IP Whitelist
- Thread starter hehachris
- Start date
empowering
Verified User
me too. We monitor the DA port via nagios and don't want to give false errors from that IP.
Last edited:
- Joined
- Feb 27, 2003
- Messages
- 8,509
Hello,
Sure, I'll add an ip_whitelist file for the next relelase.
John
Sure, I'll add an ip_whitelist file for the next relelase.
John
- Joined
- Feb 27, 2003
- Messages
- 8,509
Hello,
I'm not able to duplicate that condition.. if the ip_blacklist has my ip, and the ip_whitelist is empty, I'm blocked. If the ip_whitelist is gone, also blocked.
Anoyone else getting the error? I'm not seeing it on my end.
John
I'm not able to duplicate that condition.. if the ip_blacklist has my ip, and the ip_whitelist is empty, I'm blocked. If the ip_whitelist is gone, also blocked.
Anoyone else getting the error? I'm not seeing it on my end.
John
chatwizrd
Verified User
- Joined
- Jul 3, 2005
- Messages
- 1,947
I am seeing the same thing. If ip_whitelist exists it is like the blacklist function is totally non existant. I am using freebsd 6.1.
It will totally ignore ip_blacklist if all you do is:
touch /usr/local/directadmin/data/admin/ip_whitelist
It will totally ignore ip_blacklist if all you do is:
touch /usr/local/directadmin/data/admin/ip_whitelist
- Joined
- Feb 27, 2003
- Messages
- 8,509
Hello,
Thanks for the info guy, except xemaps, no soup for you
I found the problem, the logic in the code is fine, it's just a permission error. There is a "check if path exists", then read in the files, but after the file (if exist) are read in, the read-in permission is set to "nobody". The initial "give me root" was then gone if the whitelist is checked, so "nobody" reading the blacklist can't see it, thus the list was essentially not there (which is valid.. a non-existant file is allowed).
The reason my intial test didn't find it is because the permissions on my admin folder are world readable. I tested on our freebsd 6.0 system which has tigher permissions, so I was able to see it
I'll make another release with the fix.
John
Thanks for the info guy, except xemaps, no soup for you
I found the problem, the logic in the code is fine, it's just a permission error. There is a "check if path exists", then read in the files, but after the file (if exist) are read in, the read-in permission is set to "nobody". The initial "give me root" was then gone if the whitelist is checked, so "nobody" reading the blacklist can't see it, thus the list was essentially not there (which is valid.. a non-existant file is allowed).
The reason my intial test didn't find it is because the permissions on my admin folder are world readable. I tested on our freebsd 6.0 system which has tigher permissions, so I was able to see it
I'll make another release with the fix.
John
?vandal
Verified User
where is this change available?
- Joined
- Feb 27, 2003
- Messages
- 8,509
Hello,
The feature is listed here:
http://www.directadmin.com/features.php?id=705
Make sure you're using at least 1.28.5.
John
The feature is listed here:
http://www.directadmin.com/features.php?id=705
Make sure you're using at least 1.28.5.
John
vandal
Verified User
Thanks John
tarquel
Verified User
um.... do we have to set permissions ourselves on the ip_whitelist file?
I had to create the file after the new update - never looked to see if it was there previously.
cheers
Nath.
I had to create the file after the new update - never looked to see if it was there previously.
cheers
Nath.
- Joined
- Feb 27, 2003
- Messages
- 8,509
DA reads the file as root. Anything greater than chmod 400 will work just fine
John
John