- Issue created by @msn5158
- Status changed to Postponed: needs info
7 months ago 7:15pm 9 May 2024 - 🇩🇪Germany c-logemann Frankfurt/M, Germany
> The verification code is triggered
Which code you mean? Do you think about an additional setting of firewall or something else? And generally on which way this code is or should be provided to the request?
Generally about IP blocking and the firewall module. On a first step we only operate on a layer where we won't communicate with the database. There are already core and contrib modules doings such things like "flood".
In any case there will be a way to log IPs when blocked by this module. So the linux tool fail2ban can recognize and can manage blocking on linux firewall which is way more effective than blocking IPs at Drupal.
Sorry, my English is not good, I should say captcha, not verification code, Like this recaptcha →
I have searched for many related modules, but they are all just blocking forms submit, What I hope for is to trigger captcha when a visitor visits a large number of pages in a short period of time, not submit forms.
Thank you
- Status changed to Active
7 months ago 12:29pm 10 May 2024 - 🇩🇪Germany c-logemann Frankfurt/M, Germany
I'm also not a native speaker. But I now have an idea what you mean.
Yes, the most problems cam from forms and there we should operate to make Drupal safer.
I believe also captcha modules are doing some logging. And especially when using syslog core module you can handle this with fail2ban: https://en.wikipedia.org/wiki/Fail2ban
If fail2ban is not usable there is the core module "ban" which can block IP addresses:
https://www.drupal.org/docs/8/core/modules/ban/overview →If not yes available you need a connection between ban and your preferred captcha solution. But this is not in ficus of this module.