Auth0 Home Blog Docs

Rule to notify slack channel if context.request.ip = a list of IPs "Request to Webtask got ESOCKETTIMEDOUT"

Hi, I hacked together a few existing rules, “Email domain whitelist” and “Slack Notification on User Signup” to create a rule “IP Address blacklist”.

The rule checks the context.request.ip against a list of known bad IP addresses, and notifies a slack channel if there is a match.

If the user’s context.request.ip is on the list, login and signup works great. For everyone else, login and signup doesn’t work consistently and takes forever. Usually we see “Failed Silent Auth” +
“Request to Webtask got ESOCKETTIMEDOUT” errors.

Can the rule be written asynchronously so it doesn’t interfere with the login, but still notifies the slack channel?

Setting up the IP address list as a configuration doesn’t help vs. writing out the IP addresses. The string might be too long for a configuration? We have the SLACK_HOOK_URL setup as a configuration, that works fine.

Here is the code (with redactions):

  const SLACK_HOOK = configuration.SLACK_HOOK_URL;
        function (user, context, callback) {
          const blacklist = ['ip.address.1','ip.address.2','ip.address.102']; // un-authorized IPs
          const blacklistuser = blacklist.some(function (ip) {
            return context.request.ip === ip;
          });

      if (!blacklistuser) return;
      // get your slack's hook url from: https://slack.com/services/10525858050
      const SLACK_HOOK = configuration.SLACK_HOOK_URL;

      const slack = require('slack-notify')(SLACK_HOOK);
      const message = 'Login from fraudulent IP: ' + (user.name || user.email) + ' (' + user.email + ')' + ' (' + context.request.ip + ')';
      const channel = '#fraud_alerts';

      slack.success({
        text: message,
        channel: channel
      });

      // don't wait for the Slack API call to finish, return right away (the request will continue on the sandbox)`
      callback(null, user, context);
    }
1 Like

I too am having this issue with a very simple rule that submits an http request. I am getting the ESOCKETTIMEDOUT error, and the webtask logs are hanging. Can someone assist?