Oral Gokgol

Block the URLs and IPs stored in an online web feed site

Discussion created by Oral Gokgol on Oct 21, 2018
Latest reply on Oct 22, 2018 by Danny Jung

This script uses Management API and automatically downloads the feed from a web site given on the $URL parameter and creates the required groups, IPs, URL Lists, and rules on your management server to block them.

 

  •      This is not an official script, use it with your own risk. Please firstly test it in your test environment.

 

  •      Copy the files to your /var/log folder, change the URL parameter in scriptBase.sh script, and run it as bash scriptBase.sh

 

  •      It parses the given website, and expurgates the IP addresses and URLs on that website.

 

  •      It creates totally 2 rules on the top of your Standard Rule Base, 2 for blocking IP addresses as source and destination, and 1 for blocking the URLs. It doesn't install the policy.

 

  •      It can import 30 K entry in 3 hours on first run, copies itself to /var/log/oralg/WEBSITE_NAME and puts itself to the crontab on management server, to run each day to update the records. 

 

  •      After first run, the update processes takes no more than 2-3 minutes.

 

  •      If you want to run the script also for another site, again change the URL parameter in /var/log/scriptBase.sh and run it for the second site. It will not affect the other web site script.

 

  •      If a record is removed from the feed site, then it will also be deleted on your management, if a new record is added to the feed site, then it will also be added on your management.

 

  •      The script adds its copy scripts to crontab, and it runs every day at 4:00 am, if you want to change the time change the variable recurrenceTime on the /var/log/scriptBase.sh 
Screenshot:

Screenshot on Management

 

Outcomes