Feature Request: block certain domains (*.myvzw.com, *.mycingular.net, etc.)

Testing
1

We have lots of users with Verizon and AT&T data cards. The issue is that they have limited data depending on the plan. So, for a 3GB / month user, I can’t do the initial full backup if the user is using the cell data cards. I also can’t accurately predict the amount of data that is transferred during the incremental backups, so I may want to block those too.

My current backup program (BURP) allows for a user configurable script to be run before a backup takes place. That backup program sets some environment variables, and REMOTE_ADDR (the backup user’s current ip address) is one of the variables. I wrote a script that simply does a reverse lookup on the IP and can deny the backup based on the exit value.

Acceptable solution:
I think an acceptable solution would be to have a way to run an external script prior to backups that can cancel a user backup, with environment variables set (like BURP); or alternatively, a textbox in the settings that I can add a list of domains to block (with a wildcard to block subdomains; eg. *.myvzw.com).

Ultimate wish solution:
Have a way to limit each client by a certain MegaByte value per month (say 1000MB or 1GB); counted only when they are backing up from a restricted domain. Do not count data for non-restricted domains, and have the counters reset once a month. Perhaps, under settings I could have a list of “restricted” domains the clients might connect from and I could add a size limit for each domain. Then, under the client settings tab I might see an override to allow smaller or larger amounts of data for specific clients.

Thoughts? Thanks for the consideration.

EDIT: I just found out about the prefilebackup and postfilebackup scripts. Correct me if I’m wong, but it looks like those are for client machines. Could I use the prefilebackup to stop a backup from running if I determine the backup path is via one of my restricted domains?

2

If anyone is interested, here is a script I hacked together to block verizon data cards. I run the script once an hour to block verizon data cards for 6 hours. If I have time, I’ll figure out a way to track how long a particular IP address has been active, and then block after an hour of backups (or a max of 3 hours per day, which should limit our data to under 1.5GB/month give or take).

#!/bin/bash

# rac: 2016-05-25
# this program is used to block incoming connections from myvzw.com
# it is intended to stop UrBackup users with air cards from backing up
# using their mobile data cards (it does not block other carriers as of now)
#
# you will need to install tcpkill via "apt-get install dsniff"
#
# I generally run this via crontab once an hour (customize as needed):
#0	*	*	*	*	/usr/local/bin/block-myvzw.sh >/tmp/block-myvzw.log


blocktimeout="6h"	# 6h is equal to 6 hours
blockport="55415"


function tcp_kill () {
  if ! pgrep -f "tcpkill host $1"; then
    /usr/bin/timeout $blocktimeout /usr/sbin/tcpkill host $1 and port $blockport 2>&1 >/dev/null
  fi
}

# get a list of all current connections
ip_list=$(/bin/netstat -n | /bin/grep -i "^tcp" | /usr/bin/awk '{print $5}' | /usr/bin/cut -f1 -d":")

for ip_addr in $ip_list; do
  host=$(/usr/bin/getent hosts $ip_addr | /usr/bin/awk '{print $2}')
  /bin/echo "$ip_addr == $host"
  if [[ "$host" == *myvzw\.com ]]; then
    /bin/echo -n "  The above connection matches myvzw.com -- "
    # kill the connection
    tcp_kill $ip_addr &
  fi
done
1 Like