Administrating IPBan.

IPBan is a service running on the empire server that will block an IP address once it was used in 5 failed login attempts within 10 hours. Once the IP has been banned it will be banned indefinitely (technically 90 days). Currently this is only configured to block failed VPN login attempts. 

I - Accessing Administration page

Administering the IPBan service is done through a web UI that is only accessible from the empire server locally. You can access the UI by going to http://localhost:52664 on the empire server. There is a direct link to this on the desktop.

II - Unban an IP address

If a user gets blocked they can be unblocked by following the process below

1. Open the IPBan administration screen (http://localhost:52664) on the empire server
2. Go to Tools and select “Unban IP Addresses”
3. Enter the user's IP address and click “Unban”

III - Check if an IP is banned

You can check to see if an IP address is being banned by following the process below

1. Open the IPBan administration screen (http://localhost:52664) on the empire server
2. Go to Tools and select “Is IP Address Banned”
3. Enter the IP address and click “Submit”