This module controls all of the settings that are applicable to Phx2Ban. The configuration settings can either be set in your application config like so:

config :phx_2_ban,
  router: MyAppWeb.Router,
  # Or, if you have multiple routers:
  # router: [MyAppWeb.Router, MyOtherAppWeb.Router],
  check_interval: 120_000,
  block_duration: 86_400

Or they can be provided as options to the entry in your supervision tree like so:

def start(type, args) do
  children = [
    ...
    {Phx2Ban, router: MyAppWeb.Router, check_interval: 120_000, block_duration: 86_400},
    ...
  ]
end

The options passed to the supervisor take precedence over the configuration options set in your application config.

Below are the supported options:

• :router - Required. The Router or list of Routers that are used in your Phoenix application.

• :ignore_routes - The routes Phx2Ban should ignore. Requests to these routes are not analysed and will never get blocked. Can be a full path (e.g. /webhooks/stripe) or regex (e.g. ~r/webhooks/*). The default value is [].

• :enabled (boolean/0) - Enable/Disable Phx2Ban altogether. Useful in dev and test environments or if Phx2Ban misbehaves in production. The default value is true.

• :resp_status_code (non_neg_integer/0) - The status code of the response for malicious users. The default value is 403.

• :resp_body (String.t/0) - The body of the response for malicious users. The default value is "Forbidden".

• :resp_headers (list of tuple of String.t/0, String.t/0 values) - The response headers in the response for malicious users. The default value is [].

• :inspect_percentage (non_neg_integer/0) - The percent of traffic that is inspected as an integer between 0 and 100 (inclusive) The default value is 100.

• :additional_rules (list of atom/0) - The modules listed in this configuration are added to configured :rules The default value is [].

• :rules (list of atom/0) - Controls the rules that are used to check inbound requests. By default all of the Phx2Ban rules are included. If you would like to add additional rules on top of the Phx2Ban included rules use the :additional_rules configuration option instead. The default value is [Phx2Ban.Rules.Linux, Phx2Ban.Rules.PHP, Phx2Ban.Rules.Drupal, Phx2Ban.Rules.Wordpress, Phx2Ban.Rules.Python, Phx2Ban.Rules.Windows, Phx2Ban.Rules.KnownMaliciousIp].

• :check_interval (non_neg_integer/0) - How often the ETS table is checked for IPs that can be unbanned in milliseconds. The default value is 60000.

• :allow_list (list of String.t/0) - A list of IP addresses whose requests are never analyzed. This may be useful for internal network communication. By default localhost is the only IP address on the allow list. The default value is ["127.0.0.1"].

• :block_duration (non_neg_integer/0) - How long IP addresses are banned for in milliseconds. The default value is 360000.

• :malicious_req_threshold (non_neg_integer/0) - How many malicious requests must be made by an IP address before it is banned for the configured :block_duration. The default value is 3.