-
Notifications
You must be signed in to change notification settings - Fork 0
5.3 Filters Example Ip2location
Gurdeep Singh (Guru) edited this page Aug 11, 2024
·
1 revision
Filter Type: ip2location Let's take this scenario:
- Your web resource should be only accessible from the city of Melbourne, which is in the state of Victoria in country Australia
- It should also be accessible from the state of New South Wales (Proxy connections should be blocked)
- The rest of Australia should be blocked access.
- The rest of the world will be blocked using default filter set in configuration.
Note: You need to have ip2location configuration set in order for this filter type to work properly Note: Please download the BIN files using the CLI tool. See documentation for how to run the commands and grab the file from ip2location. Document 6. Ip2location BIN Files
admin@phpterminal:firewall(config)# filter add allow ip2location au:victoria:melbourne
Filter added successfully
FILTER ADD ALLOW IP2LOCATION AU:VICTORIA:MELBOURNE OUTPUT
NEWFILTER > FILTER_TYPE : allow
NEWFILTER > ADDRESS_TYPE : ip2location
NEWFILTER > ADDRESS : au:victoria:melbourne
NEWFILTER > IP2LOCATION_PROXY : allow
NEWFILTER > UPDATED_BY : 1
NEWFILTER > UPDATED_AT : 1723389778
NEWFILTER > HIT_COUNT : 0
NEWFILTER > PARENT_ID : null
NEWFILTER > ID : 1
admin@phpterminal:firewall(config)# filter add allow ip2location au:new south wales block-proxy
Filter added successfully
FILTER ADD ALLOW IP2LOCATION AU:NEW SOUTH WALES BLOCK-PROXY OUTPUT
NEWFILTER > FILTER_TYPE : allow
NEWFILTER > ADDRESS_TYPE : ip2location
NEWFILTER > ADDRESS : au:new south wales
NEWFILTER > IP2LOCATION_PROXY : block
NEWFILTER > UPDATED_BY : 1
NEWFILTER > UPDATED_AT : 1723389794
NEWFILTER > HIT_COUNT : 0
NEWFILTER > PARENT_ID : null
NEWFILTER > ID : 2
admin@phpterminal:firewall(config)# filter add block ip2location au
Filter added successfully
FILTER ADD BLOCK IP2LOCATION AU OUTPUT
NEWFILTER > FILTER_TYPE : block
NEWFILTER > ADDRESS_TYPE : ip2location
NEWFILTER > ADDRESS : au
NEWFILTER > IP2LOCATION_PROXY : allow
NEWFILTER > UPDATED_BY : 1
NEWFILTER > UPDATED_AT : 1723389809
NEWFILTER > HIT_COUNT : 0
NEWFILTER > PARENT_ID : null
NEWFILTER > ID : 3
admin@phpterminal:firewall(config)# exit
admin@phpterminal:firewall# show filters
+-------+-----------------+-----------------+-----------------------+------------+------------+----------------------------+----------------------------+-------------------------------+
| ID | FILTER_TYPE | ADDRESS_TYPE | ADDRESS | IP_HITS | HIT_COUNT | UPDATED_BY | UPDATED_AT | IP2LOCATION_PROXY |
+-------+-----------------+-----------------+-----------------------+------------+------------+----------------------------+----------------------------+-------------------------------+
| 1 | allow | ip2location | au:victoria:melbourne | 0 | 0 | Administrator | 2024-08-11 15:22:58 | allow |
| 2 | allow | ip2location | au:new south wales | 0 | 0 | Administrator | 2024-08-11 15:23:14 | block |
| 3 | block | ip2location | au | 0 | 0 | Administrator | 2024-08-11 15:23:29 | allow |
+-------+-----------------+-----------------+-----------------------+------------+------------+----------------------------+----------------------------+-------------------------------+
Showing record : 3/3. Page : 1/1.
admin@phpterminal:firewall# $newFilter = $firewall->addFilter(
[
'filter_type' => 'allow',
'address_type' => 'ip2location',
'address' => 'au:victoria:melbourne'
]
);
var_dump($newFilter);
// OUTPUT
// /var/www/html/projects/phpfw/index.php:16:
array (size=9)
'filter_type' => string 'allow' (length=5)
'address_type' => string 'ip2location' (length=11)
'address' => string 'au:victoria:melbourne' (length=21)
'ip2location_proxy' => string 'allow' (length=5)
'updated_by' => int 0
'updated_at' => int 1723389980
'parent_id' => null
'hit_count' => int 0
'id' => int 1
$newFilter = $firewall->addFilter(
[
'filter_type' => 'allow',
'address_type' => 'ip2location',
'address' => 'au:new south wales',
'ip2location_proxy' => 'block'
]
);
var_dump($newFilter);
// OUTPUT
// /var/www/html/projects/phpfw/index.php:16:
array (size=9)
'filter_type' => string 'allow' (length=5)
'address_type' => string 'ip2location' (length=11)
'address' => string 'au:new south wales' (length=18)
'ip2location_proxy' => string 'block' (length=5)
'updated_by' => int 0
'updated_at' => int 1723390067
'parent_id' => null
'hit_count' => int 0
'id' => int 2
$newFilter = $firewall->addFilter(
[
'filter_type' => 'block',
'address_type' => 'ip2location',
'address' => 'au',
]
);
var_dump($newFilter);
// OUTPUT
// /var/www/html/projects/phpfw/index.php:16:
array (size=9)
'filter_type' => string 'block' (length=5)
'address_type' => string 'ip2location' (length=11)
'address' => string 'au' (length=2)
'ip2location_proxy' => string 'allow' (length=5)
'updated_by' => int 0
'updated_at' => int 1723390155
'parent_id' => null
'hit_count' => int 0
'id' => int 3Once the above entries are created, we can check if they are being hit.
Here are 4 IP addresses that we will test
- 144.48.38.173 : Ip address of a service provider in Melbourne, Victoria, Australia. This IP should be allowed
- 86.48.8.224 : IP address of a service provider in Sydney, New South Wales, Australia. This IP should be allowed
- 43.255.45.131 : Ip address of a service provider in New South Wales Public Proxy. This IP should be blocked
- 116.90.72.78 : Ip address of a service provider in South Australia. This Ip should be blocked.
- 182.65.108.147 : Ip address of s service provider in India. This IP should be blocked via default filter.
admin@phpterminal:firewall# show filters
+-------+-----------------+-----------------+-----------------------+------------+------------+----------------------------+----------------------------+-------------------------------+
| ID | FILTER_TYPE | ADDRESS_TYPE | ADDRESS | IP_HITS | HIT_COUNT | UPDATED_BY | UPDATED_AT | IP2LOCATION_PROXY |
+-------+-----------------+-----------------+-----------------------+------------+------------+----------------------------+----------------------------+-------------------------------+
| 1 | allow | ip2location | au:victoria:melbourne | 0 | 0 | 0 | 2024-08-11 15:26:20 | allow |
| 2 | allow | ip2location | au:new south wales | 0 | 0 | 0 | 2024-08-11 15:27:47 | block |
| 4 | block | ip2location | au | 0 | 0 | 0 | 2024-08-11 15:29:15 | allow |
+-------+-----------------+-----------------+-----------------------+------------+------------+----------------------------+----------------------------+-------------------------------+
Showing record : 3/3. Page : 1/1.
admin@phpterminal:firewall# show filters default
Firewall has no filters!Check 144.48.38.173
admin@phpterminal:firewall# check ip 144.48.38.173
144.48.38.173 address found in ip2locationAPI database. It took 0.53114199638367(s) and 65.52 kb of memory.
Allowed
CHECK IP 144.48.38.173 OUTPUT
DEFAULT_FILTER : No
FILTER > FILTER_TYPE : allow
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 144.48.38.173
FILTER > IP2LOCATION_PROXY : allow
FILTER > UPDATED_BY : 0
FILTER > UPDATED_AT : 1723390831
FILTER > PARENT_ID : 1
FILTER > HIT_COUNT : 0
FILTER > ID : 5
FILTER > PARENT_FILTER > FILTER_TYPE : allow
FILTER > PARENT_FILTER > ADDRESS_TYPE : ip2location
FILTER > PARENT_FILTER > ADDRESS : au:victoria:melbourne
FILTER > PARENT_FILTER > IP2LOCATION_PROXY : allow
FILTER > PARENT_FILTER > UPDATED_BY : 0
FILTER > PARENT_FILTER > UPDATED_AT : 1723389980
FILTER > PARENT_FILTER > PARENT_ID : null
FILTER > PARENT_FILTER > HIT_COUNT : 0
FILTER > PARENT_FILTER > ID : 1
admin@phpterminal:firewall# show filter 1
SHOW FILTER 1 OUTPUT
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
| ID | FILTER_TYPE | ADDRESS_TYPE | ADDRESS (PARENT) | HIT_COUNT | UPDATED_BY | UPDATED_AT |
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
| 1 | allow | ip2location | au:victoria:melbourne | 1 | 0 | 2024-08-11 15:26:20 |
| 5 | allow | host | 144.48.38.173 (au:victoria:melbourne) | 1 | 0 | 2024-08-11 15:40:31 |
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
admin@phpterminal:firewall# check ip 144.48.38.173
144.48.38.173 address found in indexes. It took 0.0014619827270508(s) and 4.35 kb of memory.
Allowed
CHECK IP 144.48.38.173 OUTPUT
DEFAULT_FILTER : No
FILTER > FILTER_TYPE : allow
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 144.48.38.173
FILTER > IP2LOCATION_PROXY : allow
FILTER > UPDATED_BY : 0
FILTER > UPDATED_AT : 1723390831
FILTER > PARENT_ID : 1
FILTER > HIT_COUNT : 1
FILTER > ID : 5
FILTER > PARENT_FILTER > FILTER_TYPE : allow
FILTER > PARENT_FILTER > ADDRESS_TYPE : ip2location
FILTER > PARENT_FILTER > ADDRESS : au:victoria:melbourne
FILTER > PARENT_FILTER > IP2LOCATION_PROXY : allow
FILTER > PARENT_FILTER > UPDATED_BY : 0
FILTER > PARENT_FILTER > UPDATED_AT : 1723389980
FILTER > PARENT_FILTER > PARENT_ID : null
FILTER > PARENT_FILTER > HIT_COUNT : 1
FILTER > PARENT_FILTER > ID : 1NOTE: When we checked the ip address again, it was indexed. Look at the time it took to respond. From 500ms (API call) to .001ms
Check 86.48.8.224
admin@phpterminal:firewall# check ip 86.48.8.224
86.48.8.224 address found in ip2locationAPI database. It took 0.58013105392456(s) and 72.41 kb of memory.
Allowed
CHECK IP 86.48.8.224 OUTPUT
DEFAULT_FILTER : No
FILTER > FILTER_TYPE : allow
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 86.48.8.224
FILTER > IP2LOCATION_PROXY : block
FILTER > UPDATED_BY : 0
FILTER > UPDATED_AT : 1723391074
FILTER > PARENT_ID : 2
FILTER > HIT_COUNT : 0
FILTER > ID : 6
FILTER > PARENT_FILTER > FILTER_TYPE : allow
FILTER > PARENT_FILTER > ADDRESS_TYPE : ip2location
FILTER > PARENT_FILTER > ADDRESS : au:new south wales
FILTER > PARENT_FILTER > IP2LOCATION_PROXY : block
FILTER > PARENT_FILTER > UPDATED_BY : 0
FILTER > PARENT_FILTER > UPDATED_AT : 1723390067
FILTER > PARENT_FILTER > PARENT_ID : null
FILTER > PARENT_FILTER > HIT_COUNT : 0
FILTER > PARENT_FILTER > ID : 2
admin@phpterminal:firewall# show filter 2
SHOW FILTER 2 OUTPUT
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
| ID | FILTER_TYPE | ADDRESS_TYPE | ADDRESS (PARENT) | HIT_COUNT | UPDATED_BY | UPDATED_AT |
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
| 2 | allow | ip2location | au:new south wales | 1 | 0 | 2024-08-11 15:27:47 |
| 6 | allow | host | 86.48.8.224 (au:new south wales) | 1 | 0 | 2024-08-11 15:44:34 |
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
admin@phpterminal:firewall# check ip 86.48.8.224
86.48.8.224 address found in indexes. It took 0.0010991096496582(s) and 4.35 kb of memory.
Allowed
CHECK IP 86.48.8.224 OUTPUT
DEFAULT_FILTER : No
FILTER > FILTER_TYPE : allow
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 86.48.8.224
FILTER > IP2LOCATION_PROXY : block
FILTER > UPDATED_BY : 0
FILTER > UPDATED_AT : 1723391074
FILTER > PARENT_ID : 2
FILTER > HIT_COUNT : 1
FILTER > ID : 6
FILTER > PARENT_FILTER > FILTER_TYPE : allow
FILTER > PARENT_FILTER > ADDRESS_TYPE : ip2location
FILTER > PARENT_FILTER > ADDRESS : au:new south wales
FILTER > PARENT_FILTER > IP2LOCATION_PROXY : block
FILTER > PARENT_FILTER > UPDATED_BY : 0
FILTER > PARENT_FILTER > UPDATED_AT : 1723390067
FILTER > PARENT_FILTER > PARENT_ID : null
FILTER > PARENT_FILTER > HIT_COUNT : 1
FILTER > PARENT_FILTER > ID : 2
admin@phpterminal:firewall# Check 43.255.45.131 - Proxy IP
admin@phpterminal:firewall# check ip 43.255.45.131
43.255.45.131 address found in ip2locationAPI database. It took 0.64549899101257(s) and 97.55 kb of memory.
Blocked
CHECK IP 43.255.45.131 OUTPUT
DEFAULT_FILTER : No
FILTER > FILTER_TYPE : block
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 43.255.45.131
FILTER > IP2LOCATION_PROXY : block
FILTER > UPDATED_BY : 1
FILTER > UPDATED_AT : 1723395666
FILTER > HIT_COUNT : 0
FILTER > PARENT_ID : 2
FILTER > ID : 6
FILTER > PARENT_FILTER > FILTER_TYPE : allow
FILTER > PARENT_FILTER > ADDRESS_TYPE : ip2location
FILTER > PARENT_FILTER > ADDRESS : au:new south wales
FILTER > PARENT_FILTER > IP2LOCATION_PROXY : block
FILTER > PARENT_FILTER > UPDATED_BY : 1
FILTER > PARENT_FILTER > UPDATED_AT : 1723395563
FILTER > PARENT_FILTER > HIT_COUNT : 2
FILTER > PARENT_FILTER > PARENT_ID : null
FILTER > PARENT_FILTER > ID : 2
admin@phpterminal:firewall# show filter 2
SHOW FILTER 2 OUTPUT
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
| ID | FILTER_TYPE | ADDRESS_TYPE | ADDRESS (PARENT) | HIT_COUNT | UPDATED_BY | UPDATED_AT |
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
| 2 | allow | ip2location | au:new south wales | 3 | Administrator | 2024-08-11 16:59:23 |
| 6 | block | host | 43.255.45.131 (au:new south wales) | 1 | Administrator | 2024-08-11 17:01:06 |
| 5 | allow | host | 86.48.8.224 (au:new south wales) | 2 | Administrator | 2024-08-11 17:00:31 |
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
admin@phpterminal:firewall# check ip 43.255.45.131
43.255.45.131 address found in indexes. It took 0.0007789134979248(s) and 4.35 kb of memory.
Blocked
CHECK IP 43.255.45.131 OUTPUT
DEFAULT_FILTER : No
FILTER > FILTER_TYPE : block
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 43.255.45.131
FILTER > IP2LOCATION_PROXY : block
FILTER > UPDATED_BY : 1
FILTER > UPDATED_AT : 1723395666
FILTER > HIT_COUNT : 1
FILTER > PARENT_ID : 2
FILTER > ID : 6
FILTER > PARENT_FILTER > FILTER_TYPE : allow
FILTER > PARENT_FILTER > ADDRESS_TYPE : ip2location
FILTER > PARENT_FILTER > ADDRESS : au:new south wales
FILTER > PARENT_FILTER > IP2LOCATION_PROXY : block
FILTER > PARENT_FILTER > UPDATED_BY : 1
FILTER > PARENT_FILTER > UPDATED_AT : 1723395563
FILTER > PARENT_FILTER > HIT_COUNT : 3
FILTER > PARENT_FILTER > PARENT_ID : null
FILTER > PARENT_FILTER > ID : 2
admin@phpterminal:firewall# In the above example you can see that IP address 43.255.45.131, which is from New South Wales is still blocked even when the filter is set to allow. This is because 43.255.45.131 is a proxy IP address.
check 116.90.72.78
admin@phpterminal:firewall# check ip 116.90.72.78
116.90.72.78 address found in ip2locationAPI database. It took 0.68876004219055(s) and 108.94 kb of memory.
Blocked
CHECK IP 116.90.72.78 OUTPUT
DEFAULT_FILTER : No
FILTER > FILTER_TYPE : block
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 116.90.72.78
FILTER > IP2LOCATION_PROXY : allow
FILTER > UPDATED_BY : 1
FILTER > UPDATED_AT : 1723395835
FILTER > HIT_COUNT : 0
FILTER > PARENT_ID : 3
FILTER > ID : 7
FILTER > PARENT_FILTER > FILTER_TYPE : block
FILTER > PARENT_FILTER > ADDRESS_TYPE : ip2location
FILTER > PARENT_FILTER > ADDRESS : au
FILTER > PARENT_FILTER > IP2LOCATION_PROXY : allow
FILTER > PARENT_FILTER > UPDATED_BY : 1
FILTER > PARENT_FILTER > UPDATED_AT : 1723395567
FILTER > PARENT_FILTER > HIT_COUNT : 0
FILTER > PARENT_FILTER > PARENT_ID : null
FILTER > PARENT_FILTER > ID : 3
admin@phpterminal:firewall# show filter 3
SHOW FILTER 3 OUTPUT
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
| ID | FILTER_TYPE | ADDRESS_TYPE | ADDRESS (PARENT) | HIT_COUNT | UPDATED_BY | UPDATED_AT |
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
| 3 | block | ip2location | au | 1 | Administrator | 2024-08-11 16:59:27 |
| 7 | block | host | 116.90.72.78 (au) | 1 | Administrator | 2024-08-11 17:03:55 |
+-------+-----------------+-----------------+----------------------------------------------------+------------+---------------------------+---------------------------+
admin@phpterminal:firewall# check ip 116.90.72.78
116.90.72.78 address found in indexes. It took 0.00075793266296387(s) and 4.34 kb of memory.
Blocked
CHECK IP 116.90.72.78 OUTPUT
DEFAULT_FILTER : No
FILTER > FILTER_TYPE : block
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 116.90.72.78
FILTER > IP2LOCATION_PROXY : allow
FILTER > UPDATED_BY : 1
FILTER > UPDATED_AT : 1723395835
FILTER > HIT_COUNT : 1
FILTER > PARENT_ID : 3
FILTER > ID : 7
FILTER > PARENT_FILTER > FILTER_TYPE : block
FILTER > PARENT_FILTER > ADDRESS_TYPE : ip2location
FILTER > PARENT_FILTER > ADDRESS : au
FILTER > PARENT_FILTER > IP2LOCATION_PROXY : allow
FILTER > PARENT_FILTER > UPDATED_BY : 1
FILTER > PARENT_FILTER > UPDATED_AT : 1723395567
FILTER > PARENT_FILTER > HIT_COUNT : 1
FILTER > PARENT_FILTER > PARENT_ID : null
FILTER > PARENT_FILTER > ID : 3
admin@phpterminal:firewall# The above IP is from South Australia. So, as expected, it will be blocked.
Check 182.65.108.147 - IP From India
admin@phpterminal:firewall# check ip 182.65.108.147
182.65.108.147 address found in default database. It took 0.0044550895690918(s) and 1.03 kb of memory.
Blocked
CHECK IP 182.65.108.147 OUTPUT
DEFAULT_FILTER : Yes
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 182.65.108.147
FILTER > HIT_COUNT : 1
FILTER > UPDATED_BY : 000
FILTER > UPDATED_AT : 1723395927
FILTER > FILTER_TYPE : block
FILTER > IP2LOCATION_PROXY : -
FILTER > PARENT_ID : null
FILTER > ID : 1
admin@phpterminal:firewall# show filters default
+-------+-----------------+-----------------+-----------------------------------------------+------------+---------------------------+---------------------------+----------------------+
| ID | FILTER_TYPE | ADDRESS_TYPE | ADDRESS | HIT_COUNT | UPDATED_BY | UPDATED_AT | IP2LOCATION_PROXY |
+-------+-----------------+-----------------+-----------------------------------------------+------------+---------------------------+---------------------------+----------------------+
| 1 | block | host | 182.65.108.147 | 1 | DEFAULT RULE | 2024-08-11 17:05:27 | - |
+-------+-----------------+-----------------+-----------------------------------------------+------------+---------------------------+---------------------------+----------------------+
Showing record : 1/1. Page : 1/1.
admin@phpterminal:firewall# check ip 182.65.108.147
182.65.108.147 address found in indexes. It took 0.0010077953338623(s) and 2.53 kb of memory.
Blocked
CHECK IP 182.65.108.147 OUTPUT
DEFAULT_FILTER : Yes
FILTER > ADDRESS_TYPE : host
FILTER > ADDRESS : 182.65.108.147
FILTER > HIT_COUNT : 1
FILTER > UPDATED_BY : 000
FILTER > UPDATED_AT : 1723395927
FILTER > FILTER_TYPE : block
FILTER > IP2LOCATION_PROXY : -
FILTER > PARENT_ID : null
FILTER > ID : 1
admin@phpterminal:firewall# You can see that we get "182.65.108.147 address found in default database" So, instead of matching any filters from the main database, we matched what we set via configuration. To entry is stored in a different database and is also indexed for faster lookups.