Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Error - You cannnot ban this IP - it is non-routable!  (Read 6437 times)

0 Members and 1 Guest are viewing this topic.

russian_knight

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Posts: 13
Error - You cannnot ban this IP - it is non-routable!
« on: June 22, 2004, 08:56:27 pm »

Hello. I got this message when i want to ban ip 10.151.112.26, for example. Why?
Thanks a lot!
Logged

Nibbler

  • Guest
Re: Error - You cannnot ban this IP - it is non-routable!
« Reply #1 on: June 22, 2004, 10:39:45 pm »

Because the internet standard RFC 1918 defines 10.xxx.xxx.xxx addresses to be private LAN addresses, and are not real internet addresses. If you like you can remove '10.', from the $illegal_ip array in banning.php, to allow coppermine to set a ban, but I'm not sure if it will work, the restriction is probably there for a good reason.
Logged

omniscientdeveloper

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 901
Re: Error - You cannnot ban this IP - it is non-routable!
« Reply #2 on: June 23, 2004, 12:59:44 am »

I vote to remote any unroutable ips from the ban list, just in case someone uses Coppermine for an intranet site that's setup on local-ips.


-omni
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Error - You cannnot ban this IP - it is non-routable!
« Reply #3 on: June 23, 2004, 05:42:02 am »

I added the non-routables to the ban list deliberately to avoid stupid users banning al lot of people. Imagine a silly person banning 192.168.x.x (the most common among home users afaik) - it would result in millions of pc's being banned.
But I'll add a switch in config to make it an admin settable option if you agree.

Gaugau
Logged

russian_knight

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Posts: 13
Re: Error - You cannnot ban this IP - it is non-routable!
« Reply #4 on: June 23, 2004, 07:41:53 am »

But I'll add a switch in config to make it an admin settable option if you agree.

Thank you. It will be nice if you post here a message when you do it and i coud get this file from cvs.

Yes, i`m using Coppermine in LAN and we all have these adresses.

By the way, in wich units (min\hour\day\week) i must add expire of ban?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Error - You cannnot ban this IP - it is non-routable!
« Reply #5 on: June 23, 2004, 08:38:26 am »

just edit banning.php, find
Code: [Select]
$illegal_ip = array('192.168.','10.','172.16.','172.17.','172.18.','172.19.','172.20.','172.21.','172.22.','172.23.','172.24.','172.25.','172.26.','172.27.','172.28.','172.29.','172.30.','172.31.','169.254.','127.', '192.0.','1.0.0.0','204.152.64.','204.152.65.'); and remove those entries from the list you want to be able to ban.

GauGau
Logged

omniscientdeveloper

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 901
Re: Error - You cannnot ban this IP - it is non-routable!
« Reply #6 on: June 23, 2004, 10:46:52 am »

Quote
it would result in millions of pc's being banned.

Not so. 192.168.x.x, 10.x.x.x, etc. don't get routed. Hence, unless Coppermine is installed somewhere local to the user's computer a LAN (not WAN) their computer won't be blocked. I have a 192 network setup at home, but my INTERNET ip is totally different. The ip being stored on my router, makes all my computers look like the same computer to the internet. If this ip is blocked, then none of my computers on my LAN can access the site. So, blocking  (or not being able to block) unroutable ips only affects users that have Coppermine installed on a LAN, not a server hosted on the internet ( WAN ). :)


-omni
« Last Edit: June 23, 2004, 10:54:05 am by omniscientdeveloper »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Error - You cannnot ban this IP - it is non-routable!
« Reply #7 on: June 23, 2004, 06:08:25 pm »

sure, but we're talking about an intranet, don't we? My company's intranet is on the WAN, all clients IP addresses get routed inside our net. If I ban a client by his IP address, he is banned. Of course the local IP # get translated (NAT) when accessing the internet...

GauGau
Logged

omniscientdeveloper

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 901
Re: Error - You cannnot ban this IP - it is non-routable!
« Reply #8 on: June 24, 2004, 01:13:43 am »

Quote
My company's intranet is on the WAN, all clients IP addresses get routed inside our net.

Right. You can have a LAN on WAN only through the use of VPNs. The point is that if you have Coppermine installed on your LAN, it'll only be accessible by people on your LAN, unless you do some forwarding to allow people outside to access it, in which case they're accessing a totally different IP via the WAN, since the LAN address is unroutable.

Quote
If I ban a client by his IP address, he is banned. Of course the local IP # get translated (NAT) when accessing the internet

Exactly. If the server (where Coppermine is hosted) is on the LAN this will work. If the server in on a WAN, it won't. If the client computer's ip is unroutable, they'll be using some sort of NAT to access the WAN, so in effect you'll be banning the NAT server's ip, not the client computer.


Actually, all this doesn't matter, since you're doing an admin switch to allow a user to ban a LAN ip.  :D But I still think it should just be removed totally.  ;)
Logged
Pages: [1]   Go Up
 

Page created in 0.023 seconds with 19 queries.