Auto-ban

WAF: Auto-ban

You can easily Auto-ban IP addresses which repeatedly attack your site.

IP blocking of repeat offenders

When set to yes, the IP address of repeat offenders will be automatically banned based on the rest of the settings. This lets Admin Tools manage IP blocking automatically and is the recommended way to handle it. You MUST enable logging of security exceptions for this feature to work.

Email this address if an IP is auto banned

Admin Tools can optionally send you an email when an IP is automatically banned, to the email address entered in this field. This will allow you, for example, to determine if some IP is being regularly blocked, in which case it may be a good idea to place it in the permanent IP black list. Leave this field empty (default) to disable this feature.

The contents of the e-mails can be configured using the Email Templates feature in the Web Application Firewall page.

Block after

Chose how many attacks have to happen within how much time. For example, if you set it to 3 attacks in 1 hour, Admin Tools will ban a IP address from which at least 3 attacks have been blocked within the last hour.

Block for this long

How long the block will last. For example, setting it to 1 day will block all access from this IP address for a whole day.

IP blacklisting of persistent offenders

If an IP triggers many auto-bans over a period of time it will be permanently banned (added to the IP blacklist) next time they are about to be auto-banned again. Make sure that you turn on the IP blacklisting in the Basic features tab by setting Disallow site access to IPs in Blacklist to Yes, otherwise the permanent blacklisting will have no effect.

Permanently blacklist IP after

If an IP triggers this many auto-bans it will be permanently banned (added to the IP blacklist) when they are about to be auto-banned again. Make sure that you turn on the IP blacklisting by setting "Disallow site access to IPs in Blacklist" to Yes, otherwise the permanent blacklisting will have no effect.

Show this message to blocked IPs

Allows you to show a specific message to blocked IP addresses. You may want to explain to the user that his IP was blocked because suspicious activity was detected as originating from his IP address.

You can use the special text [IP] in all capital letters, without spaces between the brackets and IP, to display the user's IP in the message. This may be useful if someone gets accidentally blocked and asks you to help them.