Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the tickets before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)
Description of my issue:
#14636 whitelist ip still blocked
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by nicholas on Friday, 11 January 2013 07:18 CST
Thursday, 10 January 2013 21:02 CST
user48475
Thursday, 10 January 2013 21:36 CST
user48475
Sorry I was actually pretending to create a ticket as a way to search through possible answers to my problem. However, I am not finding the answer and so will put in this ticket:
Have I read the related troubleshooter articles above before posting (I have been trying to search for answers)
Have I searched the tickets before posting? Yes and that is how I accidently created this ticket. Must have hit the enter key.
Have I read the documentation before posting (I have read the users guide a couple times)
Joomla! version: (Joomla! 2.5.8 Stable [ Ember ] 8-November-2012 14:00 GMT)
PHP version: (5.3.15)
MySQL version: (5.5.23-55)
Host: (HostGator)
Admin Tools version: 2.4.4
I have set up the admin tools and love it. However, it is blocking out some people that I need to collaborate with. Like the owners of the site: :-) They are taking it well. I had found their ip number in the exception log and so I put that number in three places to whitelist them:
Configure WAF -> Bad Behaviour Integration: White list IPs
Configure WAF -> Auto-ban Repeat Offenders: Never block theses IPs
Administrator IP Whitelist
They are still being blocked. I have instructed them to clear their cache. But, that did not work. I believe I may still be blocking them. I have cleared my Joomla cache. I have also cleared the JAT3 Cache (JoomlArt template) but doubt that matters. I am wondering if Admin Tools has it's own cache setting somewhere. In that vein of logic I thought maybe I could remove all the entries from the Security Exception Log but that also did not help.
So, if anybody has some useful advice for me right now I am all ears! :-)
Thank you, Sean
Friday, 11 January 2013 02:30 CST
nicholas
Akeeba Staff
Manager
Most Internet connections are assigned a dynamic IP address which may change periodically. My old ISP would assign me an IP address and it wouldn't change unless I turned off my ADSL router or a connection error occured (like when a stupid telco subcontractor "accidentally" ripped a bunch of optic fibers while digging a trench for new fiber optic lines...). My current ISP changes my IP address every 6 hours automatically.
I guess this is what is going on. Your client's IP address changes over time, making it impossible to use the IP whitelist feature. So, I'd recommend turning it off.
If this doesn't help, maybe you have enabled IP auto-banning in Admin Tools. In this case you will have to remove their IP from both the Auto IP Blocking Administration page and the Security Exceptions Log page.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Friday, 11 January 2013 06:53 CST
user48475
Thank you very much Nicholas,
I really appreciate that I am having these problems because it means the security features are very powerful. I have stepped back a bit and turned off some of the security, and removed the banned IPs from the security exceptions list and the auto-ban list in order for them to finish the site development and then I will add the security features back one at a time and test them.
Sean
I really appreciate that I am having these problems because it means the security features are very powerful. I have stepped back a bit and turned off some of the security, and removed the banned IPs from the security exceptions list and the auto-ban list in order for them to finish the site development and then I will add the security features back one at a time and test them.
Sean
Friday, 11 January 2013 07:18 CST
nicholas
Akeeba Staff
Manager
Yep, the security features can make a site VERY locked down. Some of the settings are "paranoia level". Most sites don't need them. You have to weigh between security and convenience, keeping in mind what is the objective value of what you're trying to protect. Good security means making access acquisition to the target cost more than the profit of an attacker should he acquire access to the target. That's why a personal blog with few visitors can be secured very easily and access to a nation state's secrets can never be considered secure. Security is a relative quality.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!