Support

Admin Tools

#14956 Admin IP whitelist protection does not workl

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 10 February 2013 03:48 CST

Saturday, 09 February 2013 00:52 CST

turgut

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 2.5.9
PHP version: 5.3.18
MySQL version: 5.1.66-cll
Host: (optional, but it helps us help you)
Admin Tools version: 2.4.4

Description of my issue:

The IP white list protection of admin access is enabled and tried to access to admin backend *(without my IP in the whitelist) it does allow me to access even though it should not.

Β 

Turgut

Saturday, 09 February 2013 01:29 CST

nicholas
One of the following is going on:

Accessing your site from an IP in the whitelist or any other IP in the no block lists in the Configure WAF page.

You have added your IP in the whitelist but you have notenabled the whitelist feature in the Configure WAF page.

You have not enabled the System - Admin Tools plugin.

You have renamed or removed the files under plugins/system/admintools

Your PHP version in your site's back-end is not PHP 5.3 but PHP 5.2.6 or earlier.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 09 February 2013 04:40 CST

turgut

Dear Nicholas


Accessing your site from an IP in the whitelist or any other IP in the no block lists in the Configure WAF page.

Turgut> My IP is in no whitelist nor in blacklist

You have added your IP in the whitelist but you have notenabled the whitelist feature in the Configure WAF page.

Turgut>The feature is enabled

You have not enabled the System - Admin Tools plugin.

Turgut> The plugin is enabled

You have renamed or removed the files under plugins/system/admintools

Turgut> no the file is there exist and no name changed

Your PHP version in your site's back-end is not PHP 5.3 but PHP 5.2.6 or earlier.

Turgut> My PHP is 5.3.18

Β This feature was working but it is not working sincde it was upgraded.

REgards

Edited by turgut on 2013-02-09 04:43 CST

Saturday, 09 February 2013 04:56 CST

nicholas

There is only one other possibility left: your server doesn't report the correct IP address to Admin Tools. In order to check it please go to Admin Tools, Web Application Firewall, Administrator IP Whitelist and cick on New. What is "Your IP" listed at the top of the page? If this is not the same as the IP you get from e.g. whatismyipaddress.com then your server is reporting the wrong (or no) IP to PHP and all IP-based features of Admin Tools cannot work.

If, however, the IP listed there is correct then one of your assertions in your previous post is false. There is no other way what you describe can possibly happen.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 09 February 2013 17:54 CST

turgut

Dear Nicholas

Everything seems right please see screen shots in the document attached.

Sunday, 10 February 2013 03:48 CST

nicholas

I know what's wrong. You were already logged in before your IP changed and your session timeout in Global Configuration is very big. This means that Joomla! recognises you as a logged in administrator. Since the administrator IP whitelist protection only runs (for performance reasons) when you attempt to load the login page, you never get to see the login page and you never get blocked. Try logging out and logging back in. You're blocked.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!