fof / ban-ips
Ban IP addresses from your forum
Maintainers
Fund package maintenance!
Requires
- flarum/core: ^2.0.0
Requires (Dev)
- flarum/gdpr: ^2.0.0
- flarum/phpstan: ^2.0.0
- flarum/testing: ^2.0.0
- 2.x-dev
- 2.0.0-beta.1
- 1.x-dev
- 1.2.0
- 1.1.2
- 1.1.1
- 1.1.0
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 0.4.0
- 0.3.0
- 0.2.0
- 0.1.5
- 0.1.4
- 0.1.3
- 0.1.2
- 0.1.1
- 0.1.0
- dev-im/2.x
- dev-im/fix-unban-only-ip-js-error
- dev-im/fire-unbanned-event-on-ip-delete
- dev-im/fix-banned-ips-attribute-save
- dev-im/api-tests-and-permission-fixes
- dev-im/js
- dev-im/maint
- dev-dependabot/npm_and_yarn/js/lodash-4.17.23
- dev-dependabot/npm_and_yarn/js/babel/helpers-7.28.6
- dev-dependabot/npm_and_yarn/js/webpack-5.105.2
- dev-dependabot/npm_and_yarn/js/babel/plugin-transform-modules-systemjs-7.29.7
- dev-dependabot/npm_and_yarn/js/fast-uri-3.1.2
- dev-dependabot/npm_and_yarn/js/multi-0d13b2d87f
- dev-dependabot/npm_and_yarn/js/ajv-6.14.0
- dev-dependabot/npm_and_yarn/js/babel/runtime-7.28.6
- dev-revert-38-dependabot/npm_and_yarn/js/cross-spawn-7.0.6
- dev-im/index
- dev-im/stable1-0
- dev-ralkage-backup
This package is auto-updated.
Last update: 2026-06-03 20:24:55 UTC
README
A Flarum extension that lets moderators ban IP addresses, blocking the people behind them from logging in or registering.
Unlike Flarum's built-in user suspension — which only stops a known account — banning an IP shuts the door on the address itself. This is useful against ban-evaders who keep creating new accounts, and against spammers and bots registering from the same network.
Features
- Ban an individual IP address directly from the admin panel, with an optional reason.
- Ban a user by their IP(s) straight from a post or the user's profile. You can choose to ban only the IP of the post in question, or every IP the user has ever posted from.
- Catch shared accounts. Before banning, the extension shows you which other accounts have posted from the same IP address(es) so you know exactly who a ban will affect.
- Blocks login and registration from banned IPs. Banned users are also signed out the moment they make a request from a banned address.
- Won't lock out staff. Users (and admins) who hold the ban permission can never be IP-banned, and a banned IP never blocks a non-banned user who simply happens to share it.
- "Banned" badge displayed next to affected users so moderators can spot them at a glance.
- Manage existing bans from the admin page: review the creator, associated user, address, reason and date, edit the reason, or remove a ban.
- GDPR aware. When FoF GDPR is enabled, banned-IP records are included in data exports and decoupled from users on erasure (the IP itself stays banned).
Permissions
The extension adds two permissions, configurable per group in the admin panel:
| Permission | Description |
|---|---|
Ban IP addresses (fof.ban-ips.banIP) |
Create, edit and remove IP bans, and ban/unban users by IP. A moderator cannot edit a ban they created themselves, nor ban another user who also holds this permission. |
View banned IP address list (fof.ban-ips.viewBannedIPList) |
View the list of banned IPs in the admin panel and the banned IPs associated with a user. |
How it works
A "ban" is a record of an IP address. On every forum request the extension checks the visitor's address:
- Requests to register or log in from a banned IP are rejected — unless the account being logged into is not itself associated with a banned IP.
- An authenticated user making a request from a banned IP is logged out.
When you ban a user, the extension looks up every IP address they have posted from and bans each one, so a single action covers all of the user's known addresses.
Installation
Install with Composer:
composer require fof/ban-ips:"*"
Updating
composer update fof/ban-ips
Then clear the cache:
php flarum cache:clear
Issues
Links
An extension by FriendsOfFlarum, commissioned by webdeveloper.com.