private void SessionManager_AuthenticationFailed(object sender, GenericEventArgs <AuthenticationRequest> e) { var config = Plugin.Instance.Configuration; if (!config.EnableFirewallBlock) { return; } if (IsLocalNetworkIp(e.Argument.RemoteAddress) && config.IgnoreInternalFailedLoginAttempts) { return; } var connection = CheckConnectionAttempt(e.Argument, config).Result; if (!connection.IsBanned) { return; } if (config.BannedConnections.Exists(c => c == connection)) { return; } connection.BannedDateTime = DateTime.Now; connection.IsBanned = true; connection.RuleName = "Emby_Authentication_Request_Blocked_" + config.RuleNameCount; connection.Id = "Emby_Authentication_Request_Blocked_" + config.RuleNameCount; config.RuleNameCount += 1; config.BannedConnections.Add(connection); Plugin.Instance.UpdateConfiguration(config); var result = FirewallController.AddFirewallRule(connection); Logger.Info($"Firewall Rule {connection.RuleName} added for Ip {connection.Ip} - {result}"); ActivityManager.Create(new ActivityLogEntry() { Date = connection.BannedDateTime, Id = Convert.ToInt64(000 + config.RuleNameCount), Name = "Firewall Blocked Ip", Severity = LogSeverity.Warn, Overview = $"{connection.Ip} blocked: too many failed login attempts on {connection.UserAccountName}'s account, from ISP: {connection.Isp}, on device {connection.DeviceName}", ShortOverview = $"{connection.Ip}: too many failed login attempts.", Type = "Alert" }); //Remove the connection data from our ConnectionAttemptLog list because they are banned. We no longer have to track their attempts FailedAuthenticationAudit.Remove(connection); SessionManager.SendMessageToAdminSessions("FirewallAdded", connection, CancellationToken.None); }
// ReSharper disable once MethodNameNotMeaningful public void Run() { Plugin.Instance.UpdateConfiguration(Plugin.Instance.Configuration); var config = Plugin.Instance.Configuration; foreach (var connection in config.BannedConnections) { if (!FirewallController.FirewallConnectionRuleExists(connection)) { FirewallController.AddFirewallRule(connection); } } SessionManager.AuthenticationFailed += SessionManager_AuthenticationFailed; }