En vous promenant sur Beamreactor, nous stockons votre IP 48h pour des raisons de sécurité.

Lecteur Markdown

bans_sync Documentation › BANS_SYNC_DOCUMENTATION_EN

Bans Sync Documentation En

Feature: Bans Sync #

Pulls the aggregated bans feed from devarea and hydrates the local banned_ips table. Lets BeamReactor fleet sites share their security bans without direct access to devarea's database.

The remote feed is obfuscated (matrix codec with rotations derived from a per-site cipher) — a scanner stumbling on the URL only sees what looks like a regular RSS.

Installation and Configuration

By FTP: Drop the bans_sync/ directory into /plugins/.

By package manager: Select bans_sync from the list of available plugins.

Prerequisite on devarea side: An entry for this site in the fleet_peers table (managed by the fleet_peers plugin on devarea), with a cipher matching this site's $cfg[23].

Paths:

  • Main plugin: /plugins/bans_sync/bans_sync.php (admin panel)
  • Configuration: /plugins/bans_sync/conf/bans_sync.conf.inc.php
  • Sync library: /plugins/bans_sync/lib/sync.lib.php
  • Cron handler: /plugins/bans_sync/handlers/bans_sync.cron.mod.php

Configuration parameters (bans_sync.conf.inc.php):

| Variable | Default value | Description |

|---|---|---|

| $basedatadisplay | 'yes' | Show in the management interface |

| $basedisplevel | BASE_LEVEL_ADMIN | Minimum level to view |

| $ftype | 10 | Security category |

| BANS_SYNC_SERVER | https://devarea.beamreactor.com | Feed source |

Authentication:

  • $site_id = $cfg[1]
  • $auth_token = hash('sha256', $cfg[23] . $site_id)

Recommended scheduled task (insert into system_scheduler):

| Field | Value |

|---|---|

| crontime | /30 * |

| task_name | bans_sync_pull |

| task_class | plugins/bans_sync/handlers/bans_sync.cron.mod.php |

| enabled | 1 |

Usage

Sync process #

1. Token computationhash('sha256', $cfg[23] . $cfg[1]).

2. Last sync retrieval — from system_config.bans_sync.last_sync, defaults to 7 days ago.

3. HTTP request — cURL call to the remote feed with site_id, token, since.

4. DecodingBansFeedCodec::decode() reverses the matrix rotations using the local cipher and validates each ban via HMAC. Noise items injected by the server fail validation and are dropped.

5. Deduplication — for each ban:

- If the offender (or cidr_range for a CIDR ban) already exists: refresh the tstamp if the import is more recent, otherwise skip.

- Otherwise: insert.

6. last_sync update — so only the delta is pulled on the next sync.

Remote endpoint consulted #

text
BANS_SYNC_SERVER/index.php?obj=bans.log.rss&site_id=X&token=Y&since=Z

Manual trigger #

The admin panel offers a "Sync now" button that calls bans_sync_pull() directly. Useful to test the configuration or catch up after an outage.

Hooks and Entry points

text
?obj=bans_sync.php                                            — Admin panel
plugins/bans_sync/handlers/bans_sync.cron.mod.php             — Cron handler (triggered by cronJob.mod.php)

Dependencies

  • Beamreactor\Database\SQL
  • Beamreactor\Network\BansFeedCodec — shared codec (server-side on devarea for encoding)
  • PHP cURL extension — required to fetch the feed
  • Table banned_ips — already present on the fleet side (used by banna)
  • Table system_config — to store bans_sync.last_sync
  • Table system_scheduler — for the cron task
  • $cfg[1] (site_id) and $cfg[23] (cipher shared with devarea) — authentication
  • Matching entry in the fleet_peers table on devarea
← Toutes les docs bans_sync
de en fr