Revision #52: IP Bans & Security

mobieusKnow IP Bans & Security History #52

Author

Patrick Bass

Submitted

May 26, 2026 10:36pm

Reviewed

May 26, 2026 10:36pm

Summary

Initial version

## IP Bans & Security

+ ### IP Ban Management

− The platform protects your community on two fronts: automatic abuse-blocking that reacts to attacks in real time, and your own manual IP bans and whitelists. For the full firewall UI walkthrough, see [Firewall Management](/know/admin-iptables).

+ Access at `/admin/ip-bans`. Manually ban or whitelist IP addresses.

− ---

+ - **Ban** — block all access from an IP address

+ - **Whitelist** — ensure an IP is never auto-banned (useful for VPNs or shared offices)

+ - **View** — see all active bans and whitelists with creation date and reason

− ## Managing IP bans

+ ### Fail2Ban Integration

− Manage your bans and whitelists at `/admin/ip-bans/manage`. The screen gives you a stat strip, filter chips, a sticky-header table, and themed confirmation modals. It is mobile-responsive, so you can ban from your phone.

+ The platform integrates with Fail2Ban for automatic IP banning based on:

− - **Ban.** Block all access from an IP or CIDR range.

− - **Whitelist.** Mark an IP as never auto-bannable — useful for VPNs or shared offices.

− - **View.** See every active ban and whitelist with its creation date and reason.

−

− Click an IP to copy it. Click a column header to sort. Filter by type, source, or age.

−

− A read-only view of the live block list is available at `/admin/iptables` for reference; all changes are made on the manage screen above.

−

− ---

−

− ## Automatic abuse-blocking

−

− The platform watches for attack patterns and bans offending IPs on its own, based on:

- Repeated failed login attempts

- Brute-force password attacks

+ - Rate limit violations

+ - Suspicious probe patterns (404 scanning, SQL injection attempts)

− - Rate-limit violations

− - Suspicious probe patterns (404 scanning, injection attempts)

+ ### ModSecurity Rules

− Automatic bans expire on their own — one hour for a first offense, longer for repeats. Whitelisted IPs are never auto-banned.

+ View active ModSecurity web application firewall rules and their hit counts. Rules protect against OWASP Top 10 vulnerabilities including SQL injection, XSS, and path traversal.

− ---

+ ### Security Console

− ## Web application firewall

+ Access at `/admin/security-tools` (platform-admin level). Tabs for:

− A built-in web application firewall inspects incoming requests and blocks common web attacks — injection, cross-site scripting, and path traversal among them — before they reach your community. It runs ahead of the application, so blocked requests never touch your pages. The protection is maintained for you; there is nothing to configure.

+ - **IP management** — ban/whitelist with search

+ - **Fail2Ban** — jail status, banned IPs, unban

+ - **ModSec rules** — rule list with hit counts

+ - **Cron security** — scheduled security task status

− ---

−

− ## Audit trail

−

− Every ban, whitelist, edit, and unban is recorded in your audit log at `/admin/audit`. Filter by firewall events to see who banned what, and when.

−

− ---

−

− ## Access

−

− `/admin/ip-bans/manage` requires Tenant Admin role or higher.

−

IP Bans & Security

IP Ban Management

Access at /admin/ip-bans. Manually ban or whitelist IP addresses.

Ban — block all access from an IP address
Whitelist — ensure an IP is never auto-banned (useful for VPNs or shared offices)
View — see all active bans and whitelists with creation date and reason

Fail2Ban Integration

The platform integrates with Fail2Ban for automatic IP banning based on:

Repeated failed login attempts
Brute-force password attacks
Rate limit violations
Suspicious probe patterns (404 scanning, SQL injection attempts)

ModSecurity Rules

View active ModSecurity web application firewall rules and their hit counts. Rules protect against OWASP Top 10 vulnerabilities including SQL injection, XSS, and path traversal.

Security Console

Access at /admin/security-tools (platform-admin level). Tabs for:

IP management — ban/whitelist with search
Fail2Ban — jail status, banned IPs, unban
ModSec rules — rule list with hit counts
Cron security — scheduled security task status

## IP Bans & Security

### IP Ban Management

Access at `/admin/ip-bans`. Manually ban or whitelist IP addresses.

- **Ban** — block all access from an IP address
- **Whitelist** — ensure an IP is never auto-banned (useful for VPNs or shared offices)
- **View** — see all active bans and whitelists with creation date and reason

### Fail2Ban Integration

The platform integrates with Fail2Ban for automatic IP banning based on:

- Repeated failed login attempts
- Brute-force password attacks
- Rate limit violations
- Suspicious probe patterns (404 scanning, SQL injection attempts)

### ModSecurity Rules

View active ModSecurity web application firewall rules and their hit counts. Rules protect against OWASP Top 10 vulnerabilities including SQL injection, XSS, and path traversal.

### Security Console

Access at `/admin/security-tools` (platform-admin level). Tabs for:

- **IP management** — ban/whitelist with search
- **Fail2Ban** — jail status, banned IPs, unban
- **ModSec rules** — rule list with hit counts
- **Cron security** — scheduled security task status