Support

The first thing you need to do is check the Blocked Requests Log to find out what the Reason and Target URL are when your IP address is blocked. If there's a consistent reason we can help with it.

The WAF Deny List reason means that you are triggering one of the “always block these requests” rules set up in Admin Tools, Web Application Firewall, WAF Deny List page. There are only three rules we ship with Admin Tools. The Target URL you see is the Joomla login page.

Here's the thing. None of the three rules we ship with Admin Tools can be triggered by the login page under normal circumstances. These leaves us with two options.

1. You have created a new WAF Deny List rule or modified a new one. I would assume that if you had done that you'd know about it but it's also possible that you thought you were doing something else (per the old UNIX adage: to err is human, to truly mess things up requires assistance from a computer programme).

2. Some third party extension is triggering an existing rule. Based on your issue description so far that would very likely be rule #2.

Check if you only have three rules. If there are more rules you have added something. Think about what you added and why.

Make sure that rule number 2 appears as Frontend, Verb: (Any), Component: com_users, Task: (All), Query Parameter: Partial user[groups] (Any Content). If it is different than that you have changed it. Think about why you changed it or, better yet, restore it back to its original settings.

If there are only three rules and rule #2 is intact you have some third party plugin doing something idiotic, sending a user group with the login form or allowing you to edit the user groups from the frontend. Rule #2 is there to prevent against exactly that and for a good reason: allowing the submission of user-selected user groups in the frontend of com_users can potentially open your site to privilege escalation (a ‘mere mortal’ user assigning themselves Super User privileges, thereby taking over your site).

The third rule in your screenshot is something you added and blocks the entire com_users login page. This is not something we ship with Admin Tools.

You can see the three rules shipped with Admin Tools in administrator/components/com_admintools/sql/install.mysql.utf8.sql lines 153 to 163 (for Admin Tools 7.1.1). Three rules, none of which is blocking the entire frontend login page.

Delete that rule you added.

Please note that this is a self-inflicted issue. You added something even though you don't remember doing it. Since you are now aware of your mistake and how to fix it I am closing this ticket.