⚠️ Status: untested. This extension is provided as-is and has not been tested in production. Please feel free to fork, modify, improve, and open pull requests.Licensed under GNU GPLv3 (see LICENSE).
Screens every front-end request against the ip-block.com IP-screening service before the page is served. Blocked visitors are redirected (or shown a 403 message); everyone else passes through untouched.
- Platform: phpBB
- Tested against: phpBB 3.3.17 (3.3.x line)
- Requires: PHP 7.1.3+, the
cURLextension (a stream fallback is included) - Extension package:
ipblock/protection
| Concern | Implementation |
|---|---|
| Earliest hook | core.common event (fired from common.php, before any controller) |
| Never lock out the ACP | The listener returns immediately when ADMIN_START is defined |
| Real client IP | REMOTE_ADDR, or CF-Connecting-IP / X-Forwarded-For when behind a proxy |
| Whitelist | Always honoured, checked before any API call |
| Caching | phpBB cache driver, keyed by md5(ip|user_agent|referrer), TTL configurable |
| Fail mode | On timeout / error / non-2xx / missing action, apply fail open (default) |
| API call | POST to the API URL, 1 second timeout, api_key in the JSON body |
POST https://api.ip-block.com/v1/check
Content-Type: application/json
{ "api_key": "...", "site_id": "...", "ip": "...", "user_agent": "...", "referrer": "..." }
Response: {"action":"allow"} or {"action":"block"}. A visitor is blocked only
when action === "block".
- Copy the
ipblock/folder into your board'sext/directory so the path is:ext/ipblock/protection/. - Go to ACP -> Customise -> Manage extensions.
- Click Enable next to IP Block Protection.
- Open ACP -> Extensions -> IP Block and enter your Site ID and API key, then enable screening.
| Setting | Default | Notes |
|---|---|---|
| Enable IP screening | Off | Master switch |
| Site ID | (empty) | Your ip-block.com site id |
| API key | (empty) | Sent in the request body |
| API URL | https://api.ip-block.com/v1/check |
|
| Fail open | On | Allow visitors when the API is unreachable |
| Cache lifetime | 300 |
Seconds; 0 = check every request |
| Behind a proxy / CDN | Off | Read real IP from CF / XFF headers |
| Block action | Redirect | redirect or 403 message |
| Block message | (text) | Used with the 403 message action |
| IP whitelist | (empty) | One IP per line, always allowed |
Disable, then delete the extension from ACP -> Customise -> Manage extensions. Configuration and the ACP module are removed automatically.
GNU General Public License v2.0 only.