The Blocked Requests Log viewer page
Very often you will need to know why a request got blocked. This can be useful when tailoring the protection of your site, doing some troubleshooting about something not working in the frontend of your site or trying to help a client or visitor who seems to be blocked all the time. This is where the Blocked Requests Log comes to help you.
This page shows you the list of blocked requests, from the most recent to the oldest one. Each blocked requests displays the date and time it got blocked, the IP address it appeared to come from, the blocking reason and the URL the request was made against.
Next to each IP you will see two buttons. The first button opens a new tab or window with the IP lookup service you have configured in the Web Application Firewall configuration page. This lets you get some more insight.
The button next to that allows you to add or remove the IP address for the Site IP Deny List. It is generally a bad idea doing that yourself except in extreme circumstances, e.g. the same IP bombarding your site at a very high rate. Please read the documentation of the Site IP Deny List to understand why you should be adding every IP address you see here in the Site IP Deny List.
Note | |
---|---|
If you want to unblock someone who got their IP inadvertently blocked you will have to remove all records belonging to their IP address in FOUR (4) places: Site IP Disallow List, Blocked Requests Log, Auto IP Blocking Administration and Auto IP Blocking History. Alternatively, use the Unblock IP button in the Web Application Firewall control panel page in Admin Tools. |
The block reasons, listed in the log and optionally sent to you by email are the following. The "Code" is what you need to enter in the "Do not log these reasons" or "Do not send email notifications for these reasons" options in WAF configuration to prevent these blocked requests from being logged or trigger an email respectively.
Code: 404shield
See the Configure WAF page, 404 Shield. The request was blocked by Admin Tools.
Code: adminpw
Someone tried to access your site's administrator section but he didn't provide the secret URL parameter. Admin Tools blocked him and prevented him from seeing the login page at all.
Code: ipwl
Someone tried to access your site's administrator section but his IP was not in the Administrator Exclusive Allow IP List. Admin Tools blocked him and prevented him from seeing the login page at all.
Code: not applicable
Someone tried accessing the front- or back-end of your site but his IP is in the IP Disallow List. Admin Tools blocked him and didn't allow him to see the content of your site.
Code: sqlishield
See the Configure WAF page, SQLiShield protection against SQL injection attacks. The attack was blocked by Admin Tools.
Code: antispam
The request contains one of the Bad Words you have defined and was blocked by Admin Tools.
Code: not applicable
Only for Joomla! 1.5, see the respective option in the Configure WAF page. The attack was blocked by Admin Tools.
Code: tmpl
See the Configure WAF page, Block tmpl=foo system template switch. The attack was blocked by Admin Tools.
Code: template
See the Configure WAF page, Block template=foo site template switch. The attack was blocked by Admin Tools.
Code: muashield
See the Configure WAF page, Malicious User Agent block (MUAShield). The attack was blocked by Admin Tools.
Code: not applicable
See the Configure WAF page, Bad Behaviour integration. The attack was blocked by Admin Tools. NO LONGER PRESENT SINCE ADMIN TOOLS 2.5.3
Code: rfishield
See the Configure WAF page, Remote File Inclusion block (RFIShield). The attack was blocked by Admin Tools.
Code: dfishield
See the Configure WAF page, Direct File Inclusion shield (DFIShield). The attack was blocked by Admin Tools.
Code: uploadshield
This feature is obsolete.
Code: xssshield
(Only on older sites) Cross Site Scripting block (XSSShield). The attack was blocked by Admin Tools. This has been removed in Admin Tools 3.6.7 as it was throwing too many false positives (legitimate requests being blocked).
Code: httpbl
See the Configure WAF page, SQLiShield protection against SQL injection attacks. The attack was blocked by Admin Tools.
Code: loginfailure
Someone tried to log in in the front- or back-end of your site with the wrong username and/or password.
Code: securitycode
Someone tried to log in the back-end of your site but provided the wrong Two Factor Authentication code. Please note that this feature has been removed since Admin Tools 3.5.0. If you see it, it probaby comes from an old version of Admin Tools. We have contributed our Two Factor Authentication code to Joomla itself since Joomla 3.2.0 released in late 2012.
Code: nonewadmins
Someone tried to create or edit an administrator user from the backend of your site. In this context "administrator user" means any user who belong in one or more User Groups that gives them backend login privileges. In a default Joomla! installation these are the users belonging to the Manager, Administrator and Super User groups.
Code: nonewfrontendadmins
Someone tried to create or edit an administrator user from the frontend of your site. In this context "administrator user" means any user who belong in one or more User Groups that gives them backend login privileges. In a default Joomla! installation these are the users belonging to the Manager, Administrator and Super User groups.
Code: configmonitor
Someone tried to change either the Global Configuration of Joomla! itself or the configuration (Options) of a component. Please consult the additional information saved with this blocked request to understand which configuration was attempted to be changed. The change may have originated from the backend or the frontend of your site.
Code: itemidshield
An invalid Itemid value was detected and your ItemidShield configuration preference is Block. The attack was blocked by Admin Tools.
Code: susparams
The request contained an invalid value for one of Joomla!'s core query string parameters and you've enabled Block Suspicious Core Parameters. The attack was blocked by Admin Tools.