mirror of
https://github.com/SubleXBle/Fail2Ban-Report.git
synced 2026-02-05 00:08:27 -06:00
Update block-ip.php
This commit is contained in:
SubleXBle
@@ -1,37 +1,9 @@
|
||||
<?php
|
||||
// includes/block-ip.php
|
||||
|
||||
/**
|
||||
* Blocks one or multiple IP addresses by adding them to their jail-specific blocklist JSON files.
|
||||
*
|
||||
* @param string|array $ips IP address or array of IP addresses to block.
|
||||
* @param string $jail Fail2Ban jail/context name (optional).
|
||||
* @param string $source Who triggered the block (e.g. 'manual', 'report', etc.)
|
||||
* @return array Result array or array of results with 'success', 'message' and 'type'.
|
||||
*/
|
||||
|
||||
// auth
|
||||
/*
|
||||
require_once __DIR__ . '/auth.php';
|
||||
|
||||
header('Content-Type: application/json');
|
||||
|
||||
if (!is_admin()) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'error' => 'Unauthorized: Only admin can perform this action.'
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
*/
|
||||
// end auth
|
||||
|
||||
|
||||
|
||||
require_once __DIR__ . "/paths.php";
|
||||
|
||||
function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
// Admin-Check
|
||||
if (!is_admin()) {
|
||||
return [
|
||||
'success' => false,
|
||||
@@ -40,6 +12,7 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
];
|
||||
}
|
||||
|
||||
global $ARCHIVE_ROOT; // Archive-Root
|
||||
$results = [];
|
||||
|
||||
if (!is_array($ips)) {
|
||||
@@ -49,7 +22,6 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
foreach ($ips as $ip) {
|
||||
$ip = trim($ip);
|
||||
|
||||
// Validate IP address format
|
||||
if (!filter_var($ip, FILTER_VALIDATE_IP)) {
|
||||
$results[] = [
|
||||
'ip' => $ip,
|
||||
@@ -62,14 +34,12 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
|
||||
// Sanitize jail name
|
||||
$safeJail = strtolower(preg_replace('/[^a-z0-9_-]/', '', $jail));
|
||||
if ($safeJail === '') {
|
||||
$safeJail = 'unknown';
|
||||
}
|
||||
if ($safeJail === '') $safeJail = 'unknown';
|
||||
|
||||
// path to Blocklist
|
||||
$jsonFile = $GLOBALS["PATHS"]["blocklists"] . $safeJail . ".blocklist.json";
|
||||
$lockFile = "/tmp/{$safeJail}.blocklist.lock";
|
||||
|
||||
// Open lock file
|
||||
$lockHandle = fopen($lockFile, 'c');
|
||||
if (!$lockHandle) {
|
||||
$results[] = [
|
||||
@@ -92,17 +62,14 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Load existing JSON
|
||||
// load used blocklist
|
||||
$data = [];
|
||||
if (file_exists($jsonFile)) {
|
||||
$existing = file_get_contents($jsonFile);
|
||||
$data = json_decode($existing, true);
|
||||
if (!is_array($data)) {
|
||||
$data = []; // fallback if file is corrupted
|
||||
}
|
||||
if (!is_array($data)) $data = [];
|
||||
}
|
||||
|
||||
// Check if IP already exists
|
||||
$found = false;
|
||||
foreach ($data as &$item) {
|
||||
if ($item['ip'] === $ip) {
|
||||
@@ -110,23 +77,17 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
if (!isset($item['active']) || $item['active'] === false) {
|
||||
$item['active'] = true;
|
||||
$item['lastModified'] = date('c');
|
||||
if (file_put_contents($jsonFile, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)) === false) {
|
||||
flock($lockHandle, LOCK_UN);
|
||||
fclose($lockHandle);
|
||||
$results[] = [
|
||||
'ip' => $ip,
|
||||
'success' => false,
|
||||
'message' => "[WRITE] Failed to write to {$safeJail}.blocklist.json.",
|
||||
'type' => 'error'
|
||||
];
|
||||
continue 2;
|
||||
}
|
||||
file_put_contents($jsonFile, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));
|
||||
|
||||
// --- Update update.json ---
|
||||
updateClientJson($jsonFile, $safeJail);
|
||||
|
||||
flock($lockHandle, LOCK_UN);
|
||||
fclose($lockHandle);
|
||||
$results[] = [
|
||||
'ip' => $ip,
|
||||
'success' => true,
|
||||
'message' => "IP $ip was reactivated in {$safeJail}.blocklist.json.",
|
||||
'message' => "IP $ip reactivated in {$safeJail}.blocklist.json.",
|
||||
'type' => 'success'
|
||||
];
|
||||
continue 2;
|
||||
@@ -136,7 +97,7 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
$results[] = [
|
||||
'ip' => $ip,
|
||||
'success' => true,
|
||||
'message' => "IP $ip is already active in {$safeJail}.blocklist.json.",
|
||||
'message' => "IP $ip already active in {$safeJail}.blocklist.json.",
|
||||
'type' => 'info'
|
||||
];
|
||||
continue 2;
|
||||
@@ -145,7 +106,7 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
}
|
||||
unset($item);
|
||||
|
||||
// Add new entry if not found
|
||||
// add new ip
|
||||
if (!$found) {
|
||||
$entry = [
|
||||
'ip' => $ip,
|
||||
@@ -161,33 +122,23 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
];
|
||||
$data[] = $entry;
|
||||
|
||||
if (file_put_contents($jsonFile, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)) === false) {
|
||||
flock($lockHandle, LOCK_UN);
|
||||
fclose($lockHandle);
|
||||
$results[] = [
|
||||
'ip' => $ip,
|
||||
'success' => false,
|
||||
'message' => "[WRITE] Failed to write to {$safeJail}.blocklist.json.",
|
||||
'type' => 'error'
|
||||
];
|
||||
continue;
|
||||
}
|
||||
file_put_contents($jsonFile, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));
|
||||
|
||||
// --- Update update.json ---
|
||||
updateClientJson($jsonFile, $safeJail);
|
||||
|
||||
flock($lockHandle, LOCK_UN);
|
||||
fclose($lockHandle);
|
||||
$results[] = [
|
||||
'ip' => $ip,
|
||||
'success' => true,
|
||||
'message' => "IP $ip was successfully added to {$safeJail}.blocklist.json.",
|
||||
'message' => "IP $ip added to {$safeJail}.blocklist.json.",
|
||||
'type' => 'success'
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
// Flatten result if only one entry
|
||||
if (count($results) === 1) {
|
||||
return $results[0];
|
||||
}
|
||||
if (count($results) === 1) return $results[0];
|
||||
|
||||
return [
|
||||
'success' => true,
|
||||
@@ -196,3 +147,35 @@ function blockIp($ips, $jail = 'unknown', $source = 'manual') {
|
||||
'type' => 'success'
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* set Update-Flag in update.json in Archive-Root.
|
||||
*
|
||||
* @param string $blocklistFile Pfad der Blocklist, um Servernamen zu extrahieren
|
||||
* @param string $jail Blocklist-Name
|
||||
*/
|
||||
function updateClientJson($blocklistFile, $jail) {
|
||||
global $ARCHIVE_ROOT;
|
||||
|
||||
// Servername from path
|
||||
$relativePath = str_replace($ARCHIVE_ROOT, '', $blocklistFile);
|
||||
$parts = explode('/', $relativePath);
|
||||
$server = $parts[0] ?? 'unknown';
|
||||
|
||||
$updateFile = $ARCHIVE_ROOT . 'update.json';
|
||||
if (!is_dir($ARCHIVE_ROOT)) mkdir($ARCHIVE_ROOT, 0755, true);
|
||||
|
||||
// Load or initialize
|
||||
if (file_exists($updateFile)) {
|
||||
$update_data = json_decode(file_get_contents($updateFile), true);
|
||||
if (!is_array($update_data)) $update_data = [];
|
||||
} else {
|
||||
$update_data = [];
|
||||
}
|
||||
|
||||
if (!isset($update_data[$server])) $update_data[$server] = [];
|
||||
|
||||
$update_data[$server][$jail . '.blocklist.json'] = true;
|
||||
|
||||
file_put_contents($updateFile, json_encode($update_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user