AbuseIPDB Integration module

[marcopolo]

That file jscript_framework.php is part of zencart, I have the same file and it works on my store so I do not think it is that. Check the two files I outlined the previous post. If those are modified try using the originals and troubleshoot and see if that is your issue.

[lat9]

FWIW, that "headers already sent" issue is usually associated with a file (usual culprits are language files) that has an extra space after the PHP 'end', e.g.

Code:

<?

... where there is a blank line after the <?.

[johnjlarge]

Thanks both of you.

I checked tpl_header.php and tpl_main_page.php against originals and there are changes to do with my template in use compared to stock files from Zen Cart, but the core of the files are the same. I tried, just to test, dropping in the standard files without modifications & the error persists.

I also went through files looking for extra whitespace & couldn't find anything. The strange thing is, this site has been running for a long time & has quite a few plugins which work perfectly together. This is the first plugin I’ve used which fills up the log files, so it would seem if the error exists in one of my existing files, it doesn't affect any of the other plugins as the only file I ever get in logs is if a square payment is declined or fails.

I spent a few hours last night combing through files trying to find anything that could be issuing a header response before tpl_header.php, but I couldn't find anything. I'll just have to leave it disabled for now which is a shame.

[webchills]

Thanks for this great plugin, nice work!

Is there a reason why you redirect blocked IPs to the page_not_found page? I think a 410 redirect would be more suitable.

I have changed in includes/classes/observers/class.abuseipdb_observer.php the three instances of:

Code:

header('Location: /index.php?main_page=page_not_found');
                exit();

to:

Code:

header('HTTP/1.0 410 Gone');
                zen_exit();

@johnjlarge
could be a fix for your headers already sent issue as well

[johnjlarge]

Thanks for this great plugin, nice work!

Is there a reason why you redirect blocked IPs to the page_not_found page? I think a 410 redirect would be more suitable.

I have changed in includes/classes/observers/class.abuseipdb_observer.php the three instances of:

Code:

header('Location: /index.php?main_page=page_not_found');
                exit();

to:

Code:

header('HTTP/1.0 410 Gone');
                zen_exit();

@johnjlarge
could be a fix for your headers already sent issue as well

Just tried with these changes, still no go for me. Still getting the headers already sent error.

[johnjlarge]

So, I've found a way around this which works, are there any issues to doing it this way?

In the index.php file at the root of zen cart, adding the block code before allowing html_header.php to load makes the code work. Will this give me any issues downstream in the code flow?

Around line 40 of index.php I've added the code here

Code:

 

/**
 * We now load header code for a given page. 
 * Page code is stored in includes/modules/pages/PAGE_NAME/directory 
 * 'header_php.php' files in that directory are loaded now.
 */
    require($code_page_directory . '/' . $value);
  }
/**
 * We now load the html_header.php file. This file contains code that would appear within the HTML <head></head> code 
 * it is overridable on a template and page basis. 
 * In that a custom template can define its own common/html_header.php file 
 */
 // bof modification AbuseIPDB
if (ABUSEIPDB_ENABLED) {
$GLOBALS['zco_notifier']->notify('NOTIFY_HEADER_START');
}
// eof modification AbuseIPDB
  require($template->get_template_dir('html_header.php',DIR_WS_TEMPLATE, $current_page_base,'common'). '/html_header.php');
/**
 * Define Template Variables picked up from includes/main_template_vars.php unless a file exists in the
 * includes/pages/{page_name}/directory to overide. Allowing different pages to have different overall
 * templates.
 */

[marcopolo]

Thanks for this great plugin, nice work!

Is there a reason why you redirect blocked IPs to the page_not_found page? I think a 410 redirect would be more suitable.

I have changed in includes/classes/observers/class.abuseipdb_observer.php the three instances of:

Code:

header('Location: /index.php?main_page=page_not_found');
                exit();

to:

Code:

header('HTTP/1.0 410 Gone');
                zen_exit();

@johnjlarge
could be a fix for your headers already sent issue as well

Thank you glad you like it!

In regards to the redirect page I guess I thought giving it no information was better but maybe 410 option is better since it would indicate that the content is permanently gone and discourage further access attempts from the abusive IP addresses. It can also help search engines quickly remove the content from their indexes.

[marcopolo]

So, I've found a way around this which works, are there any issues to doing it this way?

In the index.php file at the root of zen cart, adding the block code before allowing html_header.php to load makes the code work. Will this give me any issues downstream in the code flow?

Around line 40 of index.php I've added the code here

Code:

 

/**
 * We now load header code for a given page. 
 * Page code is stored in includes/modules/pages/PAGE_NAME/directory 
 * 'header_php.php' files in that directory are loaded now.
 */
    require($code_page_directory . '/' . $value);
  }
/**
 * We now load the html_header.php file. This file contains code that would appear within the HTML <head></head> code 
 * it is overridable on a template and page basis. 
 * In that a custom template can define its own common/html_header.php file 
 */
 // bof modification AbuseIPDB
if (ABUSEIPDB_ENABLED) {
$GLOBALS['zco_notifier']->notify('NOTIFY_HEADER_START');
}
// eof modification AbuseIPDB
  require($template->get_template_dir('html_header.php',DIR_WS_TEMPLATE, $current_page_base,'common'). '/html_header.php');
/**
 * Define Template Variables picked up from includes/main_template_vars.php unless a file exists in the
 * includes/pages/{page_name}/directory to overide. Allowing different pages to have different overall
 * templates.
 */

That is fine for the index page however if one enters on a different page your not protected, that is why it is added to the tpl_header.php page since that will load on every page no matter the entry point.

[johnjlarge]

Hi @marcopolo

I've just tested it, setting my own IP as the test mode IP & can confirm it works on subpages. As far as I'm aware the index.php always fires, then loads in templates, includes etc. It may be a more elegant way to load it, as the block will launch with minimal code being loaded, possibly reducing server load in the process. I chose index.php as according to the program flow in documentation it's the top level page which everything else loads from. With this being a blocking script, it would make sense to expose as little code/server resources as possible.

Program flow docs https://docs.zen-cart.com/dev/code/program_flow/

I also set the redirect as a 403 forbidden error as this seemed more appropriate for my usage.

Code:

// Redirect to the 404 page
            header('HTTP/1.0 403 Forbidden');
            zen_exit();

[marcopolo]

Hi @marcopolo

I've just tested it, setting my own IP as the test mode IP & can confirm it works on subpages. As far as I'm aware the index.php always fires, then loads in templates, includes etc. It may be a more elegant way to load it, as the block will launch with minimal code being loaded, possibly reducing server load in the process. I chose index.php as according to the program flow in documentation it's the top level page which everything else loads from. With this being a blocking script, it would make sense to expose as little code/server resources as possible.

Program flow docs https://docs.zen-cart.com/dev/code/program_flow/

I also set the redirect as a 403 forbidden error as this seemed more appropriate for my usage.

Code:

// Redirect to the 404 page
            header('HTTP/1.0 403 Forbidden');
            zen_exit();

Your perfectly fine then, apologies for the oversight regarding the index page. I wasn't aware that it loaded on every page. I use one of those SEO page optimizers that rename all my pages to .html pages so I never see the zencart page names. To regards to optimizing server load, the best solution would be to load it from the index page outlined within the flow documentation as you pointed out. A blocked IP, I assume they would just receive a blank page with no content loading from your site?