Menu
Yes, I know there's Voter tutorial in cookbook. But I'm looking for something slightly different. I need two different layers of blacklisting:
I wrote Voter that checks if user's IP is in database. For first scenario, I wrote a kernel listener that checks every request and throws 403 in case it encounters banned user:
if (VoterInterface::ACCESS_DENIED === $this->voter->vote($token, $this, array())) {
throw new AccessDeniedHttpException('Blacklisted, punk!');
}
First problem lies in VoterInterface itself, which forces me to use TokenInterface $token, which I don't really need in this case. But that doesn't matter that much I guess. Next thing is that I actually had to use AccessDeniedHttpException as AccessDeniedException always tries to redirect me to login page and causes endless redirect loop in this case. I'd live with it as it works just fine in dev environment, but when I switch to prod I keep getting 503 with following in prod log:
[2011-11-21 20:54:04] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2011-11-21 20:54:04] request.ERROR: Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: Blacklisted, punk! (uncaught exception) at xxx line 28 [] []
[2011-11-21 20:54:04] request.ERROR: Exception thrown when handling an exception (Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: Blacklisted, punk!) [] []
From what I've read, it might be problem with xdebug, but it happens even when I turn it off. I also tried vanilla \Exception and it does the same thing. Anyone have any idea why it happens? Or maybe some other solution for such blacklisting case.
Also, I've no idea how to solve second case as I don't know how to stop user before he gets token assigned. My current solution is dealing with InteractiveLoginEvent, checking if user is blacklisted and if so, removing his token. It doesn't seem to be a safe one and I'm not really comfortable with it. So, any idea how to solve this one? I guess I'm just missing some obvious "pre login event".
314
IP blacklisting is a method used to filter out illegitimate or malicious IP addresses from accessing your networks. Blacklists are lists containing ranges of or individual IP addresses that you want to block.
Blacklists are most commonly a collection of email or IP addresses which have been flagged for sending spam. Many email hosting providers will use these public blacklists as part of their overall efforts to limit the spam they receive to their network.
IP address blacklisting is a method of protecting Web and other Internet servers from malicious attacks. This is accomplished by setting rules within server software or hardware routers regarding what traffic will be considered an attack, and then preventing the computers creating that traffic from connecting again.
To deny access to the entire website, you can adapt the whitelist code used to secure the dev environment. Stick something like this in app.php:
if (in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '1.2.3.4',))) {
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access this site.');
}
For site-wide IP restrictions it's best to handle them at the apache level, so your app does not even get hit by the request. In case you are trying to keep out a spammer, this way you don't waste any resources on their sometimes automated requests. In your case, writing the deny rules to the .htaccess file would be appropriate. In larger setups you can also configure a firewall to block specific IPs so those requests don't even hit your server at all.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
