Support

Admin Tools for WordPress

#34405 – VPN blocked

Posted in ‘Akeeba Admin Tools for WordPress’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Friday, 22 January 2021 16:54 CST
fgbnl

Today access to my website (both front-end and back-end) was blocked when I accessed over a VPN, message: 'Access Denied.'I have used the VPN for almost a year and never had an issue with this.

The problem occurs a different devices, not just on one device.

When I disable the VPN I have access again, or when I disable admintools.

The IP address from the VPN is not listed in any exceptionlist or blacklist in admintools.

 

Can you clarify what is happening and why?

 

Thanks in advance,

Frans van Bragt

Monday, 25 January 2021 02:06 CST
nicholas

You or someone else using the same VPN triggered too many blocked requests on your site, resulting in the address of the VPN (which is the same for many or all of its users) to become temporarily or permanently blocked.

You can check the blocked requests log in Admin Tools. This will tell you why the IP got blocked in the first place. Filter the list by your VPN IP.

You can then check the Auto IP Blocking History, Auto IP Blocking Administration and WAF Deny List pages to see if that IP address is there. If it is, remove all records from all of these areas. An easy way to do it is going to administrator, Components, Admin Tools, Web Application Firewall, Unblock an IP, enter your IP address and click on Unblock this IP.



Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Monday, 25 January 2021 02:18 CST
fgbnl

That does not seem to be the case. As I wrote in my ticket: 'The IP address from the VPN is not listed in any exceptionlist or blacklist in admintools.'

Also the message 'Access denied' is not the message that Admin tools uses when blocking an IP.

 

 

Kind regards,

Frans van Bragt

Monday, 25 January 2021 03:21 CST
nicholas

Then what you describe is impossible to happen. You are missing something.

If Admin Tools does not list the IP address, it does not block it. Since you are getting a message which is not what you've configured in Admin Tools it further asserts that Admin Tools is not blocking the request.

At the same time you said that "disabling Admin Tools" allows you access with the VPN IP.

Only one of these statements can be true. They are mutually exclusive. Asserting that they are both true at the same time is a logical impossibility. I cannot help with logical impossibilities except point them out and tell you that either your testing was flawed or you missed something.

Try the Unblock an IP feature in Admin Tools. If this helped it means that your first assertion that the request is not blocked by Admin Tools was false.

If it didn't help MAKE DOUBLE SURE you are still using the VPN (check your IP using at least two different sites reporting your public IP), disable the System - Admin Tools plugin and try accessing the same page that gave you the Access Denied from the same browser. If this worked, re-enable the System - Admin Tools plugin and try accessing the same page from a different browser. This will tell you if the problem is something in your session and a third party extension.



Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Monday, 25 January 2021 04:59 CST
fgbnl

Dear Nicholas,

 

All of my statements are true.

What I noticed, and which may be the cause of the problem, is that when the error occurs external IP location services give the location of the IP address in Stockholm, which is incorrect, that should be The Hague, The Netherlands.

When I switch my VPN to another location in the Netherlands where the 'access denied' problem does not occur, the external IP location service gives the correct location.

The problem also occurred after updating my VPN software, before the update there was no problem.

Does Admin tools somewhere/somehow does a check on IP location which causes this problem?

 

Regards,

Frans van Bragt

Monday, 25 January 2021 08:34 CST
nicholas

It sounds like you are making too many assumptions which are not true and don't have internal consistency. Let's see how things really work before we do anything else.

When a request matches one of the rules you've set up in the Configure WAF page it will be blocked and the  user will see the message or page you've set up in Components, Admin Tools, Web Application Firewall, Configure WAF, Customisation, Custom Message. If you have not set up any custom message, Admin Tools will use the language string ADMINTOOLS_BLOCKED_MESSAGE defined in the System - Admin Tools plugin's language file. If the file is missing or corrupt it will fall back to the message "Access Denied".

Admin Tools will store the blocked requests, including their IP addresses, in the Blocked Requests Log as long as the Log blocked requests option is set to Yes (that's the default value).

If an IP address is triggering blocked requests more frequently than your configured frequency then this IP address will be automatically and temporarily blocked. These temporarily blocked IPs appear in the Auto IP Blocking Administration page.

If more blocked requests come from the already temporarily blocked IP address the length of the temporary ban is extended.

Temporarily banned IP addresses are shown the message you have configured in Components, Admin Tools, Web Application Firewall, Configure WAF, Auto-ban, Show this message to blocked IPs.

Every time a temporary ban is effected against an IP it is recorded in the Auto IP Blocking History. If you have enabled Permanently disallow IP after setting in Components, Admin Tools, Web Application Firewall, Configure WAF, Auto-ban and this happens at least equals to the number of times you've configured there (per the Auto IP Blocking Administration page) the IP address will be added to the Site IP Disallow List (not the WAF Deny List as I mistakenly wrote earlier).

If you have enabled the Components, Admin Tools, Web Application Firewall, Configure WAF, Basic Features,  Disallow site access to IPs in the IP Disallow List option then any IPs listed in the Site IP Disallow List and any IPs matching the address ranges / net masks / CIDR blocks listed in the Site IP Disallow List will be blocked from accessing your site. These IPs are considered permanently banned and are shown the message you have configured in Components, Admin Tools, Web Application Firewall, Configure WAF, Auto-ban, Show this message to blocked IPs.

These are the only blocking features present in Admin Tools.

Admin Tools does not store any IP geolocation information. Not only have all integrated IP geolocation features been removed since December 2019, even when they did exist they were informational, they were not stored anywhere. They would only be acted upon to block requests only in the context of you applying explicit country or continent blocking, a feature that's been removed as I already said. It would be absolutely nonsensical to have an entire city being blocked if one IP allegedly from that city appeared to be attacking your site, which seems to be what you implied in your previous response. No, we never did that. That would not make any sense whatsoever!

As I already told you, I need you to go to Components, Admin Tools, Web Application Firewall, Unblock an IP, enter the IP address and click on Unblock this IP. This will remove it from ALL of the log and IP blocking areas of Admin Tools. 

If that doesn't unblock you, it's possible that your server believes that all requests come from the same IP address (note that this is NOT consistent with you saying that turning off your VPN makes your problem disappear). In this case all of the Blocked Request Log entries would appear to be coming from the same IP address. If this is the case you can the Enable IP Workarounds feature in Admin Tools' Configure WAF, Basic Settings. After doing that you need to use the Unblock this IP yet again.

Based on all of the above, the only thing that would make even remote sense is that you have set Log blocked requests option to No, you have not entered a "Show this message to blocked IPs" message in your Admin Tools configuration, your plugin language is missing or corrupt AND accessing your site through the VPN is triggering one of the WAF rules you've set up in Admin Tools.

You can't troubleshoot with no logging, just by making assumptions. First, you'd need to re-enable logging by setting Log blocked requests option to Yes. Then you'd need to set a "Show this message to blocked IPs" message to something. Access your site with your VPN. You should see your "Show this message to blocked IPs" message .

If you do not see your custom message at this point your problem IS NOT with Admin Tools.

If you DO see the custom message check the Blocked Requests Log. What is the IP, Target URL and Reason listed there?



Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Wednesday, 24 February 2021 20:17 CST
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.