Support

I have a site that on several occasions over the last two weeks has gone down apparently due to the Admin Tools firewall blocking all traffic to the site regardless of the incoming IP address. For example, I get notified by Watchful.li that the site is down. When I attempt to visit the site I get the Admin Tools you are a spammer message. However, if I try to visit the site from another IP via a VPN it doesn't matter what the IP is I still see the same message both in the front end and if trying to access the back end.

When I disable the firewall and go in to look at things the most recent exceptions in the log were from many minutes before everything locked up. There is one IP that is hitting it hard but that IP is not my IP nor any that I have access to. My personal IP is not in the block list.

Any idea what I can do to determine the cause of these lockouts? And what would make it block everyone regardless of IP?

It isn't blocking every IP, only the one you see in the log. The IP belongs to your host. It belongs to another server that sits in front of your web server. All traffic to your site flows through that server first. The other server passes two "from" IPs to your web server, the IP of the other server and the real IP of the visitor. There is a correct order that these IPs should be passed in but LOTS of hosts set them up backwards. So every exception is logged to the other server's address and eventually it gets blocked, which stops all traffic to your web server. Not good. So that's the why part.

To stop it, go to Web Application Firewall, Configure WAF, on the first tab, change the value of IP Workarounds. If it's on, turn it off or vice versa.