private void SessionManager_AuthenticationFailed(object sender, GenericEventArgs <AuthenticationRequest> e)
{
var config = Plugin.Instance.Configuration;
if (!config.EnableFirewallBlock)
{
return;
}
if (IsLocalNetworkIp(e.Argument.RemoteAddress) && config.IgnoreInternalFailedLoginAttempts)
{
return;
}
var connection = CheckConnectionAttempt(e.Argument, config).Result;
if (!connection.IsBanned)
{
return;
}
if (config.BannedConnections.Exists(c => c == connection))
{
return;
}
connection.BannedDateTime = DateTime.Now;
connection.IsBanned = true;
connection.RuleName = "Emby_Authentication_Request_Blocked_" + config.RuleNameCount;
connection.Id = "Emby_Authentication_Request_Blocked_" + config.RuleNameCount;
config.RuleNameCount += 1;
config.BannedConnections.Add(connection);
Plugin.Instance.UpdateConfiguration(config);
var result = FirewallController.AddFirewallRule(connection);
Logger.Info($"Firewall Rule {connection.RuleName} added for Ip {connection.Ip} - {result}");
ActivityManager.Create(new ActivityLogEntry()
{
Date = connection.BannedDateTime,
Id = Convert.ToInt64(000 + config.RuleNameCount),
Name = "Firewall Blocked Ip",
Severity = LogSeverity.Warn,
Overview = $"{connection.Ip} blocked: too many failed login attempts on {connection.UserAccountName}'s account, from ISP: {connection.Isp}, on device {connection.DeviceName}",
ShortOverview = $"{connection.Ip}: too many failed login attempts.",
Type = "Alert"
});
//Remove the connection data from our ConnectionAttemptLog list because they are banned. We no longer have to track their attempts
FailedAuthenticationAudit.Remove(connection);
SessionManager.SendMessageToAdminSessions("FirewallAdded", connection, CancellationToken.None);
}
