Unblock an IP

[mozzee]

How to unblock or release a client IP once it's blocked by the shadow daemon?

[zit-hb]

A client IP gets only blocked by the flooding protection. This is intended to avoid that a single attacker can flood shadowd, because storing the requests requires more resources than just analyzing them. You can set the values of the flooding protection in the profile. For example, "timeframe: 60" and "threshold: 3" means that the request should be blocked if there were 3 stored attacks in the last 60 seconds. So a client would be only blocked for 60 seconds unless the new requests are classified as attacks again. This is such a short time that I did not add a way to remove a client IP manually.

[mozzee]

Yes, indeed, it's flooding protection, but due to some bug in the web application, it can trigger false-positive, and while doing pan testing, your IP could be blocked as well. Therefore, I believe it will be good if we can have such a function to see blocked IPs on the UI and unblock them or flush the list as required. It is almost a standard feature per modern WAF or similar platform specs. Overall this is an excellent piece of the software due to its out-of-the-box functionality and modular design. Really well-done.

[zit-hb]

Thanks! I like the idea to add a list to the UI. It would not be even hard to do. My main problem is the translation: I don't have contact to the translators anymore. If I ever create Shadow Daemon 3.0 it will be in English only, that is for sure!