403 Access denied on whitelisted admins

  • taco100

    (@taco100)


    1 month ago

    Hi

    Thanks again for a great plugin!

    For a long time we have this bug (this how how we call it) that if we didnt access the WP admin for a few days – the system lock us out, even when the IP is whitelisted in User security, Firewall, Brute force.

    The only workaround we’ve found is to manually disable the plugin, login regularly, and then re-enabeling it. But it’s very annoying working like that 🙂

    How can we prevent those blocks?

    Best

    Tal

    (Can’t attach image, here it is: https://snipboard.io/tM4ZDR.jpg)

    • This topic was modified 1 month ago by taco100.
Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 month ago

    Hi @taco100,

    Do you have the AIOS → Brute Force → Login Whitelist feature enabled? It’s possible that your IP address has changed and is not included in the whitelist, which may be why the login page is showing a 403 Forbidden error.

    Could you please add the constant below to your wp-config.php file and check whether this resolves the issue?

    define( 'AIOS_DISABLE_LOGIN_WHITELIST', true );

    Regards

    Thread Starter taco100

    (@taco100)

    1 month ago

    Hi hjogiupdraftplus and thanks for you prompt reply.

    In this case it wasen’t enabled when the IP was blocked, I just enabled it after the blocking began in order to whitelist this IP, but it still block from time to time (we have this blocking of a whitelisted IP’s happen in few of our websites, for a long time already).

    Tal

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 month ago

    Hi @taco100,

    It seems strange that you do not have AIOS > Brute force > Login whitelist – not enabled, yet the wp-login.php shows a 403 forbidden error.

    Is the IP in the AIOS > Firewall > Ban and allow list? It is need to know why IP gets blocked?

    Regards

    Thread Starter taco100

    (@taco100)

    1 month ago

    I now have this option enabled with his IP but I think it wasn’t like this before so I can’t recall in 100%.
    I hope I don’t have any mistake here while pointing out the wrong origin of the blocking, I will attach the picture my user sent to me before I’ve added his IP to the white listings (which solved the issue).

    (Can’t attache image, here it is: https://snipboard.io/2CJN4w.jpg)

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 month ago

    Hi @taco100,

    Ok, if adding the IP to AIOS > Brute force > login whitelist solved the issue.

    That user might not have a static IP, and the IP may change in the future. The issue may reappear. Please do not use the login white list feature if you do not have a static IP.

    Regards

    Thread Starter taco100

    (@taco100)

    1 month ago

    I’m pretty sure it also happen to us when the IP is correctly excluded in the whitelist, but I promise to get back to this thread when it happens next time to be 100% sure and not 95% 🙂

    Thanks (if you want I’ll mark it as resolved but will I be able to re-open it again?)

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 month ago

    Hi @taco100

    I’m not sure, but let’s keep this open for a week. I’ll mark it as resolved after that. You can still add a comment to this topic after it has been resolved.

    Regards

    Thread Starter taco100

    (@taco100)

    1 month ago

    So it happenned again…
    My employee get 403, I saw that his IP was changed so I totally turned “Login lockout whitelist” >> OFF,
    The audit and logs and Locked IP’s in Dashbooard are all empty fro,m that case (only some old irrelevant logs).
    But still he get 403…
    I’ll now disable the plugin and re-enable afer he loges in, but What’s next to prevent it from happening?
    Thanks

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 month ago

    Hi @taco100,

     AIOS > Brute force > login whitelist – have you disabled it?

    Are you saying for the login lockout tab for AIOS > User security – Enable login lockout IP whitelist: ? It should be different and should not show 403 forbidden if locked out will redirect to 127.0.0.1.

    https://snipboard.io/WG5xkh.jpg

    AIOS > Settings > Advanced settings tab has IP address detection settings. There, you may cross-check the right IP address detection, which matches https://whatismyipaddress.com/ IP address.

    Regards

    Thread Starter taco100

    (@taco100)

    3 weeks, 4 days ago

    Hi!
    Not sure already for that time above, but here is another one from this morning on another website:

    • User gets 403 https://snipboard.io/zHatio.jpg , while his IP is X.Y.Z.199 and while User security >> Login whitelist & Brute force >> Login whitelist is enabled for this IP using range method: X.Y.Z.* (which is OK to use, right?)
    • So I’ve turned the login whitelist off and saved, and still he got the same 403 when retying.
    • Turned Brute force >> Login whitelist off and then he was able to login.

    So where did we get it wrong?
    Thanks!
    Tal

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    3 weeks, 4 days ago

    Hi @taco100,

    A 403 Forbidden error on the login page is typically caused by the brute force protection > login whitelist IP settings. In this case, the user’s IP appears to be correct, so the IP detection settings should be checked.

    In AIOS, go to Settings > Advanced Settings and review the IP address detection options. You should ensure that the detected IP address matches the one shown on https://whatismyipaddress.com/

    Regards

    Thread Starter taco100

    (@taco100)

    3 weeks, 3 days ago

    I would like to show you the results of the test you’ve asked for, but prefer in private as it contains private IP addresses, how can that be done? 🙏

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    3 weeks, 3 days ago

    Hi @taco100

    Generally you may use https://pastebin.com/ burn after read option to share information.

    You should just make sure that  Settings > Advanced Settings show correct IP address as per https://whatismyipaddress.com/

    Your IP address if using this setting same as below

    https://snipboard.io/bTyjmB.jpg

    Thread Starter taco100

    (@taco100)

    3 weeks, 2 days ago

    So: https://snipboard.io/qL8yB5.jpg
    Green are equal.
    Oranges equal.
    And the blocking happened.

    (PS regarding pastebin, just to understand – if I paste it here and someone else here read it before you? How can it help the task of send you something privte?)

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    3 weeks, 1 day ago

    Hi @taco100,

    It appears that IPv6 is being detected, and it matches the IP shown in the green-marked ‘Your IP address’ as well as the IPv6 shown on WhatIsMyIPAddress.

    I have sufficient information so nothing required to share.

    The user is receiving a 403 Forbidden error due to the login IP whitelist, and the IP detection method you are using is correct. It is likely that the IPv6 address is changing frequently, which is why the user is encountering this issue. If the IP address is not static, it should not be added to the login whitelist, as changes may cause access issues for the user.”

    Regards

Viewing 15 replies - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.