Author
system Submitted
May 30, 2026 5:38am Reviewed
May 30, 2026 5:38am Summary
Cross-link to admin-iptables for v3 UI walkthrough
## IP Bans & Security
+
The platform defends your tenant with 3 layers: fail2ban (automatic), ModSecurity (web application firewall), and your own manual bans/whitelists.
+
+
For the redesigned firewall UI, see [Firewall Management](/know/admin-iptables).
−
The platform protects your community on two fronts: automatic abuse-blocking that reacts to attacks in real time, and your own manual IP bans and whitelists. For the full firewall UI walkthrough, see [Firewall Management](/know/admin-iptables).
---
+
## IP Ban Management
−
## Managing IP bans
+
Access at `/admin/iptables`. The v3 redesign gives you a stat strip, filter chips, sticky-header table, and themed confirmation modals. Mobile-responsive so you can ban from your phone.
−
Manage your bans and whitelists at `/admin/ip-bans/manage`. The screen gives you a stat strip, filter chips, a sticky-header table, and themed confirmation modals. It is mobile-responsive, so you can ban from your phone.
+
- **Ban.** Block all access from an IP or CIDR
+
- **Whitelist.** Mark an IP as never auto-bannable (useful for VPNs or shared offices)
+
- **View.** See all active bans and whitelists with creation date and reason
−
- **Ban.** Block all access from an IP or CIDR range.
−
- **Whitelist.** Mark an IP as never auto-bannable — useful for VPNs or shared offices.
−
- **View.** See every active ban and whitelist with its creation date and reason.
Click an IP to copy it. Click a column header to sort. Filter by type, source, or age.
+
See [Firewall Management](/know/admin-iptables) for the full UI walkthrough.
−
A read-only view of the live block list is available at `/admin/iptables` for reference; all changes are made on the manage screen above.
---
+
## Fail2Ban Integration
−
## Automatic abuse-blocking
+
The platform integrates with Fail2Ban for automatic IP banning based on:
−
The platform watches for attack patterns and bans offending IPs on its own, based on:
- Repeated failed login attempts
- Brute-force password attacks
+
- Rate limit violations
+
- Suspicious probe patterns (404 scanning, SQL injection attempts)
+
+
Bans expire automatically (1 hour for first offense, longer for repeats). Whitelisted IPs are never banned by fail2ban.
+
+
---
+
+
## ModSecurity Rules
+
+
View active ModSecurity web application firewall rules and their hit counts. Rules protect against OWASP Top 10 vulnerabilities including SQL injection, XSS, and path traversal.
−
- Rate-limit violations
−
- Suspicious probe patterns (404 scanning, injection attempts)
+
ModSec runs at the nginx layer. Blocked requests never reach the application.
−
Automatic bans expire on their own — one hour for a first offense, longer for repeats. Whitelisted IPs are never auto-banned.
---
+
+
## Security Console
+
Access at `/admin/security-tools` (platform-admin level). Tabs for:
−
## Web application firewall
+
- **IP management.** Ban/whitelist with search
+
- **Fail2Ban.** Jail status, banned IPs, unban
+
- **ModSec rules.** Rule list with hit counts
+
- **Cron security.** Scheduled security task status
−
A built-in web application firewall inspects incoming requests and blocks common web attacks — injection, cross-site scripting, and path traversal among them — before they reach your community. It runs ahead of the application, so blocked requests never touch your pages. The protection is maintained for you; there is nothing to configure.
---
## Audit trail
+
Every ban, whitelist, edit, and unban writes to the audit log at `/admin/audit-log`. Filter by firewall events to see who banned what and when.
−
Every ban, whitelist, edit, and unban is recorded in your audit log at `/admin/audit`. Filter by firewall events to see who banned what, and when.
---
## Access
+
`/admin/iptables` requires Tenant Admin role or higher. The security console requires Platform Admin role.
−
`/admin/ip-bans/manage` requires Tenant Admin role or higher.
IP Bans & Security
The platform defends your tenant with 3 layers: fail2ban (automatic), ModSecurity (web application firewall), and your own manual bans/whitelists.
For the redesigned firewall UI, see Firewall Management.
IP Ban Management
Access at /admin/iptables. The v3 redesign gives you a stat strip, filter chips, sticky-header table, and themed confirmation modals. Mobile-responsive so you can ban from your phone.
- Ban. Block all access from an IP or CIDR
- Whitelist. Mark an IP as never auto-bannable (useful for VPNs or shared offices)
- View. See all active bans and whitelists with creation date and reason
Click an IP to copy it. Click a column header to sort. Filter by type, source, or age.
See Firewall Management for the full UI walkthrough.
Fail2Ban Integration
The platform integrates with Fail2Ban for automatic IP banning based on:
- Repeated failed login attempts
- Brute-force password attacks
- Rate limit violations
- Suspicious probe patterns (404 scanning, SQL injection attempts)
Bans expire automatically (1 hour for first offense, longer for repeats). Whitelisted IPs are never banned by fail2ban.
ModSecurity Rules
View active ModSecurity web application firewall rules and their hit counts. Rules protect against OWASP Top 10 vulnerabilities including SQL injection, XSS, and path traversal.
ModSec runs at the nginx layer. Blocked requests never reach the application.
Security Console
Access at /admin/security-tools (platform-admin level). Tabs for:
- IP management. Ban/whitelist with search
- Fail2Ban. Jail status, banned IPs, unban
- ModSec rules. Rule list with hit counts
- Cron security. Scheduled security task status
Audit trail
Every ban, whitelist, edit, and unban writes to the audit log at /admin/audit-log. Filter by firewall events to see who banned what and when.
Access
/admin/iptables requires Tenant Admin role or higher. The security console requires Platform Admin role.
## IP Bans & Security The platform defends your tenant with 3 layers: fail2ban (automatic), ModSecurity (web application firewall), and your own manual bans/whitelists. For the redesigned firewall UI, see [Firewall Management](/know/admin-iptables). --- ## IP Ban Management Access at `/admin/iptables`. The v3 redesign gives you a stat strip, filter chips, sticky-header table, and themed confirmation modals. Mobile-responsive so you can ban from your phone. - **Ban.** Block all access from an IP or CIDR - **Whitelist.** Mark an IP as never auto-bannable (useful for VPNs or shared offices) - **View.** See all active bans and whitelists with creation date and reason Click an IP to copy it. Click a column header to sort. Filter by type, source, or age. See [Firewall Management](/know/admin-iptables) for the full UI walkthrough. --- ## Fail2Ban Integration The platform integrates with Fail2Ban for automatic IP banning based on: - Repeated failed login attempts - Brute-force password attacks - Rate limit violations - Suspicious probe patterns (404 scanning, SQL injection attempts) Bans expire automatically (1 hour for first offense, longer for repeats). Whitelisted IPs are never banned by fail2ban. --- ## ModSecurity Rules View active ModSecurity web application firewall rules and their hit counts. Rules protect against OWASP Top 10 vulnerabilities including SQL injection, XSS, and path traversal. ModSec runs at the nginx layer. Blocked requests never reach the application. --- ## Security Console Access at `/admin/security-tools` (platform-admin level). Tabs for: - **IP management.** Ban/whitelist with search - **Fail2Ban.** Jail status, banned IPs, unban - **ModSec rules.** Rule list with hit counts - **Cron security.** Scheduled security task status --- ## Audit trail Every ban, whitelist, edit, and unban writes to the audit log at `/admin/audit-log`. Filter by firewall events to see who banned what and when. --- ## Access `/admin/iptables` requires Tenant Admin role or higher. The security console requires Platform Admin role.
