Support Forums - View Thread

View Thread

The following is the text of the current message along with any replies.

Messages 1 to 10 of 10 total

Accept or drop connections by EWB server based on county (Using IP address)

Thu, Jan 5 2023 7:08 AM	Permanent Link
George	Is it possible to filter requests received by the server with the aim to drop those coming from particular countries ?(e.g. after running a geolocation request which will determine the country)
Thu, Jan 5 2023 3:43 PM	Permanent Link
erickengelke	George wrote: > Is it possible to filter requests received by the server with the aim to drop those coming from particular > countries ?(e.g. after running a geolocation request which will determine the country) Sure, but geolocating is either hard to do, or expensive to do carefully. While you can try to filter requests, many people (good and bad) use VPNs which can give them a presence in another country, making geo-walls very hard to police. Erick EWB Programming Books and Component Library http://www.erickengelke.com
Thu, Jan 5 2023 4:39 PM	Permanent Link
George	erickengelke wrote: > Sure, but geolocating is either hard to do, or expensive to do carefully. While you can try to filter requests, many > people (good and bad) use VPNs which can give them a presence in another country, making geo-walls very hard > to police. I understand the various limitations, even with reduced accuracy how can I implement this in EWB server? Is there an event which will give the ability to drop the connection before sending back any data?
Fri, Jan 6 2023 6:48 AM	Permanent Link
Ralf Mimoun	Are you limited to the EWB server as the system reachable from the outside? I have put a nginx webserver in front of my EWB server (mostly to have something the customers have heard of at the front, but also because my EWB server started to eat up CPU cycles after a day or two when using https). You can do any filtering you want and fill find tons of tutorials, and you get SSL termination for free.
Sat, Jan 7 2023 6:29 AM	Permanent Link
George	Ralf Mimoun wrote: >Are you limited to the EWB server as the system reachable from the outside? I have put a nginx webserver in front >of my EWB server (mostly to have something the customers have heard of at the front, but also because my EWB >server started to eat up CPU cycles after a day or two when using https). You can do any filtering you want and fill >find tons of tutorials, and you get SSL termination for free. Thanks for the tip Ralf , I am actually facing the same issue as you. I have started going through the nginx documentation. Any quick hints where should I focus first?
Sat, Jan 7 2023 9:32 AM	Permanent Link
erickengelke	George wrote: > Thanks for the tip Ralf , I am actually facing the same issue as you. I have started going through > the nginx documentation. Any quick hints where should I focus first? Try this: https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-by-geoip/ EWB Programming Books and Component Library http://www.erickengelke.com
Sun, Jan 8 2023 10:07 AM	Permanent Link
George	erickengelke wrote: George wrote: Thanks for the tip Ralf , I am actually facing the same issue as you. I have started going through the nginx documentation. Any quick hints where should I focus first? Try this: https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-by-geoip/ EWB Programming Books and Component Library http://www.erickengelke.com Thanks Erick
Mon, Jan 9 2023 9:01 AM	Permanent Link
Ralf Mimoun	George wrote: Thanks for the tip Ralf , I am actually facing the same issue as you. I have started going through the nginx documentation. Any quick hints where should I focus first? That's what I have in my nginx.conf file: 1. Use EWB Server as backend (configured to port 8088 in ewbsrvr.ini, no ssl): http { upstream backend { server 127.0.0.1:8088; } 2. Config certificate and backend server { listen 443 ssl; server_name localhost; client_max_body_size 16M; ssl_certificate "<path to crt file>"; ssl_certificate_key "<path to key file>"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://backend; } } It runs like that for months and is 100% stable. Of course, the nginx log is full of attempts of bad guys to find some gaps like eg. old PHP versions.
Mon, Jan 9 2023 9:49 AM	Permanent Link
Ralf Mimoun	Ah, I almost forgot something: client_max_body_size 16M; is needed so that you can upload your app through nginx to the ewb server.16 MB should be plenty for the html+js files.
Mon, Jan 9 2023 3:56 PM	Permanent Link
George	Ralf Mimoun wrote: Ah, I almost forgot something: client_max_body_size 16M; is needed so that you can upload your app through nginx to the ewb server.16 MB should be plenty for the html+js files. Thanks a lot Ralf, this will give me a quick start!