Black List IP plug

kotolex_23 · August 13, 2023, 11:26am

Hey!
I try to create black list for ip in my Phoenix app, I already have DB and function to check is ip in black list or not. What is the right way to do it?

If i try plug

def ip_check(conn, _opts) do
    real_ip = Helpers.ip_to_str(conn.remote_ip)
    conn =
      if is_ip_blocked?(real_ip) do
        conn |> halt()
      else
        conn
      end

    IO.inspect(conn)
    conn
  end

on connection i get exception

[debug] Phoenix.Router halted in :browser/2
[error] #PID<0.707.0> running Phoenix.Endpoint.SyncCodeReloadPlug (connection #PID<0.706.0>, stream id 1) terminated
Server: localhost:4000 (http)
Request: GET /
** (exit) an exception was raised:
    ** (Plug.Conn.NotSentError) a response was neither set nor sent from the connection

benwilson512 · August 13, 2023, 11:38am

Hey @kotolex_23 you still need to send a response to the client like conn |> send_resp(403, "forbidden").

fuelen · August 13, 2023, 11:38am

You should send something as a response before |> halt():

conn
|> send_resp(:unauthorized, "Unauthorized")
|> halt()

kotolex_23 · August 13, 2023, 11:40am

thanx guys!

andreaseriksson · August 13, 2023, 12:20pm

Not really what you asked for but check out Plug attack GitHub - michalmuskala/plug_attack: A plug building toolkit for blocking and throttling abusive requests

Also, Cloudflare has a good (free?) service for this.

dimitarvp · August 13, 2023, 12:28pm

That repo amusingly had 403 stars before I made them 404.

kotolex_23 · August 13, 2023, 1:32pm

useful, thx

LostKobrakai · August 13, 2023, 4:05pm

realcorvus · August 13, 2023, 4:41pm

^ thanks for linking this talk. If you’re looking for a commercial solution, Paraxial.io does this along with some additional security features, like blocking cloud data center IPs, which are often malicious.