Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
without modifying code.
I've deployed this here on drupal.org and I think that the threat level of 1 is too low for continuous operation. I've increased it to 20. I'd like to do that in the admin UI.
Comments
Comment #1
bryrock CreditAttribution: bryrock commented+ Assignment
Comment #2
bryrock CreditAttribution: bryrock commentedConfigurable greylisting threshold has been added to admin settings UI. Options are 1, 2, 3, 4, 5, 10, 15, 20, 25, 30, 35, 40, 45.
This has been committed to the 6.x-2.x-dev fork. If all goes well then I'll put out a 6.x release soon. Will also add to 7.x.
Comment #3
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedThanks!
Can you add a variable for blacklisting too? I find that 50 is a bit rigid. In particular I'd like to be able to switch off blacklisting completely.
Also, http:bl gives back more information than just a value. It also gives back a "last seen" value. I'd like to be able to use this also for denying access.
Comment #4
bryrock CreditAttribution: bryrock commentedCould you give me some example scenarios of how you'd like to use "last seen" in conjunction with the threat level? In other words, what sort of priorities do you have in mind when evaluating a visitor for grey-listing consideration?
Comment #5
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedI think the simplest case would be to whitelist everything that has a "last seen" value greater than a configurable value. 2 weeks for example.
Comment #6
bryrock CreditAttribution: bryrock commentedRegardless of threat level in any respect?
Comment #7
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedYeah, I think it would be hard to come up with an algorithm.
Comment #8
RogueM CreditAttribution: RogueM commentedsubscribe
Comment #9
bryrock CreditAttribution: bryrock commentedSince greylisting is now configurable, I'll ask that the feature requests for blacklisting and the "last seen" variation be moved to new, separate issues so that this greylisting issue can closed without other contingencies.
Comment #10
RogueM CreditAttribution: RogueM commenteddouble post
Comment #11
RogueM CreditAttribution: RogueM commentedOK, but when you say 'Since greylisting is now configurable', this is only true of the 6.x version right? I updated http:BL yesterday and can't see any way (besides modifying the threshold manually in httpbl.module) though I'm using Drupal 7.7 and therefore the 7.x version of the module.
Comment #12
bryrock CreditAttribution: bryrock commentedConfigurable greylisting threshold is now also available in 7.x-1.0-rc3.
Comment #13
RogueM CreditAttribution: RogueM commentedgreat stuff!