Three times I have attempted to use Autoban whitelist entries of the form 111.222.333.0/255, as the documentation suggests it works when the ip_range module is installed (it is).

On each occasion the saving of such entries has resulted in a permanent WSOD (site encountered an error). I've had to delete all Watchdog entries (whose parsing against the /'d whitelist causes the crash), and go back to the Autoban whitelist and remove all the range entries.

On each crash, dlog records this error.

ArithmeticError: Bit shift by negative number in _autoban_cidr_match() (line 775 of [webcage]/sites/all/modules/autoban/autoban.module).

Comments

neilsky created an issue. See original summary.

neilsky’s picture

neilsky commented
Issue summary: View changes
neilsky’s picture

neilsky commented
Title: Changing "large lists" value causess site to crash? » Does not support IP / range as suggested in the doc
Issue summary: View changes

  • goodboy committed 7206c8d on 7.x-1.x 
    Issue #3116923: Does not support IP / range as suggested in the doc
goodboy’s picture

goodboy commented

I added CIDR check. But the CIDR parameter after "/" should not exceed 32.
35.190.247.0/24 is equal to 35.190.247.0 - 35.190.247.255

neilsky’s picture

neilsky commented

This is unexpected behaviour and is not explained in either the project page or the help file, that I could find. So, some follow-up questions to try and clarify, please:

1. Is there a plan to update the range “/“ support to correctly interpret actual range values. (E.g. a crawler might use range x.y.z.96 - x.y.z.124, so we don’t want to whitelist 0-255.)

2. Does the current implementation support the “ - “ range syntax (in Autoban, not ip_range)?

3. In the current implementation, does the omission of the fourth place (e.g. “111.222.333 # John” as documented on the project page), interpret as 111.222.333.0/255?

4. In the current implementation, is the range value ALWAYS interpreted as 255? E.g. x.y.z.0/1 interpreted as x.y.z.0/255?

5. In the current implementation, is the start value of the range interpreted correctly? E.g. x.y.z.96/32 as x.y.z.96/255?

Thanks

goodboy’s picture

goodboy commented

I've added range IP support for whitelist. Support '-' and '...' as range delimiters. Please, test latest dev-version.

1. '/' is a CIDR delimiter, not a IP range delimiter.
2. Implemented at the last dev-version
3. I got IP address aaa.bbb.ccc.ddd from 'aaa.bbb.ccc.ddd#John' string.
CIDR may be from 0 to 32 . See https://kb.wisc.edu/page.php?id=3493
4.You can see CIDR convert https://www.ipaddressguide.com/cidr
5. x.y.z.0/24 equal IP range x.y.z.0 ... x.y.z.255

You have to use IP formats at whitelist:
1. aaa.bbb.ccc.ddd
2. aaa.bbb.ccc.ddd/qqq
3. aaa.bbb.ccc.ddd - aaa.bbb.ccc.eee
3. aaa.bbb.ccc.ddd ... aaa.bbb.ccc.eee

You need use 4 IP address parts.

And you can use comments also:

#Row comment
aaa.bbb.ccc.ddd

or

aaa.bbb.ccc.ddd #inline comment

neilsky’s picture

neilsky commented

Thanks goodboy, appreciate the explanatories. I'll bone up on CIDR more and see how to best implement the headline crawler addresses in the Whitelist.

Cheers

goodboy’s picture

goodboy commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.