Ban/blacklist external clients

2 posts, 0 answers
  1. Francesco
    Francesco avatar
    1 posts
    Member since:
    Dec 2015

    Posted 30 Dec 2015 Link to this post

    Hi there,

     I'm using Fiddler allowing external clients to connect. Capturing is disabled and sessions are filtered with "Non-Browser".

    While debugging some stuff, I've seen some strange requests (, cirillic search queries, strange urls) listed on my Fiddler sessions list. So I thought that there was a malware on my PC doing all that requests, but when I unchecked "Allow remote computers to connect", these requests stop immediately. So, in a certain way, an automatic bot has connected to my Fiddler (I don't know how it discovered my IP, however I've used the Fiddler default port, 8888, I will try to change it), and has done all that requests.

     Since I'm debugging a single URL, via FiddlerScript I've tried to block all the requests done by the bot, using scripts like the one below:

    var hostname = oSession.hostname;
    if (!hostname.Contains("myfavouritehost")) {
    if (!hostname.Contains("myfavouritehost")) {
        oSession.oRequest.FailSession(403, "Go to hell", "Go to hell");


    • in the first case, I'm simply ignoring the listing of the session, but I'm anyway letting the bot do the requests
    • in the second case, I'm blocking it, yes, but it shoots hundreds of requests per minute, so the RAM usage raise to 2GB+ within 12 hours

    How can I simply ban/blacklist a client IP, and so refuse all its connections, without taking trace of that connections in my sessions list? (so... silently?)


  2. Eric Lawrence
    Eric Lawrence avatar
    833 posts

    Posted 31 Dec 2015 Link to this post

    Hello, Francesco--

    In general, I would strongly recommend you NOT put an instance of Fiddler on a PC that is directly connected to the Internet and not protected by a firewall. If you do, changing the default port will help only a little, but it'll be easy enough to find via a port-scan.

    If you do use this configuration, you can do a number of tricks to reject unwanted traffic. You can look at the oSession["X-ClientIP"] flag and reject any traffic coming from a remote IP address; you should do so explicitly by using the FailSession API and not by calling Ignore, as the latter API will simply hide the traffic from you but allow your connection to be used by botnets and the like.

    Alternatively, you can use the Rules > Require Proxy Authentication to demand authentication credentials from any client that connects. Before you do so, inside Fiddler's QuickExec box beneath the Session list, type 

       prefs set fiddler.proxy.creds MTox

    Where MTox is a base64 encoded string of the form UserName:Password (you can base64 a string using the Tools > TextWizard command).

    After you set this preference and enable the proxy authentication rule, any client that connects must send proxy credentials or Fiddler will return a demand for credentials.

    Eric Lawrence
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top