Support

Admin Tools

#22903 Restricting access by IP - stopped working?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 03 July 2015 04:39 CDT

Friday, 03 July 2015 02:30 CDT

user7767
Hi,

We've been using the restrict by IP feature in admin tools for a couple of years now but today I've noticed it has stopped working. I usually have to initiate a connection via my purchased static IP in order to login and gain access to the admin area but at present I can gain access without doing so, in other words, from an IP which is not specified in the whitelist. In Configure WAF we definitely have "allow admin access only to IPs in whitelist" set to YES so I'm a little concerned about why this seems to be malfunctioning.

Thanks in advance.

Regards,
Quentin

Friday, 03 July 2015 04:39 CDT

nicholas
We have automated tests in place, running against PHP 5.3, 5.4, 5.5 and 5.6, to make sure this will never happen. Nevertheless I did try it manually myself just now against a Joomla! 3.4.3 site running on PHP 5.4. I can confirm it works fine.

Check that the System - Admin Tools plugin is published and is the first plugin to load (it's at the top of the list when ordered by Ordering ascending).

Go to Components, Admin Tools and make sure there is no big red box telling you that the installation is corrupt. Do note that the check may take a few seconds to complete so please do stay on the page for a minute or so to be sure there is no big red box after all. If you do see this big red box please install the component, twice in a row, without uninstalling Admin Tools before or in between.

Go to Components, Admin Tools, Web Application Firewall and make sure the correct IPs are set in the IP whitelist feature.

Go to Components, Admin Tools, Web Application Firewall, Configure WAF and make sure that the "Allow administrator access only to IPs in Whitelist" option is set to Yes. Please note that if you don't do that the whitelisted IPs are IGNORED per our documentation.

Go to Components, Admin Tools, Web Application Firewall, Configure WAF and check the Never block these IPs and Whitelisted domains. If your IP or its domain are in these lists they are NOT subject to any security checks, including IP whitelisting.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!