Firewall XML Fail

hi, im triying this awesome class, but when i use a xml to configure the ip block or allow, specify when using the allow ip do not work propertly send that the ip i allow is blocked, and the ip is allow, so it just work fine without passing a xml file with the config.

so did you got any idea here is the way i implement but not work
//here is the code, and the include is well implement but do not work like this
//here X.X.X.X is changed by my ip address i got a ip static so no problem of being dynamic

include 'includes/firewall.class.php';
try{
$firewall = new Firewall('includes/FirewallSet.xml');
$firewall->run();
}
catch(Exception $e){
die("Acceso Restringido. Contacte al WebMaster UAEH si existe un error");
}
///////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////
this is my FirewallSet.xml
///////////////////////////////////////////////////////////////
<firewall>

<!-- IP: IP block / allow list, remember that net mask can also be provided to block subnets example: 23.23.0.0/255.255.0.0, this will block the whole 23.23.X net. -->
<IP>
<!-- block: These ips will get blocked. -->
<!--<block>
<item>23.23.23.23</item>
<item>23.23.23.21</item>
</block> -->

<!-- allow: When using allow block element is not needed because you only allow these elements -->

<allow>
<item>X.X.X.X</item>
</allow>

</IP>




<!-- userinput: User input settings, to remove sql injections and block userinput of any kind.
Additional settings is separated by the "|" symbol.
The following Constants can be selected:
Firewall::POST
Firewall::GET
Firewall::FILES
Firewall::COOKIE
Firewall::SERVER
Firewall::SESSION
-->
<userinput>
<!-- preventInput: Prevents all variables and unsets any data posted by users including post, get, cookie and all other variables that users can post data in. Leave types arguement empty if you want to filter it all.
This setting is only useful at static php webpages.
-->
<preventInput types="Firewall::POST|Firewall::GET">false</preventInput>

<!-- inputProtection: Removes all kind of html (XXS safe) and removes sql injection from any kind of userinput including get,post, cookie, session variables. Leave types arguement empty if you want to filter it all.-->
<inputProtection types="Firewall::POST|Firewall::GET|Firewall::FILES|Firewall::SESSION|Firewall::COOKIE|Firewall::SERVER">false</inputProtection>
</userinput>




</firewall>
///////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////


//here is the code, WITHOUT the XML and work FINE
//here X.X.X.X is changed by my ip address i got a ip static so no problem of being dynamic

include 'includes/firewall.class.php';
try{
$firewall = new Firewall();
$firewall->allowIP('X.X.X.X');
$firewall->run();
}
catch(Exception $e){
die("Acceso Restringido. Contacte al WebMaster UAEH si existe un error");
}

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Please help to fix this

Hi!

Thanks for using this class.

I have updated some changes on the Firewall.class.php and this is now working properly.

Some test case was overlooked but now its OK!

Download latest version of Firewall.class.php and you are set!

well thanks for respond, i download the latest version, but now it doesnot do noting using the xml file, just like the example, in fact don't work in your example still show the page also blocking my ip address. So can you bringe some help????

doing some test, i can see that in this version using the XML config, you need to put the specified <blocked> IP's to work and do not show this to unautorized ip.

The idea is to block all ip's that are not in the list of <allow>

So in the last version i saw that in the XML file if i want to allow all ip's but just blocked some ips, we need to comment the <allow> and leave just the <block> and if w want to denied the access to all ip's and just aloow some ips we comment the <block> and leave the <allow> just.

So i'm doing some wrong or what???? in this version???

Hi sorry for late response, I currently have bad connections here.

This is correct.

If you only want to allow some IP's , but block the rest you comment the blocked element... And fill allowed ips in the allow block...

If you only want to deny some IP's , but block the rest you comment the allow element... And fill blocked ip's that you want to block in the blocked element.

Hi.

I noticed that there was a problem for some users.

This is now fixed.

Thank you for your report.

hey thanks to responde, now fixed the problem and i think that was because i didnot quit the comments in the xml file, so the xml was compiled wrong, but now is fixed.

Now other problem i get this when i activate to true the inputProtection


Notice: Undefined variable: _SESSION in /XX/XX/XXXX/firewall.class.php on line 321.

Any idea, i tried to remove just thisline en the Type"" Firewall::SESSION, but still with error, if i use false in both no problem show.

help!!!!!!!!!!!

Hi!

Warning message is because of a isset check i have forgotten. It's not a security risk, but i have updated firewall.class.php to remove these warnings.

You may download the latest version of firewall.class.php

Thanks for the report.