[Flask] Handling web requests from blacklisted IP addresses?
Geert Stappers
stappers at stappers.nl
Fri Apr 28 00:31:26 EDT 2017
Do "reject", not "drop".
It is "packet drop" that malicious users deserve,
but care more about bonafide users, send "packet reject".
On Fri, Apr 28, 2017 at 10:47:40AM +0800, Unai Rodriguez wrote:
> Fail2ban is also a good tool to handle that: https://www.fail2ban.org
>
> -- unai
>
> On Fri, Apr 28, 2017, at 02:52 AM, Young,Spencer P wrote:
> > These things are just going to happen.
> > If you blacklist an IP, I personally would offload that work to a
> > firewall; just drop the traffic, no response. Don???t even let the requests
> > hit the server, if possible. Others may opt to simply lockdown their more
> > sensitive pages, like logins and downloads.
> > In the WordPress world, there???s a product called ???Wordfence??? that uses an
> > algorithm to rank the ???maliciousness??? of an IP to update blocking rules
> > accordingly. Worth looking into how it works.
> > Keep in mind, if you???re in an organization, it may be a vulnerability
> > scanner probing internally. You may want to whitelist any vulnerability
> > scanners.
> >
> > Hope that helps,
> > -Spencer
> >
> > On 4/27/17, 1:08 PM, "Flask on behalf of Keith MacDonald"
> > <flask-bounces+spenceryoung=ufl.edu at python.org on behalf of
> > keith at the-sanctuary.biz> wrote:
> >
> > I've recently built a website based on Python and Flask. Everything's
> > fine (thanks Flask).
> >
> > But being cautious, in case I made mistakes with the Routes, I've
> > been logging any 404 error messages, along with the IP address the
> > request came from. By accident, it seems to be working well as a
> > malicious-probe detector. I'm seeing many 404 error messages caused
> > by blacklisted IP addresses trying to find and access PHP admin pages
> > (which don't exist).
> >
> > Should I care about this?
> > I'm imagining I could add a table of blacklisted IP addresses quite
> > easily, and check the IP address before routing any pages.
> > But then what?
> > Should I send all requests from blacklisted IP addresses to a
> > special page?
> > Or a completely blank page?
> > Or redirect them to some hell-hole on the internet?
> > Or what?
> >
> > Any suggestions gratefully received.
> >
> > Keith MacDonald
> >
> >
> > _______________________________________________
> > Flask mailing list
> > Flask at python.org
> > https://mail.python.org/mailman/listinfo/flask
> >
> >
> > _______________________________________________
> > Flask mailing list
> > Flask at python.org
> > https://mail.python.org/mailman/listinfo/flask
> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
--
Groeten
Geert Stappers
--
Leven en laten leven
More information about the Flask
mailing list