Support

Admin Tools

#34339 IP address - /administrator treated as Admin Query String and blocked

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by vthomas on Tuesday, 12 January 2021 11:28 CST

Tuesday, 12 January 2021 11:02 CST

vthomas

When I type pinnacledryer.com/administrator (and successfully pass the first login request at the server level), I am getting redirected to the homepage of the URL instead of accessing joomla login page as usual.  In researching cause, this stops when either happens:

(1) I disable the main.php file for admin tools

or

(2) I connect to my 'other' internet provider, which gives me a different IP address.

A recent change on my end is that I am using a new internet service.  I still have access to the old service so have been able to access the backend of site by connecting with old internet service.

See attached screenshot.  That is my IP address with the internet 'new' service I am trying.  I could not find that IP address in the blocked IP list, I also used the function in AT to 'unblock an IP' for this IP.  The message that I got when I used that was "IP address unblocked" but ... then trying to access /administrator results again in redirection to homepage and logged in Blocked Request Log.

This new internet service, with IP address that starts w 172, also uses a dynamic IP.  So, my IP address might be different tomorrow.  So, adding an IP address to "never block IP" list won't help in long term.  I don't know if that is part of the issue.  My browser location will tell you I am in one city, while this IP address is located in another US state.  Does AT check this level of detail?

If the dynamic IP address is part of the issue, please let me know. I'm at a loss as to why I am blocked at the IP that starts 172.

 Vicky Thomas
Edited by on 2021-02-11 20:45 CST

Tuesday, 12 January 2021 11:12 CST

nicholas

Please refer to https://www.akeeba.com/documentation/admin-tools/web-application-firewall.html#waf-configure-basic-protection "Enable IP workarounds" and  "Administrator secret URL parameter".

Components, Admin Tools, Web Application Firewall, Configure WAF. Set Enable IP workarounds to Yes.

Then check the "Administrator secret URL parameter" value and follow the documentation instructions for using it to access your site's administrator. Quick tip: if the value there is foobar and your site is https://www.example.com you can only access your site's administrator login as https://www.example.com/administrator/index.php?foobar

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 12 January 2021 11:28 CST

vthomas

Thank you for your quick reply.

Took the time to read that section, also found this: https://www.akeeba.com/support/admin-tools/Ticket/24660:admin-login-reverts-to-homepage-for-some-administrators-2.html

I did not realize that when running the Config Wizard that the secret Admin URL is set up and active.  With my previous static IP address in the never block list, I guess this never came up as an issue.  Sorry I missed that detail.

In my case, I have set Enable IP Workarounds to NO (it was YES) as I am not behind any of those things, and I removed the secret parameter (made that field blank).  Now I was able to access the backend of the site in the IP 172...  as usual.

I will consider adding the secret parameter in the future.

Thank you!  Vicky

 Vicky Thomas

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!