From 2406d9f995d5d9c79eba63b6f7b4f16740ded2b5 Mon Sep 17 00:00:00 2001
From: jknapp <jknapp85@gmail.com>
Date: Fri, 22 Aug 2025 10:06:04 -0700
Subject: [PATCH] Add 403 status to blocked IP page and reload HAProxy on IP
 block/unblock
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Modified /blocked-ip route to return 403 Forbidden status with HTML page
- Added HAProxy reload after adding blocked IP to ensure consistency
- Added HAProxy reload after removing blocked IP to ensure consistency
- Includes error handling for reload failures without breaking the operation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 haproxy_manager.py | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/haproxy_manager.py b/haproxy_manager.py
index 4cb5f65..6644766 100644
--- a/haproxy_manager.py
+++ b/haproxy_manager.py
@@ -760,6 +760,21 @@ def add_blocked_ip():
         # Add to runtime map for immediate effect
         add_ip_to_runtime_map(ip_address)
         
+        # Reload HAProxy to ensure consistency
+        try:
+            if is_process_running('haproxy'):
+                if os.path.exists(HAPROXY_SOCKET_PATH):
+                    socket_path = HAPROXY_SOCKET_PATH
+                else:
+                    socket_path = '/tmp/haproxy-cli'
+                
+                reload_result = subprocess.run(f'echo "reload" | socat stdio {socket_path}',
+                                             capture_output=True, text=True, shell=True)
+                if reload_result.returncode != 0:
+                    logger.warning(f"HAProxy reload failed after blocking IP {ip_address}: {reload_result.stderr}")
+        except Exception as e:
+            logger.warning(f"Error reloading HAProxy after blocking IP {ip_address}: {e}")
+        
         log_operation('add_blocked_ip', True, f'IP {ip_address} blocked successfully')
         return jsonify({'status': 'success', 'blocked_ip_id': blocked_ip_id, 'message': f'IP {ip_address} has been blocked'})
     except sqlite3.IntegrityError:
@@ -800,6 +815,21 @@ def remove_blocked_ip():
         # Remove from runtime map for immediate effect
         remove_ip_from_runtime_map(ip_address)
         
+        # Reload HAProxy to ensure consistency
+        try:
+            if is_process_running('haproxy'):
+                if os.path.exists(HAPROXY_SOCKET_PATH):
+                    socket_path = HAPROXY_SOCKET_PATH
+                else:
+                    socket_path = '/tmp/haproxy-cli'
+                
+                reload_result = subprocess.run(f'echo "reload" | socat stdio {socket_path}',
+                                             capture_output=True, text=True, shell=True)
+                if reload_result.returncode != 0:
+                    logger.warning(f"HAProxy reload failed after unblocking IP {ip_address}: {reload_result.stderr}")
+        except Exception as e:
+            logger.warning(f"Error reloading HAProxy after unblocking IP {ip_address}: {e}")
+        
         log_operation('remove_blocked_ip', True, f'IP {ip_address} unblocked successfully')
         return jsonify({'status': 'success', 'message': f'IP {ip_address} has been unblocked'})
     except Exception as e:
@@ -1297,7 +1327,7 @@ if __name__ == '__main__':
         @default_app.route('/blocked-ip')
         def blocked_ip_page():
             """Serve the blocked IP page for blocked clients"""
-            return render_template('blocked_ip_page.html')
+            return render_template('blocked_ip_page.html'), 403
         
         default_app.run(host='0.0.0.0', port=8080)