Domain_ip local tab

We recently saw a scenario where the client wanted to create an ip whitelist for their intranet site. This site is the same installation as the client’s public site. It simply has a different domain and different content. The question was ‘How we can manage separate whitelists and blacklists (ie ‘list sets’) for each domain, rather than one list set per installation.’

This module solves that issue. It is functionally a combination of two existing modules: ‘Ip_ranges’ ( ) and ‘domain_access’ (
Domain_ip depends on Domain Access.

Domain_ip behaves similarly to ip_ranges, but it differs in the following ways:

  • Ip_ranges is used to define an ip whitelist and blacklist for a specific site. This is okay except for installations that also use the domain_access module, because they have different domains for a same installation. In this case, they are restricted to single list sets across domains. Whereas ip_ranges works against all domains for an installation, domain_ip provides a separate list set for each domain, respectively, meaning each domain has its own independent whitelist and blacklist.
  • To manage multiple sites, on the administration page there is a separate ip settings tab for each list set. Each domain has its own administration tab.
  • domain_ip uses either a whitelist or a blacklist, not both. This means that only one list is being used at a time. An administrator could switch between lists to either the whitelist or the blacklist. If a domain uses the whitelist, only ips in whitelist could access this domain. All other ips will be banned. Even if the ip is also in the blacklist. If a domain uses blacklist, all ips in blacklist will be banned, even if the ip is also in the whitelist. By default, domain_ip uses the blacklist, the blacklist being blank. So, no ip is being banned initially.
  • Domain ip provides an ip owner field to correspond with the numeric ip. By associating an ip with its owner, ips can be recognized by other administrators easily. For dynamic ips, they are best handled by manually removing them.
  • Administrators of domain_ip can customize messages shown to restricted visitors.

Note: Many users have dynamic ips. This means they can be arbitrarily given access or banned, simply because their ips have changed.


longtom rewrites this project description.
This project is sponsored by Trellon.

Project information