It's very important that you DO NOT create a rule blocking the first user out of the site.

Traditionally this means, do not create "%admin%" without also creating another rule expressly allowing "admin" It will block you from logging in.
Of course extend this to whatever username your first use is.
This access rule issue should really be fixed, but it's a pretty edge case.

This is the line of mysql I had to use to add the allow, after I blocked myself from the site :(
insert into access (mask,type,status) values ('admin','user','1');

When creating a site with complex username-driven URLs, you might also want to prevent users from using underscores. You can do this by typing %\_%, and just to be safe, you might want to block the \ character by typing %\\%.

Also, when blocking IPs, be careful blocking ranges, because you might share the same range as the person you're trying to get rid off. (Trust me, it happens.) Best practice is to ban the specific IP, and if needed, allow your specific IP before banning the IP range. This lets you keep your access to the site and ban the range at the same time.

Guys,

I added 'deny' access rules for 31 symbols and now I cannot log in with any account on my website.

I did the following

%!%
%@%
%#% ....etc, for 31 symbols below

` ~ ! @ # $ % ^ & * ( ) + = \ | ] } [ { ' " ; : / ? . > , < (and space)

Here is the thread I started - http://drupal.org/node/962358

Any help is appreciate, thanks!

To my knowledge, it is not possible to set up a set of whitelist Allow Without Admin Approval masks (except partially with #1046802: register_preapproved works as advertised, but admin-approval message still shows), blacklist (Deny) masks, and still have non-matching emails fall back on Admin Approval.

So if I wanted to restrict users to numerical user names, how would I do that?

For instance, would it work to set an allow rule to ### to allow only 3 digit numerical user names?

Is there a module for adding multiple rules at once?
I have found SQL examples but just wondering if there is module to do this in Drupal 6.

Also where is this in Drupal 7?

Thanks

I find it really strange that I can't delete a spam account after I've denied the email domain or some other deny access rule. So, if the email address of the spam account is now disallowed, I can't delete the account. Who decided the admin account can't delete any user account regardless of the deny rules?

Is there a way to require a specific domain during registration to only allow e-mail addresses from a particular domain, then once that use has created an account, allow them to change it and not have a rule that only restricts e-mails to one domain not deny it or block that user?

I completely understand the whole using rules to block out all but one domain (or others for admins), but I'm not seeing a logical way to make it possible for users to change their e-mail address to one they prefer to use later. We're verifying/restricting for one domain, but we'd like to keep those users after they've moved on and no longer have access to the old e-mail address that we're requiring.

Obviously we can just add in "allow" rules for people that contact us with their new address, but that would get old real quick, especially with thousands and thousands of users.

Thanks to anyone that might have some clear ideas and possible steps/code that would help a newbie out!

where is the corresponding information for Drupal 9 ?