[drupal-devel] [feature] Ban hosts from the 'Top Visitors' page
moshe weitzman
drupal-devel at drupal.org
Sun Jun 5 22:18:54 UTC 2005
Issue status update for http://drupal.org/node/24135
Project: Drupal
Version: cvs
-Component: statistics.module
+Component: user.module
Category: feature requests
Priority: normal
Assigned to: moshe weitzman
Reported by: moshe weitzman
Updated by: moshe weitzman
Status: patch
Attachment: http://drupal.org/files/issues/ban_1.diff (10.5 KB)
As suggested, this version integrates nicely into the admin/access/rules
pages. You are now able to ban hosts from statistics page or the access
rules page. I think there are use cases for both.
I moved renamed user_deny() tp drupal_deny() and moved it to
bootstrap.inc in order to let us block hosts during the bootstrap. We
check for a blocked host right after loading the database APi, which is
the earliest possible moment.
This feature makes it possible now to restrict your site to a few
approved IP addresses (or a range of addresses). Might be useful for
high security sites.
moshe weitzman
Previous comments:
------------------------------------------------------------------------
June 2, 2005 - 00:54 : moshe weitzman
Attachment: http://drupal.org/files/issues/ban.diff (5.94 KB)
The intent of this patch is to provide an easy way to ban hosts that are
consuming too much bandwidth. Ideal for over-aggressive crawlers.
------------------------------------------------------------------------
June 2, 2005 - 00:59 : moshe weitzman
Attachment: http://drupal.org/files/issues/ban_0.diff (5.95 KB)
Oops. Here is the latest version.
------------------------------------------------------------------------
June 2, 2005 - 05:59 : Dries
Any particular reason we are not storing this in the database? Storing
it in the database sounds like the better option to me.
------------------------------------------------------------------------
June 2, 2005 - 06:15 : moshe weitzman
well, we can't store it in the sessions table because many crawlers
don't persist cookies and thus get a new session for every request. so
we would have to store in a new table and I figured that I didn't need
to add a new query for every page view. it would be a fast query, so
perhaps a new table is OK. any more comments about variable table
versus new table?
------------------------------------------------------------------------
June 2, 2005 - 07:14 : breyten
Having a table would allow for a simple query like:
$result = db_query("SELECT * FROM {banned_hosts} WHERE ipaddr = '%s'",
$_SERVER["REMOTE_ADDR"]);
which is probably faster than a combined in_array and array_keys I
suppose.
------------------------------------------------------------------------
June 3, 2005 - 07:02 : Dries
How about including this in the 'administer - access control - account
rules' page (?q=admin/access/rules). We'd have to rephrase, and
possibly rework it a little to extend the e-mail and username rules
with IP/hostname rules but it sounds like a logical place to maintain
IP-bans. In addition, we would be able to reuse the existing SQL
table. (Let's not use variables!) Thoughts?
------------------------------------------------------------------------
June 3, 2005 - 08:40 : breyten
Only a +1. It sounds very sensible :)
More information about the drupal-devel
mailing list