Contrib.social

Possibility of a UserAgent-2-Ban option? :)

Open on Drupal.org β†’
Created on 21 June 2022, over 2 years ago
Updated 3 May 2024, 5 months ago

Problem/Motivation

We are seeing quite a significant rise in sites being hit by traffic to one or sometimes many pages that comes from a single IP but >10 (as an example; sometimes it is >100) different user agent strings in a single day, many of them odd (iTunes, w3c validator, etc.).

Steps to reproduce

Just the site existing seems to be enough. :)

Proposed resolution

Wondering if there might be a way, a la Fail2Ban, to flag/block (temporarily or permanently) an IP based on how many user agents it hits a site with over a 24-hour period.

Alternate idea: the ability to assign each user agent a "bogusness score"; like webtv and blackberry could be a 10, internet explorer 5 could be a 6, chrome and safari and Firefox (modern versions) could be a 0. Keep track of the score for an IP, and if the score hits like 20 or 25, block the ip for an day (or something)

Remaining tasks

User interface changes

Perhaps a screen where IPs could be manually added or removed from the ban list.
A settings section where the period of time being monitored (24 hours, for example), the max number of allowable user agents during the previously designated period, and the length of the ban could be designated.
For the alternate idea, a place to add (or alter from a default) the score of each user agent, and rows to add user agents not currently included

API changes

Not sure, but a Drush interface would be stellar.

Data model changes

Banned IPs
Perhaps also a place where, temporarily, IPs and a count of User Agents per could be held? Not sure if DB is necessary for this, or... Sorry.

✨ Feature request
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States justkristin

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 5 months ago β†’
    πŸ‡ͺπŸ‡¨Ecuador jwilson3

    I don't think this is feasible to implement for Autoban because User Agent is not something tracked in the watchdog table.

    Autoban only has access to:

    • type - the module name where the log message originated.
    • location - the request URI.
    • referrer - the URI that referred the user to the site.
    • hostname - the user's IP address.
    • message - the raw message string passed to t() function.
    • variables - the serialized php array of arguments passed to t() function.

    This would be better achieved in .htaccess file (to avoid the performance impact of loading Drupal), or by writing a custom module.

    If you have access to alter .htaccess you might consider checking out Ng Firewall (blog post) - FYI, I am not the author, I just threw it up on Github, because the author doesn't use git apparently.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024