add feature remove allow

jpeters · Post by **jpeters** » 17 Jun 2010, 16:30

i would like to see a option to remove a ip address in the allow list.
same whay as deny ... also in cluster env..

i have some ip addresses in the allow list (several servers).. client has other ip address and now i can easy add his new ip address, but to remove the previues ip address i have to go every CSF server by hand..

basicly al features to add a ip address also a feature to remove (single and cluster)

ckh · Post by **ckh** » 17 Jun 2010, 19:15

You can use the configuration option, GLOBAL_ALLOW to specify an allow file for all of your servers to use. Then simply edit the file adding/removing as necessary and all of your servers will be updated.

jpeters · Post by **jpeters** » 17 Jun 2010, 20:36

that is a security issue because the global list needs to be accessable over http:
so if anyone finds the url it can access it.
using IP spoofing and bingo..

i think the requested features inside the webinterface is a better option.

ckh · Post by **ckh** » 17 Jun 2010, 20:57

And how are they going to find the URL? Just make a directory with some random characters/numbers then make the file name something with some random characters/numbers and you shouldn't have a problem. If you don't put the URL in a web page where it can be spidered, then it would be practically impossible to find unless the hosting account was hacked, which then you'd have more problems than just the allow file.

I don't believe IP spoofing will work the way you are saying here. If a packet is sent to a server using a spoofed IP, the reply would go to the actual IP and not the machine where the spoofed IP originated on.

jpeters · Post by **jpeters** » 18 Jun 2010, 15:27

user friendly in the webinterface so you can make changes on that specific server or al the servers inside the cluster.

also i am more flexible on what servers ..