Block some addresses without interpreting them.

Created on 9 December 2018, about 6 years ago
Updated 30 March 2024, 9 months ago

The recent "Drupalgeddon" attack revolved around downloading scripts from multiple sites onto a server and then executing them.

It'd be great to block some requests before they even before the process of loading the pages. Particularly anything that blocks addresses containing strings defined by the user. Blocking addresses containing the phrases base64, github, pastebin, ghostbin, curl, wget and so on would all prevent future hack attacks.

However, these would need to be blocked long before ever becoming "page not found" errors.

Rather than develop it as a separate module, it'd be better to build that "ban before process" into this module. Would that be of interest to the maintainers?

✨ Feature request
Status

Closed: works as designed

Version

1.8

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024