- Issue created by @berdir
- π¨πSwitzerland berdir Switzerland
Ah, the comment talks about the fast404 *module*. But Drupal has a built-in fast404 mechanism. I think that has been improved/fixed somewhat recently, so maybe that's the difference?
- Status changed to Needs review
about 2 months ago 4:09pm 11 June 2025 - πΊπΈUnited States bburg Washington D.C.
I just came across this doing some testing on my own, discovering that Perimeter doesn't actually work when using fast404. While I like the idea of banning IPs that are probing my site for vulnerabilities, I suppose it's nice that they are still getting the treatment that minimizes demand on my infrastructure.
I did come checking, and I confirm that the core module's BanMiddleware::handle(), which seems to do the checking for banned IPs, does also run before the fast 404 event subscriber, so there should be some added optimization making these modules compatible.
I tested the patch in the merge request locally, and can confirm that the order changed to run Perimeter's event subscriber before Fast 404's.
Is that good enough for RTBC?