Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Concept
This module allows administrators to restrict access to the site to an administrator defined set of IP addresses. Anyone trying to access the site from an IP address not in the list of allowed IP addresses will be redirected to an access denied page with the message "Your address is not in the list of allowed IP addresses". No blocks will be rendered, and no JavaScript will be added to the page. This will happen for any and all pages these users try to access. The module also has various configuration options to whitelist or blacklist pages, bypass IP checking by role, and alter the output when the user is blocked.
Features
- IP check can be bypassed by role. Roles are selected on the site permissions page, after enabling this feature on the module settings page
- When roles are allowed to be bypassed, users can either be redirected to the login page, or be shown a link to the login page on the access denied page
- IP checking can be set for the entire site (check IP addresses on any and all paths), selected paths can be blacklisted (check IP addresses only on those paths), or selected paths can be whitelisted (check IP addresses on all paths other than those paths)
- Countries can be whitelisted (only users from those countries will be allowed access) or blacklisted (users from those countries will not be allowed access). Note that this functionality requires the following modules:
- Drupal 8.x-2.0:
- Drupal 7.x-2.1:
- Regions on the page can be whitelisted by implementing hook_restrict_ip_whitelisted_regions() (see restricted_ip.api.php)
- JavaScript files can be whitelisted by implementing hook_restrict_ip_whitelisted_js_keys() (see restricted_ip.api.php)
- The output on the access denied page can be changed/added to/removed by implementing hook_restrict_ip_access_denied_page_alter() (see restricted_ip.api.php)
- Comments can be added to the configuration page, allowing users to leave notes on which IP address (or range) is for what. Comments of the following formats are allowed:
- //comments
- #comment
- /*
comments
*/
- The README.txt contains recipes on how to perform various actions, and customize the output when a user is restricted by IP address
- Denied access attempts can be logged to to the Drupal log. This requires the Database logging (dblog aka watchdog) module to be enabled, and the box to be checked on the settings page.
- Whitelisted URLs can be added to the settings.php file, by creating the following array (see Configuration override system for details)
- D8:
$config['ip_whitelist']. Example:$config['ip_whitelist'] = ['127.0.0.1']; - D7:
$conf['restrict_ip_whitelist']. Example:$conf['restrict_ip_whitelist'] = array('127.0.0.1');
- D8:
3.x (Drupal ^8 || ^9)
3.x is the Drupal 9 compatible SemVer release based on 8.x-2.0. To ensure nothing breaks for existing installations with the Drupal 9 compatibility and to use the benefits of SemVer, this release was created by @Anybody. Sooner or later it will replace the 8.x-x versions with Drupal 8's EOL.
8.x-2.0 (Drupal 8 - to be deprecated)
8.x-2.0-beta1 has been released, with the white/black listing by country feature enabled, however, no automated tests have yet been written. It seems to work fine, and could use some user testing. A release candidate and full version will be released after automated tests have been written.
Installation
- Install the module as you would any other module
- Navigate to Admin -> Configuration -> People -> IP Address Whitelist
- Enter enter allowed IP addresses. You can enter either a single address in IPv4 or IPv6 format, or a range of addresses in the form of
AAA.BBB.CCC.XXX - AAA.BBB.CCC.YYY. Each address or range of addresses should go on a separate line. - Ensure the 'Enable module' checkbox is checked
- Submit the form to enable the module
Warning
If you enable IP restriction and do not enter your own IP address, you will be locked out of the site immediately upon save. Your own IP address is given on the settings page so that you can enter it into the list. If you do accidentally lock yourself out of your site, see the README.txt file for instructions on how to get back access to the site.
Supporting organizations:
proudly helped to improve this module for the community
Project information
Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed.- Maintenance fixes only
Considered feature-complete by its maintainers. - Module categories: Administration Tools, Site Structure, Security
1,632 sites report using this module- Created by Jaypan on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
Releases
4.0.0-beta1
released 16 March 2023
Works with Drupal: ^9.4 || ^10
✓ Recommended by the project’s maintainer.
Install:
Development version: 4.x-dev updated 29 Nov 2023 at 17:22 UTC
7.x-2.2
released 28 July 2018
released 28 July 2018
Works with Drupal: 7.x
✓ Recommended by the project’s maintainer.
Development version: 7.x-2.x-dev updated 28 Jul 2018 at 02:03 UTC
