- π³πΏNew Zealand quietone
The Ideas project is being deprecated. As discussed in a core committer meeting issues that are adding modules are being moved to the Drupal CMS project for discussion.
- π¦πΊAustralia pameeela
I've never used this module myself. The usage is not overwhelming but not nothing either. Wondering if anyone has strong thoughts on this either way?
- πΊπΈUnited States Wolf_22
Thoughts about what? Its overall usage? While that may act as a good measure of a module's usefulness or success, anyone who relies on that metric alone can do themselves a disservice because if we all relied on that to determine a module's usefulness or success, we'd never discover new modules worth using. (I'm sure you didn't mean to come across like that was the only thing you were thinking of, so don't read that the wrong way. But it's something worth emphasizing, right?) It's my belief that if more people knew about this module, I think you'd see that current usage amount increase. More so if people understood the implication of disregarding their access logs as even the more trivial Wordpress endpoint probes have long-term affect for a site. But given the market share that Drupal is losing, it makes increasing its usage difficult to increase anyway. Things have definitely changed with Drupal since the version 7 days, and not entirely for the better.
But I've used this module for years, and from what I've seen during that entire time, it compliments really well the core functionality Drupal enjoys when blocking IPs and or entire ranges by pairing that core functionality with this module's ability to base block evaluation criteria on what I call "request signatures" (or requests that nodes make against your endpoints)... And it can do it all, autonomously. In other words, and as an example, if you get a bunch of bad bots probing your site for things like Wordpress endpoints (which we all get and should act on since they consume host resources), you can use this module to watch for those requests and use it to immediately block their IPs (or entire ranges) in response. I personally used this module to not only do exactly that, but also to essentially create a database of black hat IP (entire) blocks that I then use to prevent access to my site. It's just one piece of an overall portfolio of efforts I use to keep my site secure, and it's done wonders for that. In tech, we have to err on the side of prioritizing security-centrism. This module alone doesn't do it all. It's just one piece to a wider array of tools and approaches one should have access to (from core) and use when trying to keep their site secure, especially for those of us who lack the luxury of enjoying their own dedicated firewalls, intrusion detection systems, security teams, etc.
And that's the crux of it: Drupal has always come with YESTERDAYS method of blocking IPs / ranges in core (which is also mission-critical to have), but it's not TODAY'S more modern equivalent for the more advanced forms of very-much-necessary security-centric functionality core now needs. Yes, it needs to be in core. And between this, anti-bot, and a few other modules (such as that one that allows you to change core file locations and thereby make automated probing that much more difficult for black hats), well, Drupal has plenty of room for security improvements. I know the maintainers and the core team have a lot on their plate, so I know it's easy to demand or expect things like this, but in time, I can only hope that these functionalities somehow find their place in core. I know it'd go a long way towards making Drupal better.
Just my two cents.
- π¦πΊAustralia pameeela
Thoughts about what? Its overall usage?
No, the comment on usage was just an observation. I was asking whether other members of the community have thoughts on adding this module.