Proactive protection module is configured in the Control Panel at Settings > System settings > Module settings > Proactive protection
The Settings tab highlights the available IP address blocking options and event logging in the system.
IP address blocking config
Allow Proactive Protection to ban your computer by IP (showing a warning message) – allows self-blocking by IP address. Warning message appears upon attempting to bock your own IP and after a second attempt to save blocking is finalized.
Path to IP block disable flag file (root-relative) – indicate path to a flag file that can be used to remove specified IP address restrictions in the field Path to IP block disable flag file (root-relative). Creating such a flag file is performed manually and helps to get access incase self-blocking by IP. File name can remain
by default
By default this file name can have the following format: ipcheck_disable_.
, or can be indicated arbitrarily.
Example for handling a flag file
Let's overview the processing of the flag file using the situation of an accidental self-blocking by IP address:
Flag file has the following path in module settings: /bitrix/modules/ipcheck_disable_ourproject267. File has a custom name: ipcheck_disable_ourproject267;
Proceed to block your own IP. Immediately, an error 403 Forbidden appears after the blocking, i. e. access from the specified IP is restricted to this IP;
To return the access, connect to the sever using FTP and proceed via the path /bitrix/modules/;
Create an empty file with the name ipcheck_disable_ourproject267;
As soon as the file is created, all IP blocks are removed and the resource becomes available again;
Now, enter Control Panel, delete the IP from the Stop list, then delete the flag file to return existing restrictions by the remaining IPs (if available).
Attention! Delete the flag file immediately after all issues with access are resolved. The Proactive protection module settings and the
Stop list
You can find at the Stop List page (Settings > Proactive protection > Stop List) provides information about rules for blocking the access for specific IP addresses to your Site or its several sections.
will show a corresponding
warning
.
Logging parameters
This section allows indicating how and where event details are saved with writing option enabled at module's Control Panel (Settings > Proactive protection).
When selected, event details will be recorded into a file.
Absolute file path
Specifies absolute path to file, containing event details entry.
Access permissions
Default access permission User groups access permission level with "by default" permissions level.
[select_user] Access permission update for specific group. Possible assignment of the following access permissions to the Proactive protection module:
[D] Deny access - access restriction;
[F] Bypass proactive filter - for specified user group to bypass the proactive filter;
