I have run into several issues with people who don't use right passwords and get blocked. I delete their ip from the block list and black list. I have them delete their viewing history and data, but they are still seeing the warning that they are blocked. I have even added their ip to the white list but they still get the message. I have told them to add the full url including http://www. to their url, but still nothing. This has happened on all my sites and when trying to unblock them nothing works. I have turned off blocking to see if that rectifies the issue but it doesn't. Their browsers shouldn't be showing them this page if if their ip isn't in the database, unless there is some other list somewhere that they are still on. The only thing that works is turning off admin tools. This problem has happened on all browsers. How can I unblock these people?
#27197 Unblocking safe ips
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by on Tuesday, 28 March 2017 17:17 CDT
Thursday, 23 February 2017 22:53 CST
thewedge
Friday, 24 February 2017 01:10 CST
nicholas
Akeeba Staff
Manager
Is your site behind a CDN or a reverse / caching proxy server? It would seem that the CDN / proxy is caching the old page and doesn't ask your site for a new one.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Saturday, 25 February 2017 12:09 CST
thewedge
I once had Ngnix running, but it had been off since this incident. If I turned off Admin Tools they can see the site. As soon as I turn it back on they get the message and white page with message. I don't have any Joomla caching on either.
Sunday, 26 February 2017 13:40 CST
nicholas
Akeeba Staff
Manager
In this case I believe that when you say "I delete their ip from the block list and black list" you mean something different than what I understand. What I do understand is carrying out four steps:
1. Remove security exceptions from that IP address
If you do not follow this step the IP address may be automatically blocked again, depending on your settings.
2. Remove automatically blocked IPs
If you do not follow this step an automatically banned IP will be prohibited from accessing the site.
3. Remove from blocked history
If you do not follow this step a repeatedly blocked IP address may be permanently banned.
4. Remove from blacklist
If you do not follow this step a blacklisted IP address will never be allowed on the site. Blacklisting has precedence over whitelisting. An IP may be blacklisted either manually or automatically, after being repeatedly banned. This depends on your settings.
If the above do note help please clarify which message your users get. Not the actual message itself but whether it's a. the "Custom message" under Security Exception Message Customization OR b. the "Show this message to blocked IPs" message under Auto-ban Repeat Offenders. This will clarify whether you want help with a user being IP-blocked or a user having their wrong password treated as a security exception. In the former case the advice I gave is sufficient. In the latter case it'd seem that you are not aware of the implications of activating the "Treat failed logins as security exceptions" option under Joomla! Feature Hardening Options, in which case you should deactivate that feature and consult the documentation. If that still doesn't help I will need you to go to the Exceptions Log page and tell me what is the Reason and Target URL reported for the IP in question.
1. Remove security exceptions from that IP address
- Go to Components, Admin Tools, Web Application Firewall
- Click the Exceptions Log button.
- Delete all records with that IP address.
If you do not follow this step the IP address may be automatically blocked again, depending on your settings.
2. Remove automatically blocked IPs
- Go to Components, Admin Tools, Web Application Firewall
- Click on the Auto IP Blocking Administration button.
- Select the record showing the IP address and click on the Delete button to delete the block.
If you do not follow this step an automatically banned IP will be prohibited from accessing the site.
3. Remove from blocked history
- Go to Components, Admin Tools, Web Application Firewall
- Click on the Auto IP Blocking History button.
- Select the records showing the IP address and click on the Delete button
If you do not follow this step a repeatedly blocked IP address may be permanently banned.
4. Remove from blacklist
- Go to Components, Admin Tools, Web Application Firewall
- Click on the Site IP Blacklist
- Select the record showing the IP address and click on the Delete button
If you do not follow this step a blacklisted IP address will never be allowed on the site. Blacklisting has precedence over whitelisting. An IP may be blacklisted either manually or automatically, after being repeatedly banned. This depends on your settings.
If the above do note help please clarify which message your users get. Not the actual message itself but whether it's a. the "Custom message" under Security Exception Message Customization OR b. the "Show this message to blocked IPs" message under Auto-ban Repeat Offenders. This will clarify whether you want help with a user being IP-blocked or a user having their wrong password treated as a security exception. In the former case the advice I gave is sufficient. In the latter case it'd seem that you are not aware of the implications of activating the "Treat failed logins as security exceptions" option under Joomla! Feature Hardening Options, in which case you should deactivate that feature and consult the documentation. If that still doesn't help I will need you to go to the Exceptions Log page and tell me what is the Reason and Target URL reported for the IP in question.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Tuesday, 28 March 2017 17:17 CDT
System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.