

deny from 200.128.0.0/11
deny from 200.160.0.0/9

I've googled cidrs and I think it is the /11 for instance is the number of 255 address groups that are banned starting from 200.128.0.0.

With this:

deny from 200.128.0.0/11

..I believe you are actually banning a possible 2,097,152 hosts. (2^21 for the remaining host bits)

Did you ban whole countries??

Posted: Thu Aug 03, 2006 5:56 am

huh...who are you asking this?

Posted: Thu Aug 03, 2006 6:07 am

Sorry, hitwalker. I edited my post to show a quote.

Posted: Thu Aug 03, 2006 6:12 am

ah..i see,well to answer that...
it bans a whole range yes,not a full country...
your example is a range of brazil.
so banning brazil would need the following..

139.82.0.0/16
143.54.0.0/16
143.106.0.0/15
143.108.0.0/16
144.23.0.0/16
146.134.0.0/16
146.164.0.0/16
147.65.0.0/16
150.161.0.0/16
150.162.0.0/15
150.164.0.0/15
152.84.0.0/16
152.92.0.0/16
155.211.0.0/16
157.86.0.0/16
161.24.0.0/16
161.79.0.0/16
161.148.0.0/16
164.41.0.0/16
164.85.0.0/16
170.66.0.0/16
189.0.0.0/11
192.80.209.0/24
192.111.229.0/24
192.111.230.0/24
192.132.35.0/24
192.146.157.0/24
192.146.229.0/24
192.147.210.0/24
192.147.218.0/24
192.153.88.0/24
192.153.120.0/24
192.153.155.0/24
192.159.116.0/23
192.160.45.0/24
192.160.50.0/24
192.160.111.0/24
192.160.128.0/24
192.160.188.0/24
192.188.11.0/24
192.190.30.0/23
192.195.237.0/24
192.198.8.0/21
192.207.194.0/23
192.207.200.0/22
192.207.204.0/23
192.207.206.0/24
192.223.64.0/18
192.231.114.0/23
192.231.116.0/22
192.231.120.0/23
192.231.175.0/24
192.231.176.0/24
198.12.32.0/19
198.17.120.0/23
198.17.231.0/24
198.17.232.0/24
198.49.128.0/22
198.49.132.0/23
198.50.16.0/21
198.58.8.0/22
198.58.12.0/24
198.184.161.0/24
200.0.8.0/21
200.0.32.0/20
200.0.48.0/21
200.0.56.0/22
200.0.60.0/23
200.0.67.0/24
200.0.68.0/22
200.0.72.0/24
200.0.81.0/24
200.0.85.0/24
200.0.86.0/23
200.0.89.0/24
200.0.90.0/23
200.0.92.0/23
200.0.100.0/23
200.0.102.0/24
200.0.114.0/24
200.3.16.0/20
200.5.9.0/24
200.6.35.0/24
200.6.36.0/22
200.6.40.0/21
200.6.48.0/24
200.6.128.0/22
200.6.132.0/23
200.7.0.0/22
200.7.8.0/22
200.7.12.0/23
200.9.0.0/23
200.9.2.0/24
200.9.65.0/24
200.9.66.0/23
200.9.68.0/22
200.9.76.0/23
200.9.78.0/24
200.9.84.0/22
200.9.88.0/21
200.9.102.0/23
200.9.104.0/22
200.9.112.0/23
200.9.114.0/24
200.9.116.0/22
200.9.120.0/23
200.9.123.0/24
200.9.124.0/22
200.9.129.0/24
200.9.130.0/23
200.9.132.0/22
200.9.136.0/22
200.9.140.0/24
200.9.143.0/24
200.9.144.0/24
200.9.148.0/23
200.9.158.0/23
200.9.160.0/22
200.9.164.0/24
200.9.169.0/24
200.9.170.0/23
200.9.172.0/22
200.9.181.0/24
200.9.182.0/23
200.9.184.0/23
200.9.186.0/24
200.9.199.0/24
200.9.200.0/24
200.9.202.0/23
200.9.206.0/23
200.9.214.0/24
200.9.220.0/22
200.9.224.0/24
200.9.226.0/24
200.9.229.0/24
200.9.234.0/24
200.9.249.0/24
200.9.250.0/23
200.9.252.0/24
200.10.4.0/22
200.10.32.0/20
200.10.48.0/21
200.10.56.0/22
200.10.132.0/22
200.10.136.0/23
200.10.138.0/24
200.10.141.0/24
200.10.144.0/24
200.10.146.0/24
200.10.153.0/24
200.10.154.0/24
200.10.156.0/22
200.10.163.0/24
200.10.164.0/24
200.10.173.0/24
200.10.174.0/23
200.10.176.0/22
200.10.180.0/23
200.10.183.0/24
200.10.185.0/24
200.10.187.0/24
200.10.189.0/24
200.10.191.0/24
200.10.192.0/23
200.10.209.0/24
200.10.210.0/24
200.10.227.0/24
200.10.245.0/24
200.11.0.0/20
200.11.16.0/21
200.11.24.0/22
200.11.28.0/24
200.12.0.0/20
200.12.131.0/24
200.12.139.0/24
200.12.157.0/24
200.13.8.0/21
200.14.32.0/23
200.14.35.0/24
200.14.36.0/24
200.17.0.0/16
200.18.0.0/15
200.20.0.0/16
200.96.0.0/13
200.128.0.0/9
201.0.0.0/10
201.64.0.0/11
206.221.80.0/20

have fun.. Twisted Evil