IPBan Pro is only officially supported on Windows Server 2012+, Windows 8.1+, Ubuntu 16.04+ and Debian 8+. For Linux, iptables and ipset will be installed and used. If you require a different firewall, please contact [email protected]
When you have downloaded the .zip file, extract it to a temp folder on your computer. For Linux, use
chmod +x installer_executable_pathto give execute permissions to the installer.
On Windows, select the installer executable, right click, select properties and unblock if needed.
NLA is not supported with IPBan Pro on Windows Server 2012 or older. You must use Windows Server 2016 or newer if you want NLA. Failed logins do not log properly with NLA on the older Windows editions, regardless of any settings, registry or group policy changes. Learn more about NLA.
IPBan Pro Datacenter Edition
IPBan Pro Datacenter Edition is licensed for multiple physical computers or virtual machines all running IPBan Pro that connect to a separate server running the IPBan Pro web admin utility. Your IPBan Pro account can tell you how many instances your license allows to install.
A physical machine counts as one instance. Each virtual machine also counts as one instance.
Installation of IPBan Pro Datacenter requires to first install the IPBan Pro web admin utility on a separate computer. This computer will act as the control center for all the other computers running the IPBan Pro software. The computer running the web admin utility can also have an instance of IPBan Pro Datacenter client running on it as well.
To install the web admin utility, extract the IPBanProWebAdmin_[version].zip file to a folder of your choice on the server. Then run from a root/administrator command prompt:
./DigitalRuby.IPBanProWebAdmin -install -v=http://serverdnsname:port -user=username -password=password
Set serverdnsname to your computer name or ip address and set the port to an unused port on the machine. This tells the web admin utility what url to send out to the clients. The -user and -password are optional, and can be used to protect your installation if desired. You must pass the same user and password parameters to each client install as well.
Please ensure your firewall is setup to allow the IPBan Pro web admin utility to communicate on the specified port in the -v argument above. You can whitelist the installed clients and your personal computer in the firewall for extra security if you desire.
The web admin utility can connect using sqlite (default), sql server, mysql or postgres. Here are some examples:
./DigitalRuby.IPBanProWebAdmin -install -v=http://serverdnsname:port -user=username -password=password -db=sqlserver "-dbconn=Server=YourDbServerIpOrName; Database=IPBanProWebAdmin; Integrated Security=true;"
./DigitalRuby.IPBanProWebAdmin -install -v=http://serverdnsname:port -user=username -password=password -db=mysql "-dbconn=server=YourDbServerIpOrName; uid=ipban; pwd=your_very_secure_password; database=IPBanProWebAdmin;"
./DigitalRuby.IPBanProWebAdmin -install -v=http://serverdnsname:port -user=username -password=password -db=postgres "-dbconn=Host=YourDbServerIpOrName;Port=5432;User ID=ipban;Password=your_very_secure_password;Database=IPBanProAPI;Maximum Pool Size=1024;Pooling=true;"
Please note the quotes around the entire -dbconn argument, they are necessary. You can set the server/host in the connection string to any ip address or dns name. For performance and security, using localhost is recommended. If you are using a different server for the database, ensure the correct ports are open in your firewall on that server. If you do not specify the -db and -dbconn parameters, a local sqlite database will be used.
IPBan Pro web admin utility has been tested with up to 1000 clients. If you see sluggish performance beyond that, you can consider clustering your machines with separate web admin utility servers and databases. The web admin utility will delete any failed logins, successful logins and blacklisted ip address rows older than 7 days from the database by default.
The IPBan Pro Web Admin Utility can run in IIS on Windows if desired. Please install the latest .NET core hosting pack, create a website in IIS with integrated pipeline and no managed code, and ensure Windows authentication is enabled if desired. You must either use Windows authentication or Basic authentication if running in IIS (see installer parameters for user and password for basic authentication). In process hosting will be used. Please reference https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/?view=aspnetcore-3.1#install-the-net-core-hosting-bundle for full details.
To uninstall the IPBan Pro web admin utility:
./DigitalRuby.IPBanProWebAdmin -install -u
To install IPBan Pro Datacenter client service on individual computers, extract the IPBanProDatacenter_[version].zip file to a folder of your choice. Then run from a root/administrator command prompt:
./DigitalRuby.IPBanProDatacenter -install -v=http://serverdnsname:port -user=user -password=password
Ensure that the -v, -user and -password parameters match the same values that you specified when installing the IPBan Pro web admin utility on the server that you installed the web admin utility on. This is how the client will sync up initially and connect to the IPBan Pro web admin utility. User and password are not necessary for the client if they were not passed to the web admin utility installer.
After the client begins running and connects to the web admin utility, the web admin utility will be in charge of sending the url down to the clients. If you want to change your web admin server, first change the url in the web admin utility, wait for it to propagate to the clients (about 30 seconds) and then stop the web admin utility, and restart it on the new server. It is recommended to use a dns name instead of an ip address to avoid having to do this in the first place. A dns name means you can shutdown one web admin utility server with the dns name and bring up another web admin utility server with the same dns name without the clients having to change configuration.
To uninstall IPBan Pro Datacenter:
./DigitalRuby.IPBanProDatacenter -install -u
HTTPS / SSL
If you are exposing the web admin utility outside your local network, it is highly recommended that you use SSL (https), along with a user name and password (see the -user and -password install parameters).
Failing to specify a -user and -password parameters, or using plain http will expose the web admin utility to outside attackers. For Windows, IIS has easy to setup SSL options. On Linux, nginx is recommended and is also easy to setup with SSL.
If your web admin utility is accessible only within your local network through VPN or firewall rules, then plain http and anonymous access may be acceptable.
IPBan Pro Personal Edition
IPBan Pro Personal Edition is licensed to be run on one physical computer or virtual machine. IPBan Pro Personal contains both the IPBan Pro client and IPBan Pro web admin utility bundled in one.
Installation of IPBan Pro Personal is easy. Simply extract the IPBanProPersonal_[version].zip file to a folder of your choice. Then run from a root/administrator command prompt:
With IPBan Pro Personal, you can access the web admin utility by connecting to http://localhost:52664. If for some reason that port is in use, you can add a -v=http://localhost:port parameter when you install, i.e.
./DigitalRuby.IPBanProPersonal -install -v=http://localhost:34567
To uninstall IPBan Pro Personal:
./DigitalRuby.IPBanProPersonal -install -u
IPBan Pro Personal does not support a user name or password in the installer, as it is hosted on localhost and not accessible from outside the local machine.
IPBan Pro Personal is not accessible outside of localhost, so a secure connection is not needed.
It is not recommended to host IPBan Pro Personal in IIS, as IIS will shut down application pools that have not had a request in 24 hours by default.
If you run the IPBan Pro installer with arguments of
you can get a full list of possible install parameters. This can be very helpful, especially on Windows, where you can set additional actions, such as resetting the terminal services grace period, or enabling NLA, etc. You could then create your own batch file or shell script to wrap the installer with the additional arguments to keep things automated.
Web Admin Utility Usage
The IPBan Pro web admin utility allows configuring all IPBan settings and viewing reports and statistics about failed or successful logins, banned ip addresses, etc. The web admin utility also maintains a connection to each IPBan Pro computer and allows sharing of banned ip addresses between all of the computers connected to the IPBan Pro web admin.
The web admin utility provides tooltips on all labels explaining what each setting does. In addition, the IPBan Free version documentation is also highly relevant, as IPBan Pro is built on top of IPBan Free edition.