Old 15th September 2022, 11:03   #1
Paul Webster
Junior Member
 
Join Date: Nov 2010
Posts: 8
Block by User Agent does not work for proxied connections

Modern Shoutcast servers now support showing the real IP address for a proxied connection (e.g. for someone using a proxy to provide SSL support rather than the built-in support).
This is good.

However, if trying to block by User Agent (and I think also by IP) it does not work for a proxied connection.
I think the problem is that the code that compares the UA is including the " [ip:1.2.3.4]" from the proxied information as part of the user agent string.
Can confirm this by including the IP field in the UA block request.

I want to block an annoying connection that comes in from a remote server and stays connected for ever ... but its IP address changes every day to another in one of 3 blocks ... so I cannot add each IP address to the UA to block it.
Anyway ... I shouldn't need to.

I am seeing this in "SHOUTcast Server v2.6.0.750/posix(linux x86)"
Paul Webster is offline   Reply With Quote
Old 16th September 2022, 05:00   #2
HG2S
Junior Member
 
Join Date: Sep 2020
Posts: 31
Interesting case. Are you saying that the client is behind a proxy -or- your shoutcast server is behind a (reverse) proxy?

Do you have a theory why a User Agent block would also use the client's IP address? I don't see anything in the manual that suggests IP address is used.

By the way, I have the current version of the server is sc_serv2_linux_x64-261-777. Is that a factor?
HG2S is offline   Reply With Quote
Old 16th September 2022, 11:01   #3
Paul Webster
Junior Member
 
Join Date: Nov 2010
Posts: 8
My hosting provider runs a reverse proxy to terminate the HTTPS connection - and it then passes the HTTP to their back-end Shoutcast server(s).
I cannot control the version of Shoutcast server that they run.
In the Shoutcast admin page, under "Status and listeners" I see the listeners in the first column
"Listener Address
(Host Address)"
listed something like this

1.2.3.4
(5.6.7.8)
where 1.2.3.4 is the hosters reverse proxy and 5.6.7.8 is the real IP address of the listener (which recent Shoutcast servers get from the x-forwarded-for (XFF) http header field that the reverse proxy inserts.

The user agent column shows something like this:
axios/0.26.1 [ip:5.6.7.8]
where the IP address in square brackets is the real IP of the listener.
The UA I want to block is axios/0.26.1 (it connects for days if left alone and that can cost me real money) but it is connecting from a hosted environment and has access to hundreds of IP addresses.
Using the UI to block the user agent does add a block for axios/0.26.1 but it never works because the code that performs the blocking check appears to treat the UA as
axios/0.26.1 [ip:5.6.7.8]
Adding a manual block for
axios/0.26.1 [ip:5.6.7.8]
does work ... but I have to add a new one every few hours with a different IP address from one of the ranges assigned to their domain ... not fun.

I am not the first to report the inability to block proxied connections (I found another report of it in an announcement thread for a new release of Shoutcast) but I think I am the first to report here this extra detail about what I think is the cause of the problem and how to, sort of, circumvent it.

If Shoutcast allowed a regex or even a simple "starts with" for the UA block field then it would by-pass the problem - but the real solution is to go back to the XFF code in Shoutcast server and make it work in all situations.
Paul Webster is offline   Reply With Quote
Old 18th September 2022, 16:26   #4
HG2S
Junior Member
 
Join Date: Sep 2020
Posts: 31
What do you see in your logs? Do you see the same concatenation of Agent and IP address in the Agent field?
HG2S is offline   Reply With Quote
Old 19th September 2022, 09:40   #5
Paul Webster
Junior Member
 
Join Date: Nov 2010
Posts: 8
Yes - log entry looks like this (edited IP address value):

code:

INFO [DST 5.6.7.8:35197 (xff) sid=1] SHOUTcast 1 client connection accepted. User-Agent: `NSPlayer/10.0.0.3702 WMFSDK/10.0 [ip:5.6.7.8]', UID: 1297943, GRID: 1297943

Paul Webster is offline   Reply With Quote
Old 19th September 2022, 17:25   #6
HG2S
Junior Member
 
Join Date: Sep 2020
Posts: 31
I'm looking at a Shoutcast DNAS/posix(linux x64) v2.6.0.753 server that is behind an Nginx reverse proxy and I do not see the appended (apparently) IP address on the User-Agent field.

I also ran a quick check to see what would happen if I blocked an Agent on the same server and the entry on the banned list did not include an IP address, just the agent name, as expected.

This at least suggests to me that you can get what you need but you will have to talk with your hosting company and have them adjust their configuration.

Do you know what they are using as a reverse proxy in your case?
HG2S is offline   Reply With Quote
Old 20th September 2022, 15:12   #7
Paul Webster
Junior Member
 
Join Date: Nov 2010
Posts: 8
Quote:
Originally Posted by HG2S View Post
I'm looking at a Shoutcast DNAS/posix(linux x64) v2.6.0.753 server that is behind an Nginx reverse proxy and I do not see the appended (apparently) IP address on the User-Agent field.
Do you see the XFF icon in column 1 of the Admin UI under "Status and listeners"?
If not then it would appear that your reverse proxy if not setting X-Forwarded-For header.
If you do ... then maybe all I need to do is to persuade the hoster to update their Shoutcast server from .750 to .753

Quote:
Originally Posted by HG2S View Post
I also ran a quick check to see what would happen if I blocked an Agent on the same server and the entry on the banned list did not include an IP address, just the agent name, as expected.
Same for me. It does not include it ... so I add it by hand using User Agent List/Block User Agent so that the block works (for me).

Quote:
Originally Posted by HG2S View Post
This at least suggests to me that you can get what you need but you will have to talk with your hosting company and have them adjust their configuration.

Do you know what they are using as a reverse proxy in your case?
Not sure.
From http headers it appears to identify as cc-web but I have not yet found out what that is.
Paul Webster is offline   Reply With Quote
Old 21st September 2022, 19:01   #8
HG2S
Junior Member
 
Join Date: Sep 2020
Posts: 31
Quote:
Do you see the XFF icon in column 1 of the Admin UI under "Status and listeners"?
If not then it would appear that your reverse proxy if not setting X-Forwarded-For header.
If you do ... then maybe all I need to do is to persuade the hoster to update their Shoutcast server from .750 to .753
Yes, there is an XFF icon in column 1, especially on axios/0.26.1 entries.

As far as I know the current version of Shoutcast is 2.6.1.777. You might want to check the Change Log notes on that release to see if anything related to your problem is mentioned.

As an aside, can you say who your hosting company is? It might be important to others who read this thread who face similar issues.
HG2S is offline   Reply With Quote
Old 22nd September 2022, 11:50   #9
Paul Webster
Junior Member
 
Join Date: Nov 2010
Posts: 8
Nothing relevant that I could spot in the changelog.
However, it is not very detailed and covers a lot of builds in a single section without itemising
https://yp.shoutcast.com/v/2_6_1
or maybe there is a more detailed changelog somewhere else.

I don't want to name the hoster for now but I think there is enough info in this thread for someone hunting for issues with Block User Agent to try out their own tests.
Paul Webster is offline   Reply With Quote
Old 22nd September 2022, 16:26   #10
HG2S
Junior Member
 
Join Date: Sep 2020
Posts: 31
Assuming you get a fix please report back and provide a few notes. This thread could be a big help to others who come later. -Thanks
HG2S is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Shoutcast > Shoutcast Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump