🚀 Release v1.0.100

- Tipo: patch
- Database schema: database-schema/schema.sql (solo struttura)
- Data: 2026-01-02 15:51:11

attached_assets/Pasted-curl-X-POST-http-localhost-8000-detect-H-Content-Type-a_1767368587291.txt

@@ -0,0 +1,4 @@
+curl -X POST http://localhost:8000/detect \
+  -H "Content-Type: application/json" \
+  -d '{"max_records": 5000, "hours_back": 1, "risk_threshold": 80, "auto_block": true}'
+{"detections":[{"source_ip":"108.139.210.107","risk_score":98.55466848373413,"confidence_level":"high","action_recommendation":"auto_block","anomaly_type":"ddos","reason":"High connection rate: 403.7 conn/s","log_count":1211,"total_packets":1211,"total_bytes":2101702,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":95.0},{"source_ip":"216.58.209.54","risk_score":95.52801848493884,"confidence_level":"high","action_recommendation":"auto_block","anomaly_type":"brute_force","reason":"High connection rate: 184.7 conn/s","log_count":554,"total_packets":554,"total_bytes":782397,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":95.0},{"source_ip":"95.127.69.202","risk_score":93.58280514393482,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 93.7 conn/s","log_count":281,"total_packets":281,"total_bytes":369875,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"95.127.72.207","risk_score":92.50694363471318,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 76.3 conn/s","log_count":229,"total_packets":229,"total_bytes":293439,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"95.110.183.67","risk_score":86.42278405656512,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 153.0 conn/s","log_count":459,"total_packets":459,"total_bytes":20822,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"54.75.71.86","risk_score":83.42037059381207,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 58.0 conn/s","log_count":174,"total_packets":174,"total_bytes":25857,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"79.10.127.217","risk_score":82.32814469102843,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"brute_force","reason":"High connection rate: 70.0 conn/s","log_count":210,"total_packets":210,"total_bytes":18963,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0},{"source_ip":"142.251.140.100","risk_score":76.61422108557721,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"botnet","reason":"Anomalous pattern detected (botnet)","log_count":16,"total_packets":16,"total_bytes":20056,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:53","confidence":75.0},{"source_ip":"142.250.181.161","risk_score":76.3802033958719,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"botnet","reason":"Anomalous pattern detected (botnet)","log_count":15,"total_packets":15,"total_bytes":5214,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:51","confidence":75.0},{"source_ip":"142.250.180.131","risk_score":72.7723405111559,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"suspicious","reason":"Anomalous pattern detected (suspicious)","log_count":8,"total_packets":8,"total_bytes":5320,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:53","confidence":75.0},{"source_ip":"157.240.231.60","risk_score":72.26853648050493,"confidence_level":"medium","action_recommendation":"manual_review","anomaly_type":"botnet","reason":"Anomalous pattern detected (botnet)","log_count":16,"total_packets":16,"total_bytes":4624,"first_seen":"2026-01-02T16:41:51","last_seen":"2026-01-02T16:41:54","confidence":75.0}],"total":11,"blocked":0,"message":"Trovate 11 anomalie"}[root@ids python_ml]# 

client/src/pages/Detections.tsx

@@ -5,7 +5,7 @@ import { Button } from "@/components/ui/button";
 import { Input } from "@/components/ui/input";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select";
 import { Slider } from "@/components/ui/slider";
-import { AlertTriangle, Search, Shield, Globe, MapPin, Building2, ShieldPlus, ShieldCheck } from "lucide-react";
+import { AlertTriangle, Search, Shield, Globe, MapPin, Building2, ShieldPlus, ShieldCheck, Unlock } from "lucide-react";
 import { format } from "date-fns";
 import { useState } from "react";
 import type { Detection, Whitelist } from "@shared/schema";
@@ -63,7 +63,7 @@ export default function Detections() {
     onSuccess: (_, detection) => {
       toast({
         title: "IP aggiunto alla whitelist",
-        description: `${detection.sourceIp} è stato aggiunto alla whitelist con successo.`,
+        description: `${detection.sourceIp} è stato aggiunto alla whitelist e sbloccato dai router.`,
       });
       queryClient.invalidateQueries({ queryKey: ["/api/whitelist"] });
       queryClient.invalidateQueries({ queryKey: ["/api/detections"] });
@@ -77,6 +77,29 @@ export default function Detections() {
     }
   });
 
+  // Mutation per sbloccare IP dai router
+  const unblockMutation = useMutation({
+    mutationFn: async (detection: Detection) => {
+      return await apiRequest("POST", "/api/unblock-ip", {
+        ipAddress: detection.sourceIp
+      });
+    },
+    onSuccess: (data: any, detection) => {
+      toast({
+        title: "IP sbloccato",
+        description: `${detection.sourceIp} è stato rimosso dalla blocklist di ${data.unblocked_from || 0} router.`,
+      });
+      queryClient.invalidateQueries({ queryKey: ["/api/detections"] });
+    },
+    onError: (error: any, detection) => {
+      toast({
+        title: "Errore sblocco",
+        description: error.message || `Impossibile sbloccare ${detection.sourceIp} dai router.`,
+        variant: "destructive",
+      });
+    }
+  });
+
   const getRiskBadge = (riskScore: string) => {
     const score = parseFloat(riskScore);
     if (score >= 85) return <Badge variant="destructive">CRITICO</Badge>;
@@ -310,6 +333,20 @@ export default function Detections() {
                           Whitelist
                         </Button>
                       )}
+
+                      {detection.blocked && (
+                        <Button 
+                          variant="outline" 
+                          size="sm" 
+                          onClick={() => unblockMutation.mutate(detection)}
+                          disabled={unblockMutation.isPending}
+                          className="w-full"
+                          data-testid={`button-unblock-${detection.id}`}
+                        >
+                          <Unlock className="h-3 w-3 mr-1" />
+                          Sblocca Router
+                        </Button>
+                      )}
                     </div>
                   </div>
                 </div>

database-schema/schema.sql

@@ -2,7 +2,7 @@
 -- PostgreSQL database dump
 --
 
-\restrict PRKBLjzmAC8I39HJVa9aOlkzFFiqgPPqt4hjKaZLwxRVM51Z47YCL9xNIeoXWQj
+\restrict 0WksqiXSxEbKkimrOffHTFz303y80NXUjCIEjcTgyodl4SsmTQnolXeqWX5mUy4
 
 -- Dumped from database version 16.11 (74c6bb6)
 -- Dumped by pg_dump version 16.10
@@ -387,5 +387,5 @@ ALTER TABLE ONLY public.public_blacklist_ips
 -- PostgreSQL database dump complete
 --
 
-\unrestrict PRKBLjzmAC8I39HJVa9aOlkzFFiqgPPqt4hjKaZLwxRVM51Z47YCL9xNIeoXWQj
+\unrestrict 0WksqiXSxEbKkimrOffHTFz303y80NXUjCIEjcTgyodl4SsmTQnolXeqWX5mUy4
 

replit.md

@@ -25,7 +25,7 @@ The IDS employs a React-based frontend for real-time monitoring, detection visua
 **Key Architectural Decisions & Features:**
 -   **Log Collection & Processing**: MikroTik syslog data (UDP:514) is parsed by `syslog_parser.py` and stored in PostgreSQL with a 3-day retention policy. The parser includes auto-reconnect and error recovery mechanisms.
 -   **Machine Learning**: An Isolation Forest model (sklearn.IsolectionForest) trained on 25 network log features performs real-time anomaly detection, assigning a risk score (0-100 across five risk levels). A hybrid ML detector (Isolation Forest + Ensemble Classifier with weighted voting) reduces false positives. The system supports weekly automatic retraining of models.
--   **Automated Blocking**: Critical IPs (score >= 80) are automatically blocked in parallel across configured MikroTik routers via their REST API.
+-   **Automated Blocking**: Critical IPs (score >= 80) are automatically blocked in parallel across configured MikroTik routers via their REST API. **Auto-unblock on whitelist**: When an IP is added to the whitelist, it is automatically removed from all router blocklists. Manual unblock button available in Detections page.
 -   **Public Lists Integration (v2.0.0 - CIDR Complete)**: Automatic fetcher syncs blacklist/whitelist feeds every 10 minutes (Spamhaus, Talos, AWS, GCP, Cloudflare, IANA, NTP Pool). **Full CIDR support** using PostgreSQL INET/CIDR types with `<<=` containment operators for network range matching. Priority-based merge logic: Manual whitelist > Public whitelist > Blacklist (CIDR-aware). Detections created for blacklisted IPs/ranges (excluding whitelisted ranges). CRUD API + UI for list management. See `deployment/docs/PUBLIC_LISTS_V2_CIDR.md` for implementation details.
 -   **Automatic Cleanup**: An hourly systemd timer (`cleanup_detections.py`) removes old detections (48h) and auto-unblocks IPs (2h).
 -   **Service Monitoring & Management**: A dashboard provides real-time status (ML Backend, Database, Syslog Parser). API endpoints, secured with API key authentication and Systemd integration, allow for service management (start/stop/restart) of Python services.

server/routes.ts

@@ -130,11 +130,73 @@ export async function registerRoutes(app: Express): Promise<Server> {
     try {
       const validatedData = insertWhitelistSchema.parse(req.body);
       const item = await storage.createWhitelist(validatedData);
+      
+      // Auto-unblock from routers when adding to whitelist
+      const mlBackendUrl = process.env.ML_BACKEND_URL || 'http://localhost:8000';
+      const mlApiKey = process.env.IDS_API_KEY;
+      try {
+        const headers: Record<string, string> = { 'Content-Type': 'application/json' };
+        if (mlApiKey) {
+          headers['X-API-Key'] = mlApiKey;
+        }
+        const unblockResponse = await fetch(`${mlBackendUrl}/unblock-ip`, {
+          method: 'POST',
+          headers,
+          body: JSON.stringify({ ip_address: validatedData.ipAddress })
+        });
+        if (unblockResponse.ok) {
+          const result = await unblockResponse.json();
+          console.log(`[WHITELIST] Auto-unblocked ${validatedData.ipAddress} from ${result.unblocked_from} routers`);
+        } else {
+          console.warn(`[WHITELIST] Failed to auto-unblock ${validatedData.ipAddress}: ${unblockResponse.status}`);
+        }
+      } catch (unblockError) {
+        // Don't fail if ML backend is unavailable
+        console.warn(`[WHITELIST] ML backend unavailable for auto-unblock: ${unblockError}`);
+      }
+      
       res.json(item);
     } catch (error) {
       res.status(400).json({ error: "Invalid whitelist data" });
     }
   });
+  
+  // Unblock IP from all routers (proxy to ML backend)
+  app.post("/api/unblock-ip", async (req, res) => {
+    try {
+      const { ipAddress, listName = "ddos_blocked" } = req.body;
+      
+      if (!ipAddress) {
+        return res.status(400).json({ error: "IP address is required" });
+      }
+      
+      const mlBackendUrl = process.env.ML_BACKEND_URL || 'http://localhost:8000';
+      const mlApiKey = process.env.IDS_API_KEY;
+      const headers: Record<string, string> = { 'Content-Type': 'application/json' };
+      if (mlApiKey) {
+        headers['X-API-Key'] = mlApiKey;
+      }
+      
+      const response = await fetch(`${mlBackendUrl}/unblock-ip`, {
+        method: 'POST',
+        headers,
+        body: JSON.stringify({ ip_address: ipAddress, list_name: listName })
+      });
+      
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.error(`[UNBLOCK] ML backend error for ${ipAddress}: ${response.status} - ${errorText}`);
+        return res.status(response.status).json({ error: errorText || "Failed to unblock IP" });
+      }
+      
+      const result = await response.json();
+      console.log(`[UNBLOCK] Successfully unblocked ${ipAddress} from ${result.unblocked_from || 0} routers`);
+      res.json(result);
+    } catch (error: any) {
+      console.error('[UNBLOCK] Error:', error);
+      res.status(500).json({ error: error.message || "Failed to unblock IP from routers" });
+    }
+  });
 
   app.delete("/api/whitelist/:id", async (req, res) => {
     try {

version.json

@@ -1,7 +1,13 @@
 {
-  "version": "1.0.99",
+  "version": "1.0.100",
-  "lastUpdate": "2026-01-02T15:39:39.640Z",
+  "lastUpdate": "2026-01-02T15:51:11.271Z",
   "changelog": [
+    {
+      "version": "1.0.100",
+      "date": "2026-01-02",
+      "type": "patch",
+      "description": "Deployment automatico v1.0.100"
+    },
     {
       "version": "1.0.99",
       "date": "2026-01-02",
@@ -295,12 +301,6 @@
       "date": "2025-11-24",
       "type": "patch",
       "description": "Deployment automatico v1.0.51"
-    },
-    {
-      "version": "1.0.50",
-      "date": "2025-11-24",
-      "type": "patch",
-      "description": "Deployment automatico v1.0.50"
     }
   ]
 }