Issue:

When a grey listed user visits /httpbl/whitelist and successfully gets themselves white listed their status is not updated in the httpbl table.

Expectation:

Upon successfully completing /httpbl/whitelist, the user’s IP address should have their status changed from ‘2’ to ‘0’ in the httpbl table.

# # #

Notes so I don’t have to re-look up the codes...:
define('HTTPBL_LIST_SAFE', 0); // Not listed (or very low threat)
define('HTTPBL_LIST_GREY', 2); // Greylisted: session whitelist request permitted
define('HTTPBL_LIST_BLACK', 1); // Blacklisted: all requests blocked.

Comments

Michael-IDA created an issue. See original summary.

bryrock’s picture

bryrock CreditAttribution: bryrock as a volunteer commented
Status: Active » Closed (works as designed)

Your expectation conflicts with the module's design.

As designed, when a grey-listed user successfully passes a challenge, only their current session is white-listed. The table is not updated.

See the code. The session is checked for white-listed before there are any further checks on the IP.

  // Check if user is whitelisted in any way
  if (_httpbl_whitelisted($ip)) {
    $result = HTTPBL_LIST_SAFE;
    
    if ($logs = (variable_get('httpbl_log', HTTPBL_LOG_MIN) == HTTPBL_LOG_VERBOSE)){
  	  watchdog('httpbl', 'This IP has been whitelisted.', array(), WATCHDOG_DEBUG,NULL);
  	}

  }
  // Honeyblock Cache is enabled - do a cache lookup of IP
  elseif ($cache = variable_get('httpbl_cache', HTTPBL_CACHE_DBDRUPAL)) {
    $result = _httpbl_cache_get($ip);
    if ($logs = (variable_get('httpbl_log', HTTPBL_LOG_MIN) == HTTPBL_LOG_VERBOSE)){
	    watchdog('httpbl', 'Queried cache for host.  Host status is %results', array('%results' => $result ), WATCHDOG_DEBUG, NULL);    
	  }
  }

...

/**
 * Check if an IP is whitelisted through a session whitelist.
 */
function _httpbl_whitelisted($ip) {
  return (isset($_SESSION['httpbl_status']) && $_SESSION['httpbl_status'] == 'white');
}