MyBB Central

Full Version: Forum "Firewall" Plugin
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Well, i could see this being somewhat of a larger project, obviously, but in the end, i think it'd be a fantastic idea. I was recently looking at my firewall settings on my computer. Just basic, really simple. For example, there's a dropdown menu that allows you to select how strict you want the firewall to be, or what type of security you're looking for, etc. etc.

(I'm looking at Comodo Firewall btw)

One thing I think would be utterly awesome would be the ability to have access to an htaccess file from the forum itself. and from the plugin, we can activate or deactivate certain actions from that htaccess file. For example.

Let's say My site comes under attack and i want to quickly make my security higher (blocking a few countries, or blocking a preset number or specific countries from a simple dropdown menu). Or maybe I want to block ping requests (Is that possible with htaccess?), etc. etc.

Basically, It would be nice to be able to do this from the forum itself. I know for me if I want to change my htaccess file I have to do it for several directories, and to even begin to start, I have to login to my account, then login to my cpanel, then access file manager, then browse to the directory (which for me is at least four clicks), then click to edit that file, wait for it to load, and input my actions then. That's alot to do just to edit one file. now i could do this in FTP, but, I'm looking at this from the following window:

i am assuming that the users using this plugin will have little or no knowledge of-

-Intenet Security

It'd be nice for someone with this amount of knowledge to be able to successfully lock up their domain at a more secure level than "just" the forum level.

some of the features I'm suggesting/looking at would be:

-A section that allows the administrator to set an htaccess directory password for the admin directory (will effectively set the password and username as a regular htaccess file would do strait from the admin directory).

-A section that allows you to edit/modify or add "blocks" of ip addresses for a specific country or region, or company, etc. any method you would like to use to generalize several ip addresses at once. That's at the more advanced level.

-The more simple level, or newbie level, would be the ability to have a section allowing you to have a dropdown menu to "block from:" and you select your country you want to block or region (ranging from an entire country, maybe a city in the country...if you really wanted to go that deep, have fun finding the ip ranges for city specific blocks though, or maybe even several countries grouped together). and then you apply and it adds the:

deny from *whatever*

lines from each and every country included in that dropdown menu.

-Also adding a basic firewall section, where I can click a set in a dropdown menu that will either lock my site down more with various htaccess commands or whatever you can do WITHOUT SERVER ACCESS (only cpanel or below).

The audience i would see this working with is with hosted sites where the owner only has access to cpanel or not even that, and MAYBE ftp (depending on the host), and is hosted on a shared server.

Whereas, someone who has their own server wouldn't really have to worry about this because they can obviously setup their own firewall that'd be much much more productive and efficient.

Any ideas? Suggestions? yea? nea?
I forgot to note, that i think it'd be relatively easy to create a script to access some of the many many sites that have up-to-date ip addresses for entire countries (it'd be relatively easy to input and update country ip lists that you have blocked-unfortunately, it would dependant on how secure the site you're pulling your information from is so that you don't get cross script attacked).

as well, a good idea for how to implement this would be to have TWO files, your htaccess file, and a simple text file. The htaccess file only has one entry from the forum (to import from the text file) all information from the text file is imported into the htaccess file (or it reads from there) so that you're not constantly changing your htaccess file and don't have to worry about your own entries to the htaccess file being erased everytime you edit your text file. So the idea is that everytime you edit anything in the forum firewall, it changes that text file, but it wipes it clean, and fills in what you've changed with, this wya you don't have double entries, and still get the security you want without clogging up your htacess file.
htaccess is best edited by FTP

Any mistake while in admincp will render your site unavailable including the admincp you are trying to use.

This is not a good idea at all.
hmmmmm ok. I understand. Well, in that case, would there be any information you could provide in which one could possibly make "links" in the htaccess file, for example:

deny from *china*

which links to a file containing ip addresses of only china which can be quickly updated?
If it did stuff up you could easily replace the htaccess file with a new one or you could just ip ban china but that wouldn't stop them from pinging would banning them in hosting cpanel ban them from ping?
This will not allow you to block certain countries (you can do that in 5 minutes by editing .htaccess) but it will make sure your administrators accounts are correct. If something's wrong, backups the database and locks the forum to everyone.
Not a firewall plugin like you wanted but helps you to protect your forum I guess

Try this site for blocking countries. I've never used it so I don't know if it is reliable
Hey Pirarta. Sounds quite interesting.
You got a download link now or we have to wait for approval?
Wait for approval. I don't like to have downloads hosted in different places Tongue
(Jul 21, 2009, 04:53 AM)Dark Legend Wrote: [ -> ]If it did stuff up you could easily replace the htaccess file with a new one or you could just ip ban china but that wouldn't stop them from pinging would banning them in hosting cpanel ban them from ping?

htaccess isn't a dynamic file. You can't include anything into it.

You grab an htaccess deny file from a block country site and add it. It's a simple procedure.
I just uninstalled CSF firewall plugin for Da..i think i need another

rhinestone motif