IPBan Pro is only officially supported on Windows Server 2012+, Windows 8.1+, Ubuntu 16.04+ and Debian 8+. For Linux, iptables and ipset will be installed and used. If you require a different firewall, please contact [email protected]
When you have downloaded the .zip file, extract it to a temp folder on your computer. For Linux, use
chmod +x installer_executable_pathto give execute permissions to the installer.
On Windows, select the installer executable, right click, select properties and unblock if needed.
NLA is not supported with IPBan Pro on Windows Server 2012 or older. You must use Windows Server 2016 or newer if you want NLA. Failed logins do not log properly with NLA on the older Windows editions, regardless of any settings, registry or group policy changes. Learn more about NLA.
IPBan Pro Datacenter Edition
IPBan Pro Datacenter Edition is licensed for multiple physical computers or virtual machines all running IPBan Pro that connect to a separate server running the IPBan Pro Web Admin Utility. Your IPBan Pro account can tell you how many instances your license allows to install.
A physical machine counts as one instance. Each virtual machine also counts as one instance.
Installation of IPBan Pro Datacenter requires to first install the IPBan Pro Web Admin Utility on a separate computer. This computer will act as the control center for all the other computers running the IPBan Pro software. The computer running the Web Admin Utility can also have an instance of IPBan Pro Datacenter client running on it as well.
Web Admin Utility Install
To install the Web Admin Utility, extract the IPBanProWebAdmin zip file to a folder of your choice on the server. Then run from a root/administrator command prompt:
./DigitalRuby.IPBanProWebAdmin -install -v=http://serverdnsname:port -user=username -password=password
Set serverdnsname to your computer name or ip address and set the port to an unused port on the machine. This tells the Web Admin Utility what url to send out to the clients. The -user and -password are optional, and can be used to protect your installation if desired. You must pass the same user and password parameters to each client install as well.
Please ensure your firewall is setup to allow the IPBan Pro Web Admin Utility to communicate on the specified port in the -v argument above. You can whitelist the installed clients and your personal computer in the firewall for extra security if you desire.
Web Admin Utility Uninstall
To uninstall the IPBan Pro Web Admin Utility:
./DigitalRuby.IPBanProWebAdmin -install -u
HTTPS / SSL
If you are exposing the Web Admin Utility outside your local network, it is highly recommended that you use SSL (https), along with a user name and password (see the -user and -password install parameters).
Failing to specify a -user and -password parameters, or using plain http will expose the Web Admin Utility to outside attackers. For Windows, IIS has easy to setup SSL options. On Linux, nginx is recommended and is also easy to setup with SSL.
If your Web Admin Utility is accessible only within your local network through VPN or firewall rules, then plain http and anonymous access may be acceptable.
The Web Admin Utility can connect using sqlite (default), sql server, mysql or postgres. Here are some examples:
./DigitalRuby.IPBanProWebAdmin -install -v=http://serverdnsname:port -user=username -password=password -db=sqlserver "-dbconn=Server=YourDbServerIpOrName; Database=IPBanProWebAdmin; Integrated Security=true;"
./DigitalRuby.IPBanProWebAdmin -install -v=http://serverdnsname:port -user=username -password=password -db=mysql "-dbconn=server=YourDbServerIpOrName; uid=ipban; pwd=your_very_secure_password; database=IPBanProWebAdmin;"
./DigitalRuby.IPBanProWebAdmin -install -v=http://serverdnsname:port -user=username -password=password -db=postgres "-dbconn=Driver=Host=YourDbServerIpOrName;Port=5432;User ID=ipban;Password=your_very_secure_password;Database=IPBanProAPI;Maximum Pool Size=1024;Pooling=true;"
Please note the quotes around the entire -dbconn argument, they are necessary. You can set the server/host in the connection string to any ip address or dns name. For performance and security, using localhost is recommended. If you are using a different server for the database, ensure the correct ports are open in your firewall on that server. If you do not specify the -db and -dbconn parameters, a local sqlite database will be used.
IPBan Pro Web Admin Utility has been tested with up to 1000 clients. If you see sluggish performance beyond that, you can consider clustering your machines with separate Web Admin Utility servers and databases. The Web Admin Utility will delete any failed logins, successful logins and blacklisted ip address rows older than 7 days from the database by default.
The IPBan Pro Web Admin Utility can run in IIS on Windows if desired. Please follow these steps:
- Ensure your Windows box is setup with IIS including web socket support along with anonymous authentication
- Install the latest .NET core hosting pack
- Install the Web Admin Utility without the
- Create a website in IIS with integrated pipeline and no managed code
- Create an application pool and assign it to the website
- Make sure the application pool
Enable 32 bit Applicationsetting matches your Web Admin Utility CPU architecture
- Point the IIS website to the folder where you installed the Web Admin Utility
- Ensure the binding for the website is the correct host, ip address, port and SSL settings
- Enable only anonymous authentication for the website, disable all other authentication types
- Consider setting the application pool user identity to LocalSystem if you run into any strange errors
- Restart IIS
- When updating or re-installing, stop the app pool first, re-install / update, then start the app pool again
- *IMPORTANT* Before installing any clients, open the Web Admin Utility in your browser and edit settings and set your base url to the IIS url for the website
- When you do install clients, pass this parameter:
-v=[iis_url](replace with your actual IIS url)
The IPBan Pro Web Admin Utility can run in NGINX on Linux if desired. Please follow these steps:
- Install nginx
- Install the Web Admin Utility and pass the
-vparameter with a proxy url, i.e.
- Create a site in nginx with a host url accessible outside the machine, and a proxy url pointing to the
-vparameter from when you installed the Web Admin Utility.
- Open the Web Admin Utility using the nginx url and set the base url to the nginx defined url, not the proxy/localhost url
- When installing clients, pass the
-v=[nginx_url]parameter (replace with your actual nginx url)
IPBan Pro Datacenter Client Install
To install IPBan Pro Datacenter client service on individual computers, extract the IPBanProDatacenter zip file to a folder of your choice. Then run from a root/administrator command prompt:
./DigitalRuby.IPBanProDatacenter -install -v=http://serverdnsname:port -user=user -password=password
Ensure that the
-v, -user and -password parameters match the same values that you specified when installing the IPBan Pro Web Admin Utility.
You can omit these parameters if you did not specify them during the Web Admin Utility install.
After the client begins running and connects to the Web Admin Utility, the Web Admin Utility will be in charge of sending the url and configuration down to the clients.
If you want to change your web admin server, first change the url in the Web Admin Utility, wait for it to propagate to the clients (about 30 seconds) and then stop the Web Admin Utility, and restart it on the new server.
You should use a dns name instead of an ip address to avoid having to do this in the first place. A dns name means you can shutdown one Web Admin Utility server with the dns name and bring up another Web Admin Utility server with the same dns name without the clients having to change configuration.
IPBan Pro Datacenter Client Uninstall
To uninstall IPBan Pro Datacenter:
./DigitalRuby.IPBanProDatacenter -install -u
IPBan Pro Personal Edition
IPBan Pro Personal Edition is licensed to be run on one physical computer or virtual machine. IPBan Pro Personal contains both the IPBan Pro client and IPBan Pro Web Admin Utility bundled in one.
IPBan Pro Personal Install
Installation of IPBan Pro Personal is easy. Simply extract the IPBanProPersonal zip file to a folder of your choice. Then run from a root/administrator command prompt:
With IPBan Pro Personal, you can access the Web Admin Utility by connecting to http://localhost:52664. If for some reason that port is in use, you can add a -v=http://localhost:port parameter when you install, i.e.
./DigitalRuby.IPBanProPersonal -install -v=http://localhost:34567
IPBan Pro Personal Uninstall
To uninstall IPBan Pro Personal:
./DigitalRuby.IPBanProPersonal -install -u
IPBan Pro Notes
IPBan Pro Personal does not support a user name or password in the installer, as it is hosted on localhost and not accessible from outside the local machine.
It is not recommended to host IPBan Pro Personal in IIS, as IIS will shut down application pools that have not had a request in 24 hours by default.
General Install Parameters
If you run the any of the IPBan Pro installers with arguments of
you can get a full list of possible install parameters. This can be very helpful, especially on Windows, where you can set additional actions, such as resetting the terminal services grace period, or enabling NLA, etc. You could then create your own batch file or shell script to wrap the installer with the additional arguments to keep things automated.
Web Admin Utility Usage
The IPBan Pro Web Admin Utility allows configuring all IPBan settings and viewing reports and statistics about failed or successful logins, banned ip addresses, etc. The Web Admin Utility also maintains a connection to each IPBan Pro computer and allows sharing of banned ip addresses between all of the computers connected to the IPBan Pro web admin.
The Web Admin Utility provides tooltips on all labels explaining what each setting does. In addition, the IPBan Free version documentation is also highly relevant, as IPBan Pro is built on top of IPBan Free edition.