Implementation of http:BL for Drupal. http:BL can prevent email address harvesters and comment spammers from visiting your site by using a centralized DNS blacklist. It requires a free Project Honey Pot membership. This module provides efficient blacklist lookups and blocks malicious visitors effectively.

http:BL has been adopted for use to enhance protection on


  • http:BL lookups for visitor IPs
  • Blocking of requests coming from blacklisted IPs
  • Database caching, decreasing the number of DNS lookups
  • Honeypot link placement on ban page and optionally in footer
  • Custom ban message
  • Whitelisting through the access table (admin/user/access)
  • Greylisting: grants the user access if they pass a simple challenge
  • Greylisting threat-level threshold configurable in admin settings
  • Blacklisting threat-level threshold configurable in admin settings
  • Length of time cached visits are held are determined by configurable admin settings
  • An option for checking only when a comment is placed,
    queueing the comment for moderation if the lookup is positive
  • Basic statistics on the number of blocked visits

Note that the module can also function without http:BL functionality -- its use will then be limited to the placement of a Honeypot link in the footer.

Drupal 7

Additional Features:

  • Optional 3 levels of logging (Error only, Positive Lookups or Verbose - for testing and gaining trust)
  • Default Views included (identify blocked and whitelisted IPs with links to their Project Honeypot profiles)


Here is a companion project that adds a UI for managing the IPs stored by httpbl.

Drupal 8

Drupal 8 development is now in progress, though nothing yet has been committed to an 8x Dev branch.

Project Information