How to reject request based on location

[Vlad]

I've discovered that my site is constantly bothered by weird locations - not that there is anything  intrinsically  wrong with those countries, but those locations have nothing to do with actual customers. I want to reject the requests from those locations altogether. 

I can reject any specific page in controller code, but how do I reject ANY request altogether, without coding it into multiple places? 

[valq...@gmail.com]

It is better to do this at front server like nginx, Apache or even at os-level. In web2py, models files are processed for each request, so you can just raise HTTP at db.py

вторник, 27 октября 2020 г. в 04:52:57 UTC+3, Vlad:

[Eliezer (Vlad) Tseytkin]

I see... Could you please give me a hint on where to find how to accomplish this in nginx? (I use PythonAnywhere)

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/af2Ct41wEE0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/36ef2c26-b63f-48f1-b032-51f4774171c6n%40googlegroups.com.

[Chris]

Hi, here you have some examples:

Web server level

Here there is examples about how to deny an IP and network ranges in nginx, if you can modify the nginx.conf file then is easy.

https://www.cyberciti.biz/faq/linux-unix-nginx-access-control-howto/

At OS level.

If you have control of IP tables you can do it there also.

This is how to block an entire subnet:

# iptables -A INPUT -s 192.168.100.0/24 -j DROP

Application level:

In your model (db.py) add the following at the beginning:

Example with multiples ip ranges

if IS_IPV4(minip=('192.168.20.19', '192.168.30.100'),maxip=('192.168.20.19', '192.168.30.199'))(request['env']['REMOTE_ADDR'])[1] == None:

    raise HTTP(403)

--

Cheers.

Chris.

You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CABZ%2BKCCmiak3RNNqhWxDmy0YCuutZS5z3FU9QbQLUnDCcBO91w%40mail.gmail.com.

[Val K]

It seems PA doesnt support low-level-IP-blocking   https://www.pythonanywhere.com/forums/topic/8212/

So you have to use db.py as Chris mentioned (or something like _block_list.py in models dir - file name should be top most alphabetical)

Also you can modify PA-starting script to catch bad-IP before passing request to web2py, but in this case you have to restart server after each change.

вт, 27 окт. 2020 г. в 20:45, Eliezer (Vlad) Tseytkin <westga...@gmail.com>:

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CABZ%2BKCCmiak3RNNqhWxDmy0YCuutZS5z3FU9QbQLUnDCcBO91w%40mail.gmail.com.

[Eliezer (Vlad) Tseytkin]

Got it,

Thank you!

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAM94u4-roMZUNNg95Q%2BF13p5QgmEde11RXZq34tPYUz0piX39Q%40mail.gmail.com.