userBlockedIP parameter not trimming spaces

[adnan29979]

Issue:
About a month ago, I experimented with the 'userBlockedIP' parameter in MeshCentral version 1.1.18, and it worked perfectly. I even managed to redirect the blocked IPs to a specific URL using the 'ipBlockedUserRedirect' parameter. However, I'm currently facing an issue where I need to block certain IP addresses for security purposes, but it appears that the blocking feature isn't functioning correctly. Despite having blocked two distinct IP addresses, I'm still able to log in from those addresses.

My config.json:

	{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "cert": "xxxxx",
    "_TrustedCert": false,
    "_WANonly": true,
    "_LANonly": true,
    "_sessionKey": "MyReallySecretPassword1",
    "port": 8069,
    "_aliasPort": 443,
    "redirPort": 80,
    "_redirAliasPort": 80,
    "webrtc": true,
    "selfUpdate": false,
    "MongoDB": "mongodb://localhost:27017/?replicaSet=rs0",
    "MongoDbBulkOperations": true,
    "maxInvalidLogin": {
      "time": 10,
      "count": 3,
      "coolofftime": 10
    },
    "maxInvalid2fa": {
      "time": 10,
      "count": 3,
      "coolofftime": 10
    },
    "_crowdsec": { "fallbackRemediation": "captcha" },
    "AutoBackup": {
      "mongoDumpPath": "C:\\Program Files\\MongoDB\\Tools\\100\\bin\\mongodump.exe",
      "backupIntervalHours": 24,
      "keepLastDaysBackup": 3,
      "zipPassword": "xxxxxx",
      "_backupPath": "C:\\backups",
      "_googleDrive": {
        "folderName": "MeshCentral-Backups-GDrive",
        "maxFiles": 3
      },
    "ipBlockedUserRedirect": "https://www.youtube.com/watch?v=dQw4w9WgXcQ",
    "_userAllowedIP": "127.0.0.1,192.168.1.0/24",
    "userBlockedIP": "x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x",
    "agentPing": 25,
    "_browserPing": 45
    }
  },

  "domains": {
    "": {
      "title": "xxxxx",
      "_minify": true,
      "_newAccounts": true,
      "_userNameIsEmail": true,
      "newAccountsCaptcha": true,
      "_titlePicture": "Logo2.jpg",
      "welcomeText": "xxxxx",
      "_welcomePicture": "Logo1.jpg",
      "_loginPicture": "Logo1.jpg",
      "welcomePictureFullScreen": false,
      "_footer": "xxxxx",
      "loginfooter": "xxxxxx",
      "_maxDeviceView": 100,
      "passwordRequirements": {
        "_min": 8,
        "_max": 128,
        "_upper": 1,
        "_lower": 1,
        "_numeric": 1,
        "_nonalpha": 1,
        "_reset": 90,
        "force2factor": true,
        "_skip2factor": "127.0.0.1,192.168.2.0/24",
        "_oldPasswordBan": 5,
        "_banCommonPasswords": false,
        "twoFactorTimeout": 300
      },
      "twoFactorCookieDurationDays": 5,
      "_agentCustomization": {
        "displayName": "Company® Product™",
        "description": "Company® Product™ agent for remote monitoring, management and assistance.",
        "companyName": "Company®",
        "serviceName": "companyagent",
        "image": "agent-logo.png",
        "fileName": "compagnyagent"
      },
      "terminal": {
        "_linuxshell": "login",
        "launchCommand": {
          "linux": "clear\nsu pi\ncd\n",
          "_darwin": "clear\necho \"Hello MacOS\"\n",
          "_freebsd": "clear\necho \"Hello FreeBSD\"\n"
        }
      }
    }
  },
  "letsencrypt": {
    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
    "email": "xxxxxx",
    "names": "xxxxxxx",
    "skipChallengeVerification": true,
    "production": true
  }
}

Server OS:
Windows 11 Pro

Meshcentral Version:
1.1.18
(I prefer not to update to 1.1.20 because usually speaking, new bugs might arise. This is used at an enterprise, so I try my best to opt out of updates)

Node version:
20.11.0

Network:
Simple port forwarding

Additional Info
It is worth noting that I have the Master JS file for computer-identifiers.js
"https://github.com/Ylianst/MeshCentral/blob/master/agents/modules_meshcore/computer-identifiers.js"

[si458]

If you format your json with https://jsonlint.com, your json is invalid
You have the blocking information inside autobackup and it needs to be inside settings
Also same with agentping too

"ipBlockedUserRedirect": "https://www.youtube.com/watch?v=dQw4w9WgXcQ",
            "_userAllowedIP": "127.0.0.1,192.168.1.0/24",
            "userBlockedIP": "x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x",
            "agentPing": 25,
            "_browserPing": 45

[si458]

You can also load up visual studio code, then load up ur json file, it will load the schema and possibly tell u those values are invalid for that section too
https://ylianst.github.io/MeshCentral/meshcentral/tipsntricks/#fancy-config-editing-with-vs-code

[adnan29979]

Thanks for pointing it out. I fixed the config.json now and the new JSON file is valid in https://jsonlint.com/. The issue still persists.

New json:

{
    "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
    "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
    "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
    "settings": {
      "cert": "xxx",
      "_TrustedCert": false,
      "_WANonly": true,
      "_LANonly": true,
      "_sessionKey": "MyReallySecretPassword1",
      "port": 8069,
      "_aliasPort": 443,
      "redirPort": 80,
      "_redirAliasPort": 80,
      "webrtc": true,
      "selfUpdate": false,
      "MongoDB": "mongodb://localhost:27017/?replicaSet=rs0",
      "MongoDbBulkOperations": true,
      "maxInvalidLogin": {
        "time": 10,
        "count": 3,
        "coolofftime": 10
      },
      "maxInvalid2fa": {
        "time": 10,
        "count": 3,
        "coolofftime": 10
      },
      "_crowdsec": { "fallbackRemediation": "captcha" },
      "userBlockedIP": "x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x",
      "AutoBackup": {
        "mongoDumpPath": "C:\\Program Files\\MongoDB\\Tools\\100\\bin\\mongodump.exe",
        "backupIntervalHours": 24,
        "keepLastDaysBackup": 3,
        "zipPassword": "xxxx",
        "_backupPath": "C:\\backups",
        "_googleDrive": {
          "folderName": "MeshCentral-Backups-GDrive",
          "maxFiles": 3
        }
       },
      "ipBlockedUserRedirect": "https://www.youtube.com/watch?v=dQw4w9WgXcQ",
      "_userAllowedIP": "127.0.0.1,192.168.1.0/24",
      "_userBlockedIP": "127.0.0.1,::1,192.168.0.100",
      "agentPing": 25,
      "_browserPing": 45
    },
  
    "domains": {
      "": {
        "title": "xxxx",
        "title2": "xx",
        "_title": "xxxx",
        "_title2": "xxx",
        "_minify": true,
        "_newAccounts": true,
        "_userNameIsEmail": true,
        "_certUrl": "xxx",
        "newAccountsCaptcha": true,
        "_titlePicture": "Logo2.jpg",
        "welcomeText": "xxx",
        "_welcomePicture": "Logo1.jpg",
        "_loginPicture": "Logo1.jpg",
        "welcomePictureFullScreen": false,
        "_footer": "xxx",
        "footer": "xxx",
        "loginfooter": "xxx",
        "_maxDeviceView": 100,
        "passwordRequirements": {
          "_min": 8,
          "_max": 128,
          "_upper": 1,
          "_lower": 1,
          "_numeric": 1,
          "_nonalpha": 1,
          "_reset": 90,
          "force2factor": true,
          "_skip2factor": "127.0.0.1,192.168.2.0/24",
          "_oldPasswordBan": 5,
          "_banCommonPasswords": false,
          "twoFactorTimeout": 300
        },
        "twoFactorCookieDurationDays": 5,
        "_agentCustomization": {
          "displayName": "Company® Product™",
          "description": "Company® Product™ agent for remote monitoring, management and assistance.",
          "companyName": "Company®",
          "serviceName": "companyagent",
          "image": "agent-logo.png",
          "fileName": "compagnyagent"
        },
        "terminal": {
          "_linuxshell": "login",
          "launchCommand": {
            "linux": "clear\nsu pi\ncd\n",
            "_darwin": "clear\necho \"Hello MacOS\"\n",
            "_freebsd": "clear\necho \"Hello FreeBSD\"\n"
          }
        }
      }
    },
    "letsencrypt": {
      "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
      "email": "xxx",
      "names": "xxx",
      "skipChallengeVerification": true,
      "production": true
    }
  }
  

[adnan29979]

Additional information:
I have a separate personal mesh-central server. Same issue with that server as well (after fixing the JSON like I fixed above) (this one also has the Master JS file for computer-identifiers.js)

Specs of the 2nd server:
Server OS:
Debian 12 64-bit

Meshcentral version:
1.1.20

Node version:
v18.19.0

[si458]

Try formatting the ips without the spaces as u have in the example
192.168.77.99,217.66.99.88,217.44.22.0/24
Remember to restart meshcentral after u have set them

[adnan29979]

Additional Information:
I just spun up my third meshcentral server. Still the same.
(PS: Each of my servers are at different machines, and have different IPs)

[adnan29979]

Try formatting the ips without the spaces as u have in the example 192.168.77.99,217.66.99.88,217.44.22.0/24 Remember to restart meshcentral after u have set them

The removal of spaces did the work. Thanks a lot. ❤
I'm sorry for causing you trouble over such a minor issue. Going to block some IP addresses of unknown login attempts. Thanks a lot again. ❤❤

[si458]

No it's OK! I'll look into it, as it should be trimming the spaces! Thanks for letting me know...

[si458]

all fixed! will be in next release 👍