Support

Admin Tools

#29816 whiltelist an IP to all checking via CSRF Shield

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 12 July 2018 17:17 CDT

careytech
My client had a service (Detectify) that checks/tests security on their site. They want it to run. I whitelisted the IP addresses used by these services, but the IP still gets marked for a CSRF Shield violation, and as a result the IP gets put into the auto-blocked list.

Is there a way to white list an IP address so that it never gets blocked as a violater? .. yet keeing the checks and rules of Admin Tools in place for all other IP addresses?

careytech
I'd like to quality my initial request... We do not want Admin Tools to remove the protection for CSRF Shield against the testing service, but we do want a way for this testing service not to be moved to the auto-banned list. Is this possible through configuration settings?

tampe125
Akeeba Staff
Hello,

if they have a fixed IP, you can put it inside the field Never block these IPs inside the Configure WAF page.
In that way Admin Tools will never block it.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

careytech
Thanks. I had tried that as indeed this service uses three fixed IP addresses. However, the client showed me an email she received that listed one of these three as being blocked. I cannot confirm whether or not the IP address was blocked, but the client did get the email that is sent when an IP is blocked. I can speculate that the white listing is working and prevents an IP address from being blocked, but the email is still generated for white-listed IP addresses. Not sure, but it is my best guess at this time.

Anyway, I think at this time the client is content with this issue. She has set up an email rule to delete any emails coming from Admin Tools that list any of these three IP addresses.

tampe125
Akeeba Staff
That's because the the IP is already blocked, you have to remove that IP from the exceptions log and the list of temporary blocked IPs.
However, since the customer is happy with that, I think we can consider this solved.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!