About the whitelist URL and Greylist challenge
Capnj - July 30, 2007 - 18:03
| Project: | http:BL |
| Version: | 5.x-0.9 |
| Component: | Documentation |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
The module configuration makes reference to a whitelist URL. Is there one? Or should that be deleted from the greylist message?
There is also reference to a greylist challenge issued to those who are greylisted -- does that happen on the honeypot project page? That's a bit of a mystery as far as the documentation here.
#1
Grey- and whitelisting are features of the Drupal module. Greylisting allows users that aren't certainly a bot, e.g. because their ISP assigned them an IP previously used by a bot or users from large networks with shared IPs, to regain access for the current session by passing a simple test. The challenge occurs through the module - on your site and for the current session only.
#2
How do I set up a whitelist?
Is there a way I can trigger the greylisting and see what that user is confronted with?
gil
#3
Whitelisting works through the access table (admin/user/access).
You can try greylisting by adding your IP to the httpbl table with status 2 (iirc).
#4
You said "Whitelisting works through the access table (admin/user/access)"
I'm not seeing that. Did you mis-speak? The reference to a whitelist makes reference to a whitelist URL which I took to be a list maintained either on my site or elsewhere. Admin/user/access is merely the access control page for all modules.
My apologies for all the questions, but maybe they will help you compile more documentation! :-)
gil
#5
There's no support for an external whitelist. Through admin/user/access you can add IP addresses, any whitelist status will be honored by the module.
#6
OK, you're talking about in admin/user/rules/add, right? Add a rule to ALLOW, check HOST, and enter the IP there.
But then your default greylisted message includes:
You may try whitelisting on %whitelisturl.
What is the whitelisturl referred to there? That's my question.
gil
#7
That is the URL for the module's own whitelisting. The url is replaced automatically.
The workflow is as follows:
- Visitor gets greylisted
- Visitor gets presented a message with whitelist link (internal)
- Visitor follows whitelist link
- Visitor is required to enter some information (to verify that he/she is human)
- Visitor gets access to the site for his/her current session
#8
NOIW I understand. Thanks. I've installed the module on 5 sites with a honeypot on each and am anxious to see in a couple of weeks if some bad guys are scooped up. Thanks for the work and the great response.
gil
#9
You're welcome.