autoban
Autoban allows to automatize IP ban using watchdog table by the module rules.
Drupal 8,9,10,11 version
Need enable Database logging module (core) and at least one IP Ban Providers submodule: Autoban Core Ban (integrated with core Ban module) and/or Autoban Advanced Ban (integrated with Advanced Ban module).
Rule module finds IP in watchlog table entries and do IP Ban using Ban Provider. Advanced Ban provider supports IP address range and blocked IP expire. IP blocking by cron or manually.
Rules for ban IP consist of:
- Rule ID
- Type (watchdog type, like "page not found")
- Message pattern (rules seek in watchdog message as "LIKE %message_pattern%" or "REGEXP message_pattern"). Multiple patterns available("|" divider).
- The threshold number of log entries.
- Time window
- User type (anonymous, authenticated or any).
- User referrers
- IP ban provider
Drupal 7 version
Need enable Database logging module (core). The module ban IP by cron (cron mode) or at every dblog event (force mode).
Rule module finds IP in watchlog table entries and inserts IP to banned IP table. By default, IP is inserted into blocked_ips table (admin/config/people/ip-blocking). After installing IP_ranges module you can ban IP range (aaa.bbb.ccc.0 - aaa.bbb.ccc.255).
Autoban module supports Blocked IPs Expire module, which unblocking IP addresses after a certain amount of time. Just install the module and use Single ban.
Rules for ban IP consist of:
- Type (watchdog type, like "page not found")
- Message pattern, like "page not found". (Rules seek in watchdog message as "LIKE %message_pattern%" or "REGEXP message_pattern"). Multiple patterns available("|" divider). A message pattern must not contain "LIKE", it will be added automatically.
- The threshold number of log entries.
- Time window
- User type (anonymous, authenticated or any).
- User referrers
- Type IP (single or range). Needs installing IP_ranges module for range ban.
The module can check search engines bots IP by Whitelist (for example, ip2location.com or iplists.com). Use # symbol as a comment.
For example:
# Google list
104.132.0.0/21
104.132.12.0/24
104.132.128.0/24
# Other
111.222.333 # John
You can also use Whitelist of IP_ranges module.
Set alternate gethostbyaddr function in the module settings if ban execution very slow. It is recommended when use IP addresses whitelist by domains settings
There is a submodule Autoban Watchdog Event Extras which inserting IP Ban links to watchdog event page. Autoban module has VBO module integration.
Add drush support: autoban-ban-all command
Similar modules
- Smart IP Ban - banned using flood table.
- path2ban - banned using bots paths.
- Spammer Node Add (Spamna) - banned for node/add bots.
How to use
- Install the Autoban module. Install at least one of the Autoban provider submodule.
- Analyze watchdog table (/admin/reports/dblog) manually or using analyze page (/admin/people/autoban/analyze). Go to the test page during analysis.
- Go to the autoban admin page (/admin/config/people/autoban). Create and test rules.
- Cron will be ban IP using autoban rules. Check it at IP address blocking. Or you can ban IP manually using analyze page or watchdog event page.
Troubleshooting
- You need use non translated values for type and message of the module rules.
- Autoban using cron for automatic IP ban. If cron is disabled, you can click "Ban IPs" button at module administration page.
- Autoban prevents own IP ban (as single IP or IP included in the banned range). If you have a dynamic IP, there is a risk of its own ban. In this case it is better to choose a range type in module rules, instead a single type.
Sponsorship
...have a feature you'd like to sponsor? Get in touch
πΊπ¦ This module is maintained by Ukrainian developers.Please consider supporting Ukraine in a fight for their freedom and safety of Europe.