When multiple IPs trigger the same rule simultaneously, they were
sharing the same check_keys value (only rule ID), causing the manager
to abort all but the first execution.
Changed the key to include both rule_id and srcip to make it unique
per source IP, allowing multiple simultaneous blocks while still
preventing duplicate blocks of the same IP.
Fixes#4738
* Add ports to Events page
* fixes race condition updating the blocklist
* Native integration with DNSCrypt-proxy
Added Q-Feeds domains to the DNSBL list of DNSCrypt-Proxy. Changed since the initial way, this is more native. Q-Feeds domains txt files only created if DNSCrypt-proxy is installed and if the list (qf) is selected.
* Update Makefile
* Update pkg-descr
* Update security/q-feeds-connector/pkg-descr
Co-authored-by: Franco Fichtner <franco@lastsummer.de>
* Update security/q-feeds-connector/Makefile
Co-authored-by: Franco Fichtner <franco@lastsummer.de>
* Add threat lookup magnifier buttons to events table
- Add magnifier buttons next to source and destination IP addresses in events table
- Buttons open Threat Intelligence Portal in new tab with IP pre-filled
- Automatically triggers search when TIP page loads
- Buttons are right-aligned in their respective columns
- Works for both logged-in and logged-out users (with proper redirect handling)
* Update pkg-descr
* Refactor formatters to use template literals (backticks) for better readability
Addresses reviewer feedback to use template literals instead of string concatenation for HTML generation in JavaScript formatters.
* Update pkg-descr: consolidate all changes into version 1.3
* Use const instead of var for modern JavaScript best practices
Addresses reviewer feedback to use const/let instead of var for better block scoping and to prevent accidental reassignment.
---------
Co-authored-by: Franco Fichtner <franco@lastsummer.de>
mbedworth
Q-Feeds
Franco Fichtner
Angel Marin
Frank Wall
Anton Avramov
Lis
Peter
Sam Sheridan
Florian Latifi