From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 1 Nov 2018 14:32:22 +0000 (+0000)
Subject: location: Add notice on page that an address is blacklisted
X-Git-Url: http://git.ipfire.org/?p=ipfire.org.git;a=commitdiff_plain;h=2517822eee05c8ffa86efe6d211182601250d757

location: Add notice on page that an address is blacklisted

This only checks "important" blacklists that we use elsewhere
to block clients.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/Makefile.am b/Makefile.am
index 48a2ec4f..33ea58ae 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -156,6 +156,8 @@ templates_fireinfo_modules_DATA = \
 templates_fireinfo_modulesdir = $(templates_fireinfodir)/modules
 
 templates_location_DATA = \
+	src/templates/location/base.html \
+	src/templates/location/blacklists.html \
 	src/templates/location/lookup.html
 
 templates_locationdir = $(templatesdir)/location
diff --git a/src/backend/geoip.py b/src/backend/geoip.py
index b575f19e..fe28c480 100644
--- a/src/backend/geoip.py
+++ b/src/backend/geoip.py
@@ -13,105 +13,105 @@ from . import countries
 from .decorators import *
 from .misc import Object
 
-BLACKLISTS = (
-	"access.redhawk.org",
-	"all.spamblock.unit.liu.se",
-	"b.barracudacentral.org",
-	"bl.deadbeef.com",
-	#"bl.emailbasura.org",
-	"bl.spamcannibal.org",
-	"bl.spamcop.net",
-	"blackholes.five-ten-sg.com",
-	#"blackholes.mail-abuse.org",
-	"blacklist.sci.kun.nl",
-	"blacklist.woody.ch",
-	"bogons.cymru.com",
-	"bsb.spamlookup.net",
-	"cbl.abuseat.org",
-	#"cbl.anti-spam.org.cn",
-	#"cblless.anti-spam.org.cn",
-	#"cblplus.anti-spam.org.cn",
-	#"cdl.anti-spam.org.cn",
-	#"combined.njabl.org",
-	"combined.rbl.msrbl.net",
-	"csi.cloudmark.com",
-	"db.wpbl.info",
-	#"dialups.mail-abuse.org",
-	"dnsbl-1.uceprotect.net",
-	"dnsbl-2.uceprotect.net",
-	"dnsbl-3.uceprotect.net",
-	"dnsbl.abuse.ch",
-	"dnsbl.cyberlogic.net",
-	"dnsbl.dronebl.org",
-	"dnsbl.inps.de",
-	"dnsbl.kempt.net",
-	#"dnsbl.njabl.org",
-	"dnsbl.sorbs.net",
-	"dob.sibl.support-intelligence.net",
-	"drone.abuse.ch",
-	"dsn.rfc-ignorant.org",
-	"duinv.aupads.org",
-	#"dul.blackhole.cantv.net",
-	"dul.dnsbl.sorbs.net",
-	"vdul.ru",
-	"dyna.spamrats.com",
-	"dynablock.sorbs.net",
-	#"dyndns.rbl.jp",
-	"dynip.rothen.com",
-	"forbidden.icm.edu.pl",
-	"http.dnsbl.sorbs.net",
-	"httpbl.abuse.ch",
-	"images.rbl.msrbl.net",
-	"ips.backscatterer.org",
-	"ix.dnsbl.manitu.net",
-	"korea.services.net",
-	"mail.people.it",
-	"misc.dnsbl.sorbs.net",
-	"multi.surbl.org",
-	"netblock.pedantic.org",
-	"noptr.spamrats.com",
-	"opm.tornevall.org",
-	"orvedb.aupads.org",
-	"pbl.spamhaus.org",
-	"phishing.rbl.msrbl.net",
-	"psbl.surriel.com",
-	"query.senderbase.org",
-	#"rbl-plus.mail-abuse.org",
-	"rbl.efnetrbl.org",
-	"rbl.interserver.net",
-	"rbl.spamlab.com",
-	"rbl.suresupport.com",
-	"relays.bl.gweep.ca",
-	"relays.bl.kundenserver.de",
-	#"relays.mail-abuse.org",
-	"relays.nether.net",
-	"residential.block.transip.nl",
-	#"rot.blackhole.cantv.net",
-	"sbl.spamhaus.org",
-	#"short.rbl.jp",
-	"smtp.dnsbl.sorbs.net",
-	"socks.dnsbl.sorbs.net",
-	"spam.abuse.ch",
-	"spam.dnsbl.sorbs.net",
-	"spam.rbl.msrbl.net",
-	"spam.spamrats.com",
-	"spamguard.leadmon.net",
-	"spamlist.or.kr",
-	"spamrbl.imp.ch",
-	"tor.dan.me.uk",
-	"ubl.lashback.com",
-	"ubl.unsubscore.com",
-	"uribl.swinog.ch",
-	#"url.rbl.jp",
-	"virbl.bit.nl",
-	#"virus.rbl.jp",
-	"virus.rbl.msrbl.net",
-	"web.dnsbl.sorbs.net",
-	"wormrbl.imp.ch",
-	"xbl.spamhaus.org",
-	"zen.spamhaus.org",
-	"zombie.dnsbl.sorbs.net",
-)
+BLACKLISTS = {
+	"access.redhawk.org" : False,
+	"all.spamblock.unit.liu.se" : False,
+	"b.barracudacentral.org" : False,
+	"bl.deadbeef.com" : False,
+	#"bl.emailbasura.org" : False,
+	"bl.spamcannibal.org" : False,
+	"bl.spamcop.net" : False,
+	"blackholes.five-ten-sg.com" : False,
+	#"blackholes.mail-abuse.org" : False,
+	"blacklist.sci.kun.nl" : False,
+	"blacklist.woody.ch" : False,
+	"bogons.cymru.com" : False,
+	"bsb.spamlookup.net" : False,
+	"cbl.abuseat.org" : False,
+	#"cbl.anti-spam.org.cn" : False,
+	#"cblless.anti-spam.org.cn" : False,
+	#"cblplus.anti-spam.org.cn" : False,
+	#"cdl.anti-spam.org.cn" : False,
+	#"combined.njabl.org" : False,
+	"combined.rbl.msrbl.net" : False,
+	"csi.cloudmark.com" : False,
+	"db.wpbl.info" : False,
+	#"dialups.mail-abuse.org" : False,
+	"dnsbl-1.uceprotect.net" : False,
+	"dnsbl-2.uceprotect.net" : False,
+	"dnsbl-3.uceprotect.net" : False,
+	"dnsbl.abuse.ch" : False,
+	"dnsbl.cyberlogic.net" : False,
+	"dnsbl.dronebl.org" : False,
+	"dnsbl.inps.de" : False,
+	"dnsbl.kempt.net" : False,
+	#"dnsbl.njabl.org" : False,
+	"dnsbl.sorbs.net" : False,
+	"dob.sibl.support-intelligence.net" : False,
+	"drone.abuse.ch" : False,
+	"dsn.rfc-ignorant.org" : False,
+	"duinv.aupads.org" : False,
+	#"dul.blackhole.cantv.net" : False,
+	"dul.dnsbl.sorbs.net" : False,
+	"vdul.ru" : False,
+	"dyna.spamrats.com" : False,
+	"dynablock.sorbs.net" : False,
+	#"dyndns.rbl.jp" : False,
+	"dynip.rothen.com" : False,
+	"forbidden.icm.edu.pl" : False,
+	"http.dnsbl.sorbs.net" : False,
+	"httpbl.abuse.ch" : False,
+	"images.rbl.msrbl.net" : False,
+	"ips.backscatterer.org" : False,
+	"ix.dnsbl.manitu.net" : False,
+	"korea.services.net" : False,
+	"mail.people.it" : False,
+	"misc.dnsbl.sorbs.net" : False,
+	"multi.surbl.org" : False,
+	"netblock.pedantic.org" : False,
+	"noptr.spamrats.com" : False,
+	"opm.tornevall.org" : False,
+	"orvedb.aupads.org" : False,
+	"pbl.spamhaus.org" : False,
+	"phishing.rbl.msrbl.net" : False,
+	"psbl.surriel.com" : False,
+	"query.senderbase.org" : False,
+	#"rbl-plus.mail-abuse.org" : False,
+	"rbl.efnetrbl.org" : False,
+	"rbl.interserver.net" : False,
+	"rbl.spamlab.com" : False,
+	"rbl.suresupport.com" : False,
+	"relays.bl.gweep.ca" : False,
+	"relays.bl.kundenserver.de" : False,
+	#"relays.mail-abuse.org" : False,
+	"relays.nether.net" : False,
+	"residential.block.transip.nl" : False,
+	#"rot.blackhole.cantv.net" : False,
+	"sbl.spamhaus.org" : True,
+	#"short.rbl.jp" : False,
+	"smtp.dnsbl.sorbs.net" : False,
+	"socks.dnsbl.sorbs.net" : False,
+	"spam.abuse.ch" : False,
+	"spam.dnsbl.sorbs.net" : False,
+	"spam.rbl.msrbl.net" : False,
+	"spam.spamrats.com" : False,
+	"spamguard.leadmon.net" : False,
+	"spamlist.or.kr" : False,
+	"spamrbl.imp.ch" : False,
+	"tor.dan.me.uk" : False,
+	"ubl.lashback.com" : False,
+	"ubl.unsubscore.com" : False,
+	"uribl.swinog.ch" : False,
+	#"url.rbl.jp" : False,
+	"virbl.bit.nl" : False,
+	#"virus.rbl.jp" : False,
+	"virus.rbl.msrbl.net" : False,
+	"web.dnsbl.sorbs.net" : False,
+	"wormrbl.imp.ch" : False,
+	"xbl.spamhaus.org" : True,
+	"zen.spamhaus.org" : False,
+	"zombie.dnsbl.sorbs.net" : False,
+}
 
 class Resolver(tornado.platform.caresresolver.CaresResolver):
 	def initialize(self, **kwargs):
@@ -273,7 +273,16 @@ class Address(Object):
 		return True, None
 
 	@tornado.gen.coroutine
-	def get_blacklists(self):
-		blacklists = yield { bl : self._resolve_blacklist(bl) for bl in BLACKLISTS }
+	def get_blacklists(self, important_only=False):
+		blacklists = yield { bl : self._resolve_blacklist(bl) for bl in BLACKLISTS if not important_only or BLACKLISTS[bl] }
 
 		return blacklists
+
+	@tornado.gen.coroutine
+	def is_blacklisted(self):
+		blacklists = yield self.get_blacklists(important_only=True)
+
+		# If we are blacklisted on one list, this one is screwed
+		for code, reason in blacklists.values():
+			if code:
+				return True
diff --git a/src/templates/location/base.html b/src/templates/location/base.html
new file mode 100644
index 00000000..8ed08280
--- /dev/null
+++ b/src/templates/location/base.html
@@ -0,0 +1,13 @@
+{% extends "../base.html" %}
+
+{% block content %}
+	<h1 class="text-center mt-5 mb-5">
+		<a class="text-white" href="/lookup/{{ address }}">{{ _("Location of %s") % address }}</a>
+	</h1>
+
+	<div class="row justify-content-center">
+		<div class="col-12 col-md-6">
+			{% block main %}{% end block %}
+		</div>
+	</div>
+{% end block %}
diff --git a/src/templates/location/blacklists.html b/src/templates/location/blacklists.html
new file mode 100644
index 00000000..fb3421af
--- /dev/null
+++ b/src/templates/location/blacklists.html
@@ -0,0 +1,27 @@
+{% extends "base.html" %}
+
+{% block title %}{{ _("Blacklist Status of %s") % address }}{% end block %}
+
+{% block main %}
+	<div class="card mb-4">
+		<div class="card-body">
+			<h5 class="card-title mb-0">{{ _("Blacklists") }}</h5>
+		</div>
+
+		<ul class="list-group list-group-flush">
+			{% for bl in sorted(blacklists) %}
+				{% if blacklists[bl] %}
+					{% set code, reason = blacklists[bl] %}
+
+					<li class="list-group-item {% if code %}list-group-item-danger{% else %}list-group-item-success{% end %}">
+						<p class="mb-0">{{ bl }}</p>
+
+						{% if reason %}
+							<small class="text-muted">{{ reason }}</small>
+						{% end %}
+					</li>
+				{% end %}
+			{% end %}
+		</ul>
+	</div>
+{% end block %}
diff --git a/src/templates/location/lookup.html b/src/templates/location/lookup.html
index e2bfab6b..07d5ebfd 100644
--- a/src/templates/location/lookup.html
+++ b/src/templates/location/lookup.html
@@ -1,65 +1,53 @@
-{% extends "../base.html" %}
+{% extends "base.html" %}
 
 {% block title %}{{ _("Location of %s") % address }}{% end block %}
 
-{% block content %}
-	<h1 class="text-center mt-5 mb-5">{{ _("Location of %s") % address }}</h1>
+{% block main %}
+	{% if is_blacklisted %}
+		<div class="alert alert-warning">
+			<h6 class="alert-heading">{{ _("This IP address is blacklisted!") }}</h6>
 
-	<div class="row justify-content-center">
-		<div class="col-12 col-md-6">
-			<div class="card mb-4">
-				{% if peer and peer.latitude and peer.longitude %}
-					<div class="card-img-top">
-						{% module Map(peer.latitude, peer.longitude) %}
-					</div>
-				{% end %}
+			<p>
+				{{ _("Access to some resources on this website might be limited because this IP address is a known abuser.") }}
+			</p>
 
-				<div class="card-body">
-					<dl>
-						<dt>{{ _("Country") }}</dt>
-						<dd>
-							{% if peer %}
-								{% if peer.country_name %}
-									{{ peer.country_name }} ({{ peer.country }})
-								{% else %}
-									{{ peer.country_name }}
-								{% end %}
-							{% else %}
-								<span class="text-muted">{{ _("Unkown") }}</span>
-							{% end %}
-						</dd>
+			<a class="btn btn-warning btn-block" href="/lookup/{{ address }}/blacklists">
+				{{ _("See Full Blacklist Status") }}
+			</a>
+		</div>
+	{% end %}
 
-						{% if peer and peer.asn %}
-							<dt>{{ _("Autonomous System") }}</dt>
-							<dd>{{ peer.asn }}</dd>
-						{% end %}
-					</dl>
-				</div>
+	<div class="card mb-4">
+		{% if peer and peer.latitude and peer.longitude %}
+			<div class="card-img-top">
+				{% module Map(peer.latitude, peer.longitude) %}
 			</div>
-
-			{% if blacklists %}
-				<div class="card mb-4">
-					<div class="card-body">
-						<h5 class="card-title mb-0">{{ _("Blacklists") }}</h5>
-					</div>
-
-					<ul class="list-group list-group-flush">
-						{% for bl in sorted(blacklists) %}
-							{% if blacklists[bl] %}
-								{% set code, reason = blacklists[bl] %}
-
-								<li class="list-group-item {% if code %}list-group-item-danger{% else %}list-group-item-success{% end %}">
-									<p class="mb-0">{{ bl }}</p>
-
-									{% if reason %}
-										<small class="text-muted">{{ reason }}</small>
-									{% end %}
-								</li>
-							{% end %}
+		{% end %}
+
+		<div class="card-body">
+			<dl>
+				<dt>{{ _("Country") }}</dt>
+				<dd>
+					{% if peer %}
+						{% if peer.country_name %}
+							{{ peer.country_name }} ({{ peer.country }})
+						{% else %}
+							{{ peer.country_name }}
 						{% end %}
-					</ul>
-				</div>
-			{% end %}
+					{% else %}
+						<span class="text-muted">{{ _("Unkown") }}</span>
+					{% end %}
+				</dd>
+
+				{% if peer and peer.asn %}
+					<dt>{{ _("Autonomous System") }}</dt>
+					<dd>{{ peer.asn }}</dd>
+				{% end %}
+			</dl>
+
+			<a class="btn btn-light btn-block" href="/lookup/{{ address }}/blacklists">
+				{{ _("Blacklist Status") }}
+			</a>
 		</div>
 	</div>
 {% end block %}
diff --git a/src/web/__init__.py b/src/web/__init__.py
index e1e86bdc..a41ee5d7 100644
--- a/src/web/__init__.py
+++ b/src/web/__init__.py
@@ -239,6 +239,7 @@ class Application(tornado.web.Application):
 		# location.ipfire.org
 		self.add_handlers(r"location(\.dev)?\.ipfire\.org", [
 			(r"/", location.IndexHandler),
+			(r"/lookup/(.+)/blacklists", location.BlacklistsHandler),
 			(r"/lookup/(.+)", location.LookupHandler),
 		])
 
diff --git a/src/web/location.py b/src/web/location.py
index 977a59f0..6584215f 100644
--- a/src/web/location.py
+++ b/src/web/location.py
@@ -23,7 +23,22 @@ class LookupHandler(base.BaseHandler):
 		address = self.geoip.lookup(address)
 
 		# Lookup blacklists
-		blacklists = yield address.get_blacklists()
+		is_blacklisted = yield address.is_blacklisted()
 
 		self.render("location/lookup.html",
-			address=address, blacklists=blacklists, peer=peer)
+			address=address, is_blacklisted=is_blacklisted, peer=peer)
+
+
+class BlacklistsHandler(base.BaseHandler):
+	@tornado.gen.coroutine
+	def get(self, address):
+		peer = self.geoip.get_all(address)
+
+		# Lookup address
+		address = self.geoip.lookup(address)
+
+		# Lookup blacklists
+		blacklists = yield address.get_blacklists()
+
+		self.render("location/blacklists.html",
+			address=address, blacklists=blacklists)