Support

I need a screenshot of this error message. We definitely do not put any messages in our software in German; we only supply English language files since 2018. Trying to search for this exact phrase returns no results, so it sounds like you have set up on your site, most likely as the message for automatically blocked IP addresses.

Here's my theory of what must've happened.

Your original site is using Admin Tools with the administrator secret word feature set up. This means that you are accessing your site's administrator as something like https://www.example.com/administrator/index.php?YOUR_SECRET.

When you restored your site you said that you accessed the administrator as http://localhost/administrator without providing the secret URL parameter (which would've been http://localhost/administrator/index.php?YOUR_SECRET). As a result, you were blocked from accessing the administrator, a blocked request was recorded in Admin Tools and you were redirected to the frontpage.

Trying to do that again ultimately recorded enough blocked requests in Admin Tools that you got your IP address (127.0.0.1 since you're accessing the site locally) automatically blocked. So now you can no longer access your site because your local IP address is blocked from accessing your local site.

For some reason you do not remember that the message you are receiving is the message that you have set up as the blocked IP message and you sent us both on a wild goose chase.

You can confirm this by following the instructions in Admin Tools for Joomla! 4 :: Admin Tools' Web Application Firewall (WAF) locked you out of your site (akeeba.com) to get yourself unblocked from the local site.

> But I had set my home network fixed IP address in the exception list to be never disabled

See, here's the misunderstanding :) There's something non-obvious about networking. For the benefit of people reading this public ticket I'll do a very short  crash-course into local networking.

All operating systems with a network stack come with a preconfigured virtual network interface called loopback. This creates a special network which exists only inside that operating system installation and typically has the IPv4 address space 127.0.0.0/8 (IP addresses 127.0.0.0 to 127.255.255.255) with localhost typically defined as 127.0.0.1 and the IPv6 address space ::1/128 (that's just the ::1 address).

When you restore a site on a local server running on the same machine as your browser you are telling your browser to access your site over the loopback interface. You can in fact disconnect all physical network interfaces (Ethernet cables, WiFi, Bluetooth etc) and you will still be able to do that. That's the whole reason of a loopback interface.

So, when you access http://localhost from your browser you tell it to go over the loopback interface to connect to your local server. Your local server sees the localhost IP address which is typically 127.0.0.1 (IPv4) or ::1 (IPv6). You can always set up your site to allow 127.0.0.1/8,::1 to allow loopback access without being blocked.

Why don't we add this exception by default? Two reasons.

1. It would prevent you from testing your changes in Admin Tools settings on a local server. If we had explicitly allowed localhost by default Admin Tools would be effectively disabled when developing a site locally. You'd be unaware of any misconfiguration which affects a live site. You'd deploy your site and everything would be broken. Oops.

2. It's a bad idea for live servers. Depending on the server configuration it's possible for a compromised site to attack other sites on the same server by doing HTTP(S) requests over the loopback interface. We don't want to give this kind of compromised site carte blanche to attack our site!

Now you know :)