Support

Admin Tools

#42264 Transferring to new server, sites blocked due to AdminTools BL'ing server IP

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4x and 5x
PHP version
8.3
Admin Tools version
Admin Tools Pro

Latest post by nicholas on Thursday, 11 September 2025 08:06 CDT

Thursday, 11 September 2025 07:01 CDT

alexio

Hi Gang...  

Am in process of transferring (joomla) sites from one InMotion Hosting VPS, to a new one, and some of the sites were getting blocked due to, as per AdminTools "Add an Administrator Exclusive Allow IP" function reporting my IP as that of the Server IP address: 

–  Your current IP as seen by your web server
-  173.231.19x.17x  (this is the SERVER IP address, not MY IP address... ! 

Of course, I can add that to the 'allow', but feel it's a band-aid. 

I've temporaritly solve it by Uninstalling and fresh Installing AdminTools, but still, when I go to AdminTools / "Add an Administrator Exclusive Allow IP" it still gives the SERVER IP instead of mine.

Is there a setting I'm missing, either in AdminTools, or the new VPS that would show the correct IP address? 

Thanks in advance... 

;-a

 

 

 

 

Thursday, 11 September 2025 08:06 CDT

nicholas

Never add your server's IP address or an internal network IP address to the whitelist in cases like this. You would be effectively disabling all Admin Tools' protection.

Go to Joomla's Global Configuration and set "Behind Load Balancer" to Yes. Click on Save & Close to apply this setting.

These instructions are also in our documentation under the "Admin Tools' Web Application Firewall (WAF) locked you out of your site" section of the troubleshooting pages, and I have explained the what and why in a number of public tickets, e.g. https://www.akeeba.com/support/admin-tools/41162-admin-tools-with-bunnycdn.html#p223270 and https://www.akeeba.com/support/admin-tools/41898-cloudfare-1.html#p227205.

Note that if changing the setting in Joomla does not result in your site seeing a different IP address (check the exclusive IP allow page; it tells you which IP PHP sees for the current visitor i.e. you) you will have to ask your host to make sure that their reverse proxy / load balancer sets the X-Forwarded-For HTTP header. That's a de facto Internet standard, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-For.

If your host confirms that all your traffic goes through a reverse proxy, you should also go to the .htaccess Maker and set "Restrict access by IP" to Custom List, then enter the IP addresses of your host's reverse proxies as entries. Then, click on Save & Create .htaccess. This addresses the what you see on the MDN link above under "Security and privacy concerns" by preventing direct access to your site (as this would allow an attacker to pass a maliciously crafted X-Forwarded-For header which would obfuscate their identity during their attack, evading Admin Tools' automatic iP blocking).

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!