Closed (fixed)
Project:
http:BL
Version:
5.x-0.9
Component:
Documentation
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
30 Jul 2007 at 18:03 UTC
Updated:
31 Jul 2007 at 20:29 UTC
The module configuration makes reference to a whitelist URL. Is there one? Or should that be deleted from the greylist message?
There is also reference to a greylist challenge issued to those who are greylisted -- does that happen on the honeypot project page? That's a bit of a mystery as far as the documentation here.
Comments
Comment #1
praseodym commentedGrey- and whitelisting are features of the Drupal module. Greylisting allows users that aren't certainly a bot, e.g. because their ISP assigned them an IP previously used by a bot or users from large networks with shared IPs, to regain access for the current session by passing a simple test. The challenge occurs through the module - on your site and for the current session only.
Comment #2
Capnj commentedHow do I set up a whitelist?
Is there a way I can trigger the greylisting and see what that user is confronted with?
gil
Comment #3
praseodym commentedWhitelisting works through the access table (admin/user/access).
You can try greylisting by adding your IP to the httpbl table with status 2 (iirc).
Comment #4
Capnj commentedYou said "Whitelisting works through the access table (admin/user/access)"
I'm not seeing that. Did you mis-speak? The reference to a whitelist makes reference to a whitelist URL which I took to be a list maintained either on my site or elsewhere. Admin/user/access is merely the access control page for all modules.
My apologies for all the questions, but maybe they will help you compile more documentation! :-)
gil
Comment #5
praseodym commentedThere's no support for an external whitelist. Through admin/user/access you can add IP addresses, any whitelist status will be honored by the module.
Comment #6
Capnj commentedOK, you're talking about in admin/user/rules/add, right? Add a rule to ALLOW, check HOST, and enter the IP there.
But then your default greylisted message includes:
You may try whitelisting on %whitelisturl.
What is the whitelisturl referred to there? That's my question.
gil
Comment #7
praseodym commentedThat is the URL for the module's own whitelisting. The url is replaced automatically.
The workflow is as follows:
- Visitor gets greylisted
- Visitor gets presented a message with whitelist link (internal)
- Visitor follows whitelist link
- Visitor is required to enter some information (to verify that he/she is human)
- Visitor gets access to the site for his/her current session
Comment #8
Capnj commentedNOIW I understand. Thanks. I've installed the module on 5 sites with a honeypot on each and am anxious to see in a couple of weeks if some bad guys are scooped up. Thanks for the work and the great response.
gil
Comment #9
praseodym commentedYou're welcome.