Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by on Saturday, 05 June 2021 20:17 CDT
Hello,
I am running into an issue where a few visitors called requesting us to unblock them so they can read the news on our website.
I am pretty sure the reason they are being blocked is that they used to visit our old site which was a WordPress site and the autofill in the browser's address bar points them to an old link that doesn't exist anymore, causing the firewall to block them.
Is there a safe way to stop this from happening? I have the old site in a subdomain at the moment.
Thank you
Normally I'd ask you to check the Blocked Requests Log to see what is the Target URL and Reason for each person being blocked. This will tell you why these people are being blocked.
However, I can make an educated guess. You said your site was based on WordPress and the way you worded your request makes me think that people need to log into your site to read the news. In this case it's very likely they had bookmarked the login page of WordPress. However, the 404Shield of the Web Application Firewall in Admin Tools, if enabled, would treat the WordPress login URL and the WordPress administration URLs as blocked requests. If these people tried to access such a URL repeatedly they'd get their IP blocked.
Go to Component, Admin Tools, Web Application Firewall, Configure WAF, Cloaking and set “404 Shield” to No. Click on Save & Close.
If my educated guess was right this will fix the problem you have. Otherwise check the Blocked Requests Log and tell me what is the Reason and Target URL for the people who get blocked.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Thank you for the reply. The visitors only have to login to access the digital copy of the newspaper but not to read news articles.
Most of the 404 shield blocked ip addresses are blocked by accessing a photo directly from the old site.
most are for a reason like /wp-content/uploads/2016/11/Diario-119.jpg which opens up if I put the subdomain where the old site is infront of the url. But if I put the main domain it blocks it. I am not sure why the photos are being opened directly though.
I have the old site embedded in an iframe on the new one as a news archive. Not sure if that has something to do with it.
Our website is Diario.aw and the old site is in the menu tab called "Archivo"
which opens up if I put the subdomain where the old site is infront of the url. But if I put the main domain it blocks it.
First things first. The subdomain is running WordPress. It has the image file you are looking for. Therefore it serves the image. The main site runs Joomla. It does not have the image you are looking for. All missing files are handled by Joomla's index.php file (that's how SEF URLs work; any "missing" file is handled by Joomla). However, Joomla doesn't know what to do with this URL either. Therefore it throws a 404 error.
Since you have enabled the 404Shield in Admin Tools configuration (as I explained before) it kicks in. Now, look at the default configuration of this feature:
wp-admin.php wp-login.php wp-content/* wp-admin/*
Your image URL matches the third pattern: wp-content/ followed by anything else (that's what the star stands for). Therefore it is treated as a Blocked Request.
Since you can't make the old image URLs magically disappear your best course of action is to go to Components, Admin Tools, Web Application Firewall, Configure WAF, Cloaking tab and set “Enable 404Shield” to No.
The reason is that your site used to be a WordPress site and you will most definitely get traffic from old URLs which would be caught by the 404Shield feature. The 404Shield feature is designed for Joomla sites on domains which never had any WordPress site on them before, meaning that any WordPress URLs would be a tell-tale sign of someone trying to do something shady. This is NOT the case with your site; your site is the exact opposite. Therefore you should turn this feature off.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!