Problem/Motivation

I added several IPs (Full IPv4's) to the whitelist of IPs not to be blocked (/admin/config/people/flood-control). This is possible since #3192291: Add the possibility to white list specific IPs

But still these IPs get listed at: /admin/people/flood-unblock
Now I'm in fear they might get blocked in the future, despite being whitelisted?

Is it correct that these are still being listed, or is this a sign that the whitelist functionality doesn't work as expected?

I already cleared the flood entries, but after some days they reappear (due to wrong logins from these users).

Flood whitelisted

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
#2 flood whitelisted.png94.46 KBanybody

Issue fork flood_control-3457382

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

Anybody created an issue. See original summary.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Issue summary: View changes
StatusFileSize
new flood whitelisted.png94.46 KB
anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Issue summary: View changes
anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Title: Whitelisted IP address still listed in flood unblock » Whitelisted IP address still (re-)listed in flood unblock
batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
Issue tags: +finalist-sprint
bdunphy’s picture

bdunphy commented

This issue just occurred for a site we maintain. The IP address in the whitelist was blocked. Removed from the IP address bans list and with just one more failed login attempt, the IP was again banned. The whitelist functionality does not seem to be complete?

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Priority: Normal » Major

Thanks for the confirmation @bdunphy, then let's make this major

anish.ir’s picture

anish.ir commented
Assigned: Unassigned » anish.ir

Working on it.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

@anish.ir any further plans? Else please unassign.

anish.ir’s picture

anish.ir commented

Hey @anybody,

Sorry for the delay in responding.

I have tested the module and found that the IP whitelist functionality on /admin/config/people/flood-control is working as expected—whitelisted IPs are not being blocked. However, these IPs are still appearing on the /admin/people/flood-unblock page, which might be causing confusion.

To address this, we have two possible approaches:

Hide whitelisted IPs from the Flood Unblock page, but keep them in the flood table

  • This would allow us to maintain a historical record of failed login attempts for whitelisted IPs.
  • If needed, removing an IP from the whitelist would make its past login attempts visible again on the Flood Unblock page.

Completely exclude whitelisted IPs from both the Flood Unblock page and the flood table

  • This would ensure that whitelisted IPs are never recorded in the flood system at all.
  • However, it would also mean losing any history of failed login attempts for these IPs.

Would love to hear your thoughts on which approach aligns best with the intended behaviour of the module. Let me know how you'd like to proceed! Or is there any other approach you would like to be followed.

Thanks!

bdunphy’s picture

bdunphy commented

@anish.ir - from my perspective, if an IP is whitelisted, it should not be recorded. I lean towards the second option to completely exclude whitelisted IPs from the Flood Unblock page and the flood table.

anish.ir opened merge request !56

anish.ir’s picture

anish.ir commented
Assigned: anish.ir » Unassigned
Status: Active » Needs review

Hey,

I have raised the merge request with the required changes.
With this update, any IP added to the whitelist will no longer be logged in the flood table or appear on the /flood-unblock page. Additionally, when a new IP is added to the whitelist, any existing flood entries for that IP will be removed from both the flood table and the /flood-unblock page.

Let me know if you'd like any further refinements!
Thanks !!

batigolix’s picture

batigolix
Primary language Dutch
Location Utrecht
commented
Status: Needs review » Needs work

I feel there are issues being mixed up here:

1. IPs are being added to the flood table even after they have been white listed. This means the white listing functionality isn't working properly and that should be addressed.

2. White listed IPs are being shown in /admin/people/flood-unblock , because at the time of recording they were not white listed. This is working as a designed. The list at /admin/people/flood-unblock shows what is in Drupal core's flood table. We should not filter anything away (even white listed IPs) or remove anything without the user's knowing about this. The user already has the option to remove items from the table, so we don't need to do that in the background.

If you provide a patch, then ensure that it only addresses problem 1: of white listed IPs still ending up in the flood table after they having been white listed.

Is there more information on how this problem can be reproduced?

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

Just seem to have run into the (1) issue. While the IP was already whitelisted (and I'm quite sure, I removed it from /admin/people/flood-unblock, it has now been blocked (1) and listed (2) again, after some months. Still, I'm not sure how that could happen.

Any other modules that might add the IP and ignore the whitelist perhaps?