Download httpbl-8.x-1.x-dev.tar.gztar.gz 66.24 KB
MD5: 9bd123f215cae9d7ac44992532af210c
SHA-1: 6499ecb0d453d192c4539f2a882886e647d9d079
SHA-256: 52f7c66a5e6381231689278ce6f1baa767998c67c5498d66cb3de5566f59a0f1
Download httpbl-8.x-1.x-dev.zipzip 110.45 KB
MD5: 703a33d6dc70d78544309257521d31fd
SHA-1: cc9bf08e3bc7ad7fa60c491b8e2c6b9451a3a235
SHA-256: 15573ce78b7b31dc91397cc2f7c77bd52122752712cbed0c79e328b0543683fa
Install with Composer: $ composer require 'drupal/httpbl:1.x-dev'
Using Composer to manage Drupal site dependencies

Release info

Created by: bryrock
Created on: 24 Mar 2017 at 23:03 UTC
Last updated: 10 Apr 2017 at 19:29 UTC
Core compatibility: 8.x
Release type: New features

Release notes

Development release for Drupal 8.x (It's Alive!)

This initial development release for httpbl (D8) represents a major upgrade and re-write. It was started with a clean slate, however it maintains all the primary functionality that the module has provided since the original D5 version—namely, checking IP addresses during page requests OR comment submissions, against Project Honeypot (.org), and determining whether or not to locally blacklist, grey-list or white-list those IPs based on any found threat scores (or the absence of any scores).

What's new in D8 is that records are now stored as manageable "Host" entities, with a brand new Admin View UI that includes bulk actions, for managing them. You still don't have to manage them, but now, for the first time, you can—without needing any direct access to your database. Httpbl still does what it does best, working quietly in the background to minimize nuisance traffic, but whether you're a control freak or just like seeing how many IPs your site has captured, you now can.

Prudence requires advising this development release not be used in a mission critical production environment, but it is a stable release. There are not yet any automated tests, nor is there any migration path for moving previous installation data from D6 or D7.

For the sake of future planning, it also must be advised that this project will soon, again, be forked, and move in a slightly different direction than it has since at least D6, namely, how it will work with any page-request blocking in Drupal core. In past releases, Httpbl shared its blacklist with whatever table Drupal core was using for banning traffic (the names and methods have been different for D6 and D7), and now in D8 Httpbl still does this cooperatively with the new Ban module. This is going to go away in future releases. The reason is that Drupal banning in the past was not optional, but now it is; you don't have to enable the Ban module. Httpbl proposes that as long as that is true, there is no need to have both Ban and Httpbl running, as both are middleware services doing essentially the same thing with the same, shared list.

But for the time being, we wanted to be able to honestly state that Httpbl does everything it used to do, and more!

The 8.x codebase is also available on Github. There is also a Wiki there that explains more about the current state of this project, and why this module's support for the Ban module will be dropped in the future.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.


No required projects


No optional projects