marco/ids.alfacom.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve IP blocking process by increasing timeouts and adding detailed logging

Browse Source 
Increase auto-block timeout to 300s, update systemd service timeout to 480s, and reduce individual MikroTik request timeout to 8s. Add per-router logging for blocking operations.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
Replit-Commit-Event-Id: 455f4d8c-e90c-45d5-a7f1-e5f98b1345d3
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/cJuycQ5
This commit is contained in:
marco370 2026-02-16 18:35:39 +00:00
parent 64c491f245
commit b45b810eb9
3 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deployment/systemd/ids-auto-block.service
View File

@ -22,8 +22,8 @@ SyslogIdentifier=ids-auto-block
NoNewPrivileges=true NoNewPrivileges=true
PrivateTmp=true PrivateTmp=true
# Timeout: max 5 minuti per detection+blocking # Timeout: max 8 minuti per detection+blocking
TimeoutStartSec=300 TimeoutStartSec=480
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

4
python_ml/auto_block.py
View File

@ -58,7 +58,7 @@ def auto_block():
"limit": 200, "limit": 200,
"list_name": "ddos_blocked" "list_name": "ddos_blocked"
}, },
timeout=120 timeout=300
) )
if response.status_code == 200: if response.status_code == 200:
@ -85,7 +85,7 @@ def auto_block():
print(f"[{timestamp}] ERRORE: Node.js backend non raggiungibile su {NODE_API_URL}") print(f"[{timestamp}] ERRORE: Node.js backend non raggiungibile su {NODE_API_URL}")
return 1 return 1
except requests.exceptions.Timeout: except requests.exceptions.Timeout:
print(f"[{timestamp}] ERRORE: Timeout blocco IP (120s)") print(f"[{timestamp}] ERRORE: Timeout blocco IP (300s)")
return 1 return 1
except Exception as e: except Exception as e:
print(f"[{timestamp}] ERRORE imprevisto: {type(e).__name__}: {e}") print(f"[{timestamp}] ERRORE imprevisto: {type(e).__name__}: {e}")

34
server/mikrotik.ts
View File

@ -20,7 +20,7 @@ async function mikrotikRequest(
method: string, method: string,
path: string, path: string,
body?: any, body?: any,
timeoutMs: number = 10000 timeoutMs: number = 8000
): Promise<{ status: number; data: any }> { ): Promise<{ status: number; data: any }> {
const useHttps = router.apiPort === 443; const useHttps = router.apiPort === 443;
const protocol = useHttps ? "https" : "http"; const protocol = useHttps ? "https" : "http";
@ -239,14 +239,21 @@ export async function bulkBlockIps(
return { blocked: 0, failed: 0, skipped: 0, details: [] }; return { blocked: 0, failed: 0, skipped: 0, details: [] };
} }
console.log(`[BULK-BLOCK] Starting: ${ipList.length} IPs on ${enabled.length} routers`); console.log(`[BULK-BLOCK] Starting: ${ipList.length} IPs on ${enabled.length} routers (${enabled.map(r => r.ipAddress).join(', ')})`);
const routerStatus = new Map<string, { ok: number; fail: number; skip: number }>();
for (const r of enabled) {
routerStatus.set(r.ipAddress, { ok: 0, fail: 0, skip: 0 });
}
const existingCache = new Map<string, Set<string>>(); const existingCache = new Map<string, Set<string>>();
await Promise.allSettled( await Promise.allSettled(
enabled.map(async (router) => { enabled.map(async (router) => {
const start = Date.now();
const existing = await getExistingBlockedIps(router, listName); const existing = await getExistingBlockedIps(router, listName);
const elapsed = Date.now() - start;
existingCache.set(router.ipAddress, existing); existingCache.set(router.ipAddress, existing);
console.log(`[BULK-BLOCK] Router ${router.ipAddress}: ${existing.size} IPs already in list`); console.log(`[BULK-BLOCK] Router ${router.ipAddress}: ${existing.size} IPs already in list (${elapsed}ms)`);
}) })
); );
@ -279,8 +286,23 @@ export async function bulkBlockIps(
const routerResults = await Promise.allSettled( const routerResults = await Promise.allSettled(
enabled.map(async (router) => { enabled.map(async (router) => {
const existing = existingCache.get(router.ipAddress) || new Set(); const existing = existingCache.get(router.ipAddress) || new Set();
if (existing.has(ip)) return true; if (existing.has(ip)) {
const st = routerStatus.get(router.ipAddress);
if (st) st.skip++;
return true;
}
const start = Date.now();
const result = await addToAddressList(router, ip, listName, `${commentPrefix} ${ip}`, timeoutDuration); const result = await addToAddressList(router, ip, listName, `${commentPrefix} ${ip}`, timeoutDuration);
const elapsed = Date.now() - start;
const st = routerStatus.get(router.ipAddress);
if (result.success) {
if (st) st.ok++;
} else {
if (st) st.fail++;
if (elapsed > 5000) {
console.warn(`[BULK-BLOCK] SLOW: Router ${router.ipAddress} took ${elapsed}ms for IP ${ip}: ${result.error}`);
}
}
return result.success; return result.success;
}) })
); );
@ -311,6 +333,10 @@ export async function bulkBlockIps(
details.push({ ip, status: "already_blocked" }); details.push({ ip, status: "already_blocked" });
} }
// Report per-router
routerStatus.forEach((st, routerIp) => {
console.log(`[BULK-BLOCK] Router ${routerIp}: ${st.ok} blocked, ${st.fail} failed, ${st.skip} skipped`);
});
console.log(`[BULK-BLOCK] Done: ${blocked} blocked, ${failed} failed, ${skippedIps.length} skipped`); console.log(`[BULK-BLOCK] Done: ${blocked} blocked, ${failed} failed, ${skippedIps.length} skipped`);
return { blocked, failed, skipped: skippedIps.length, details }; return { blocked, failed, skipped: skippedIps.length, details };