Support

Hi Nick,

Just had a strange issue last night where an entire site went offline, it seems that somehow though all users to visit the site were being faced with the 'bad person' message from admin tools.

I disabled main.php by renaming, logged in, didnt see anything untoward, then turned back on main.php, and i was able to access again.

Now, this i put down to some kind of strange glitch, a one off, until it happened again today, on a totally different site, suddenly all visitors to the site are faced with this message.

I will need to investigate further to see if i can replicate the issue, however i wanted to post this to see if you had noticed anything similar and a possible fix.

I have a hunch that anytime an admin is blocked accessing query string wrong, then it might block all visitors instead of just a single IP block, i will test some more and report back too.

You have another server in front of your site, all traffic goes through it. When that server's IP is blocked, everybody becomes a bad guy.

Go to Web Application Firewall, Configure WAF, on the Basic Features tab, flip the value of "Enable IP workarounds". If it is No, make it Yes, or vice versa. That works 99% of the time.

Thanks Dale,

This has not happened before, must be something new with my host.

I see it says this reduces our security, can you elaborate, should I question my host about this?

There are two "from" IP addresses involved, the address of the visitor and the address of the second server. When everybody gets locked out, that indicates that the second server is locked out. That's a bad thing. The IP Workarounds setting flips the two IP addresses. So now instead of banning the second server, the visitor's IP address can be banned. It depends on how your host set up the addresses to be forwarded to your web server. The suggested setting is right most of the time, but not always.

It doesn't degrade security to have the setting set correctly. Security is degraded when all security exceptions are reported as being from the second server instead of the bad guy visitor.

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.