The short answer is yes, of course you can. But should you?
Consider the following:
Just some thoughts I wanted to throw out there. If you still want to add rules to the Windows firewall programmatically you can use CFEXECUTE to call a batch file (look into “netsh advfirewall firewall add rule”) or call a PowerShell script created for your purposes.
Take Care,
Seth
--
--
You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list.
To unsubscribe, send email to houcfug-u...@googlegroups.com
For more options, visit http://groups.google.com/group/houcfug?hl=en
---
You received this message because you are subscribed to the Google Groups "Houston ColdFusion Users' Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to houcfug+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
The information contained in this e-mail message may be privileged, confidential, and/or protected from disclosure. This e-mail message may contain protected health information (PHI); dissemination of PHI should comply with applicable federal and state laws. If you are not the intended recipient, or an authorized representative of the intended recipient, any further review, disclosure, use, dissemination, distribution, or copying of this message or any attachment (or the information contained therein) is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender by return e-mail and delete all references to it and its contents from your systems.
Perhaps someone will offer that, but there are other thoughts to consider (including whether you should be doing that job yourself at all).
So first, how about if instead of blocking them in the Windows firewall, you blocked them in IIS? You can do that if you have added the “ip and domain restrictions” feature to IIS (using Server Manager), where they you can block by IP at the site or server level (within iis). And you can add ips to that using a command line tool that lets you do about any iis config changes, appcmd.exe. And then you could call THAT from cfexecute.
Of course, blocking IPs like this (in IIS or the firewall, or elsewise) is a bit like playing whack-a-mole. You shut down one and the same crap requests start coming from another. That gets frustrating.
You can also block by user agent, instead (if they always show some common one that you’d always want to block), and you can do that in IIS as well by adding a “rule” in the “request filters” feature (also optionally enabled using Server Manager), that blocks on the “header” named “user-agent” with the value of the user agent string.
Honestly, even that gets old after a while, and you may want to look instead to outside tools or services that handle all this for you. There are ones that work at the web server level, others as a hardware appliance, still others as services (where you route your traffic through them to “launder” such bad traffic). Such tools and services do MUCH more than just block by bad IPs (and the better ones do it so well they’re worth it, while lesser ones may suffer from false positives or be a hassle to configure).
Anyway, I keep a list of such tools and services (at that variety of levels here: cf411.com/security
/charlie
From: hou...@googlegroups.com <hou...@googlegroups.com> On Behalf Of Mike G
Sent: Friday, September 21, 2018 02:29 PM
To: hou...@googlegroups.com
Subject: [houcfug] Windows Firewall
Hello All,
--
--
Glad to help. I do understand that different people have different resources to turn to, so I try to offer a range of options for folks to consider. :-) Hope you can solve it via Sophos.
/charlie