Support

Admin Tools, Web Application Firewall, Blocked Request Log. Do you see their IP there? If not, go to the Configure WAF page, Logging & Reporting and make sure that Log blocked requests is set to Yes and the reason they get their request blocked is not listed under Do not log these reasons. Automatic IP blocking operates by looking at the Blocked Request Log.

If they do get their IP temporarily blocked you will see it in the Auto Blocked IP Addresses. If there is nothing listed there, check what I told you above, plus whether their IP address is in either the Never block these IPs list in Configure WAF or the Site IP Allow list.

When an IP is blocked temporarily you get records in the Auto IP Blocking History. Make sure the records for that IP address exist. How many records are there? If they are less than what you configured, they will not get permanently blocked.

Also remember that you must set “Disallow site access to IPs in the IP Disallow List” to Yes. Otherwise you are adding IPs to the permanent ban list, without actually blocking those IPs.

Finally, please remember that Joomla! will still process login requests from banned IPs before it allows Admin Tools to block a request (yeah, I know, it's totally backwards!). This means that you will still receive notifications about failed logins from this IP address, but the blocked user only gets the Admin Tools message that they are blocked, regardless of whether the login succeeded or not. There's nothing we can do without changing Joomla's core code, and that is forbidden by the Terms of Service of the Joomla Extensions Directory.

I now understand what is going on and why I could not reproduce this issue.

We are using automated tests which apply the configuration directly to the database. These tests passed just fine.

However, when I tried reproducing your issue manually, I saw that I indeed had that problem.

Checking the configuration generated by the test and the configuration generated manually the problem became apparent. I had made a typo in the Configure WAF form. Therefore, the setting that you were applying had no effect.

Please install the latest dev release from https://www.akeeba.com/download/admin-tools-professional/7-4-5-dev202312080857-rev4bee9895.html. Now go to the Configure WAF page in Admin Tools. You will see that the “Add persistent offenders to the IP Disallow List” setting is disabled. Enable it. Now the IPs are getting permanently auto-banned as they should.

Note: we will release this dev release as the stable version 7.4.5 next week. It's safe to use.

I am surprised too. It appears to be there since I rewrote Admin Tools for Joomla! 4, more than two years earlier. I guess people were not paying much attention? It happens. It's rare, but it does happen.