Skip to content

Flood blocked IP

Available since: 1.0.0

Provided tokens

Token Description
[user] The current user.
Alias: current_user
[htmx] Information about the current HTMX request.
[htmx:is_request] Whether the current request was sent by HTMX ("1" or "0").
[htmx:boosted] Whether the current request was boosted by HTMX ("1" or "0").
[htmx:history_restore] Whether the current request is for HTMX history restoration ("1" or "0").
[htmx:target] The value of the HX-Target request header.
[htmx:trigger] The value of the HX-Trigger request header.
[htmx:trigger_name] The value of the HX-Trigger-Name request header.
[htmx:current_url] The value of the HX-Current-URL request header.
[htmx:prompt] The value of the HX-Prompt request header.
[account] The flooding user entity.
Alias: entity
[event] The event.
[event:machine_name] The machine name of the ECA event.
[session_user] The user account that dispatched the event, regardless if ECA is processing models under a different account. This is only available if ECA is configured to always run under a specific account.

Reacts when a login attempt is blocked by Drupal's flood control due to too many failed attempts from a particular IP address.

This wraps the Drupal core UserEvents::FLOOD_BLOCKED_IP event, which fires when the flood threshold for user.failed_login_ip is exceeded.

Account token may be empty

For IP-based flood blocks, the [account] token may not resolve to a user entity because the flood control only tracks the IP address, not a specific user account.