FYI API BAN 2024: Block Bad SIP/HTTP Traffic

[KNERD]

APIBAN - 2024 year in review

Happy New Year! Lets start 2025 off by looking at tha last year from an APIBAN point of view. The 2024 year in review.

apiban.org

 

[wardmundy]

Old Nerd Vittles tutorial to install APIBAN is here. Just search for apiban section to begin.

 

[wardmundy]

Current APIBAN deployment instructions here. Be sure to use latest dev release from here.

I recommend also adding the following lines immediately below the fail2ban line in /usr/local/sbin/iptables-restart in case the APIBAN table gets poisoned thereby locking you out of your server:

rm -f /var/log/apiban-client.log
/usr/local/bin/apiban/apiban-iptables-client
/usr/sbin/iptables -I APIBAN -s 10.8.0.0/24 -j ACCEPT
/usr/sbin/iptables -I APIBAN -s 1.1.1.1 -j ACCEPT
/usr/sbin/iptables -I APIBAN -s 8.8.8.8 -j ACCEPT
/usr/sbin/iptables -I APIBAN -s 127.0.0.1 -j ACCEPT

 

[wardmundy]

Alternative way of whitelisting is to use this new syntax in config.json which tells the APIBAN app to ignore adding the specified IP addresses to the chain. My problem with this approach is these whitelisted APIBAN addresses aren't really whitelisted. They are simply ignored when the APIBAN table is populated. That means they don't show up in the chain so it's up to you to be sure they are also added in the INPUT chain.

{
"apikey":"MY API KEY",
"lkid":"100",
"version":"1.5",
"set":"sip",
"flush":"200",
"allowed":[
{
"cidr":"1.1.1.1/32"
},
{
"cidr":"8.8.8.8/32"
},
{
"cidr":"127.0.0.1/32"
},
{
"cidr":"10.8.0.0/24"
}
]
}

 

[wardmundy]

FYI: This code should also work on 3CX platforms.

 

[wardmundy]

Excellent APIBAN writeup on TangoPBX today.

 

[krzykat]

Excellent APIBAN writeup on TangoPBX today.

Sorry - late to party, but why create the TangoPBX forum for open sourced forum and communication? I thought that is what voip-info.org is.

 

[Tonyclewis]

Because TangoPBX is much more than a forum. As you can see with the first release of a new module called Open Page and alot more to come.