Ban bots using rules
Autoban rules table
Autoban test rule table
Autoban log analyze table
Autoban 8 rules table
🇺🇦 This module is maintained by Ukrainian developers.
Please consider supporting Ukraine in a fight for their freedom and safety of Europe.

Advanced ban is a replacement to Drupal core Ban module. Advanced ban module allows administrators to ban visits to their site from IP addresses like core ban module and has additive features:

    Drupal 8,9,10 version

    Autoban allows to automatize IP ban using watchdog table by the module rules. Need enable Database logging module (core) and at least one IP Ban Providers submodule: Autoban Core Ban (integrated with core Ban module) and/or Autoban Advanced Ban (integrated with Advanced Ban module).

    Rule module finds IP in watchlog table entries and do IP Ban using Ban Provider. Advanced Ban provider supports IP address range and blocked IP expire. IP blocking by cron or manually.

    Rules for ban IP consist of:

    • Rule ID
    • Type (watchdog type, like "page not found")
    • Message pattern (rules seek in watchdog message as "LIKE %message_pattern%" or "REGEXP message_pattern"). Multiple patterns available("|" divider).
    • The threshold number of log entries.
    • User type (anonymous, authenticated or any).
    • User referrers
    • IP ban provider

    Drupal 7 version

    Autoban allows to automatize IP ban using watchdog table by the module rules. Need enable Database logging module (core). The module ban IP by cron (cron mode) or at every dblog event (force mode).

    Rule module finds IP in watchlog table entries and inserts IP to banned IP table. By default, IP is inserted into blocked_ips table (admin/config/people/ip-blocking). After installing IP_ranges module you can ban IP range (aaa.bbb.ccc.0 - aaa.bbb.ccc.255).

    Autoban module supports Blocked IPs Expire module, which unblocking IP addresses after a certain amount of time. Just install the module and use Single ban.

    Rules for ban IP consist of:

    • Type (watchdog type, like "page not found")
    • Message pattern, like "page not found". (Rules seek in watchdog message as "LIKE %message_pattern%" or "REGEXP message_pattern"). Multiple patterns available("|" divider). A message pattern must not contain "LIKE", it will be added automatically.
    • The threshold number of log entries.
    • User type (anonymous, authenticated or any).
    • User referrers
    • Type IP (single or range). Needs installing IP_ranges module for range ban.

    The module can check search engines bots IP by Whitelist (for example, ip2location.com or iplists.com). Use # symbol as a comment.

    For example:
    # Google list
    104.132.0.0/21
    104.132.12.0/24
    104.132.128.0/24
    # Other
    111.222.333 # John

    You can also use Whitelist of IP_ranges module.

    Set alternate gethostbyaddr function in the module settings if ban execution very slow. It is recommended when use IP addresses whitelist by domains settings

    There is a submodule Autoban Watchdog Event Extras which inserting IP Ban links to watchdog event page. Autoban module has VBO module integration.

    Add drush support: autoban-ban-all command

    Similar modules

    How to use

  1. Install autoban module.
  2. Analyze watchdog table (/admin/reports/dblog) manually or using analyze page (/admin/people/autoban/analyze). Go to the test page during analysis.
  3. Go to the autoban admin page (/admin/config/people/autoban). Create and test rules. Show country, region and city info of the IP by ipstack.com (need get API key).
  4. Cron will be ban IP using autoban rules. Check it at IP address blocking (/admin/config/people/ip-blocking) and IP range bans (/admin/config/people/ip-ranges) pages. Or you can ban IP manually using analyze page or watchdog event page.

FAQ

I cannot get the Autoban module to work from "Access Denied" or "Page Not Found"
You must not add "LIKE" to your message pattern. (I wrote this answer but it got deleted by moderator apaderno)

Troubleshooting

  • You need use non translated values for type and message of the module rules.
  • Autoban using cron for automatic IP ban. If cron is disabled, you can click "Ban IPs" button at module administration page.
  • Autoban prevents own IP ban (as single IP or IP included in the banned range). If you have a dynamic IP, there is a risk of its own ban. In this case it is better to choose a range type in module rules, instead a single type.

Project information

Releases