[Flask] Handling web requests from blacklisted IP addresses?
Young,Spencer P
spenceryoung at ufl.edu
Thu Apr 27 14:52:47 EDT 2017
These things are just going to happen.
If you blacklist an IP, I personally would offload that work to a firewall; just drop the traffic, no response. Don’t even let the requests hit the server, if possible. Others may opt to simply lockdown their more sensitive pages, like logins and downloads.
In the WordPress world, there’s a product called ‘Wordfence’ that uses an algorithm to rank the ‘maliciousness’ of an IP to update blocking rules accordingly. Worth looking into how it works.
Keep in mind, if you’re in an organization, it may be a vulnerability scanner probing internally. You may want to whitelist any vulnerability scanners.
Hope that helps,
-Spencer
On 4/27/17, 1:08 PM, "Flask on behalf of Keith MacDonald" <flask-bounces+spenceryoung=ufl.edu at python.org on behalf of keith at the-sanctuary.biz> wrote:
I've recently built a website based on Python and Flask. Everything's fine (thanks Flask).
But being cautious, in case I made mistakes with the Routes, I've been logging any 404 error messages, along with the IP address the request came from. By accident, it seems to be working well as a malicious-probe detector. I'm seeing many 404 error messages caused by blacklisted IP addresses trying to find and access PHP admin pages (which don't exist).
Should I care about this?
I'm imagining I could add a table of blacklisted IP addresses quite easily, and check the IP address before routing any pages.
But then what?
Should I send all requests from blacklisted IP addresses to a special page?
Or a completely blank page?
Or redirect them to some hell-hole on the internet?
Or what?
Any suggestions gratefully received.
Keith MacDonald
_______________________________________________
Flask mailing list
Flask at python.org
https://mail.python.org/mailman/listinfo/flask
More information about the Flask
mailing list