Drupal Perimeter Defence

Basic perimeter defence for a Drupal site. This module bans the IPs who send suspicious requests to the site. The concept is: if you have no business here, go away.

Use the perimeter module if you get a lot of requests to 'wp-admin' or to .aspx urls on a Linux server, or other similar requests. The URL patterns that result in a ban can be configured in the admin settings

The module is optimized for performance and designed to be activated when a Drupal site is targeted by hackers or bots.

How to use

Enable the module, configure a few banned patterns in the admin page, and check your site logs after a while.

Use the core's ban module to manage banned IPs.

Note: Before testing this module from your own IP, make sure you can delete your IP from the ban_ip table in your Drupal site's database.

Future improvements

• Configure a threshold for banning
• Allow other modules to know about the ban, and to stop it.
• Ban on access denied events
• Upgrade from path2ban

Important upgrade message

The module administration form is protected by the 'Administer site settings' permission, which is too wide for the use of the module. We have a merge request to create a new permission for the module administration, and it is expected to be merged on the first release candidate of the 3.1 version.
This is an important change, and we want to advise site owners to test their configurations before and after upgrading to the upcoming 3.1 version.

Drupal 7

For a module that provides similar functionality under Drupal 7 please see path2ban.

Companion Modules

• auto_unban augments core's ban module to automatic unban IP's after a period of time. This is best used with automatic ban modules such as perimeter.