Admin Tools

#17970 CSRF Shield - Private IP Addresses

Posted in ‘Admin Tools for Joomla! 4 & 5’

This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version

n/a

PHP version

n/a

Admin Tools version

n/a

Latest post by tampe125 on Friday, 25 October 2013 09:23 CDT

Friday, 25 October 2013 05:30 CDT

user71441

Hi Nicholas,

Admin Tools Professional (WAP) blocked private IP addresses - CSRF Shield.
For example: 10.10.3.2 and 172.17.164.194.

Is this normal, or does this mean that someone from hosting provider's local network is trying to do something to our site?

Sorry for taking your time, and for my bad English.

Friday, 25 October 2013 08:15 CDT

tampe125

Hello,

are you using NGINX as webserver?
Most likely you have a reverse proxy in front of your site and you have an error inside your configuration.
If it's configured properly it will send an X-Forwarded-For HTTP header and Admin Tools 2.5.8 will respect it; NginX by default doesn't output this, you have to configure it.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 25 October 2013 08:57 CDT

user71441

Hi tempe125,

Thank you for reply.

I'm not sure, I need to ask my hosting provider. There are just few cases with private IP addresses, and there are two cases where WAP has blocked UNKNOWN ip addresses. Everything else looks OK, I mean IP addresses are public.

Filip

Friday, 25 October 2013 09:23 CDT