Dear all
I am having trouble with 1 particular case where a legitimate IP gets blocked from time to time. (in this case it is an IPv6 address, I don't know if this is relevant)
I tried adding this IPv6 IP range to the ip_ignore list without success, the ip range seems 'ignored' (wink )
I am getting this error
In the directadmin log file I can see this:
In this case, it looks like the user had multiple directadmin pages open in tabs, where tabs are saved after closing the browser.
After reopening the browser again (the login sessions are lost after time) the browser tries to reload everything triggering an IP block.
I can also reproduce this by reloading the directadmin page 10 times. (GET / requests)
(Maybe) an IP block should only be made after 10 POST requests.
I am having trouble with 1 particular case where a legitimate IP gets blocked from time to time. (in this case it is an IPv6 address, I don't know if this is relevant)
I tried adding this IPv6 IP range to the ip_ignore list without success, the ip range seems 'ignored' (wink )
I am getting this error
Code:
The ip '2a00:XXXX::' has been added to the /usr/local/directadmin/data/admin/ip_blacklist file for having too many repeated failed login attempts into the '' account.
In the directadmin log file I can see this:
Code:
27/02/2016:17:03:13 2a00:XXXX:: GET / HTTP/1.1 (null)
27/02/2016:17:03:13 2a00:XXXX:: GET /apple-touch-icon-precomposed.png HTTP/1.1 (null)
27/02/2016:17:03:13 2a00:XXXX:: GET /apple-touch-icon.png HTTP/1.1 (null)
27/02/2016:17:03:14 2a00:XXXX:: GET / HTTP/1.1 (null)
27/02/2016:17:03:14 2a00:XXXX:: GET /apple-touch-icon-precomposed.png HTTP/1.1 (null)
27/02/2016:17:03:14 2a00:XXXX:: GET /apple-touch-icon.png HTTP/1.1 (null)
27/02/2016:17:03:14 2a00:XXXX:: GET /CMD_SHOW_DOMAIN HTTP/1.1 (null)
27/02/2016:17:03:14 2a00:XXXX:: GET /apple-touch-icon-precomposed.png HTTP/1.1 (null)
27/02/2016:17:03:14 2a00:XXXX:: GET /apple-touch-icon.png HTTP/1.1 (null)
27/02/2016:17:03:14 2a00:XXXX:: GET /CMD_SHOW_DOMAIN HTTP/1.1 (null)
In this case, it looks like the user had multiple directadmin pages open in tabs, where tabs are saved after closing the browser.
After reopening the browser again (the login sessions are lost after time) the browser tries to reload everything triggering an IP block.
I can also reproduce this by reloading the directadmin page 10 times. (GET / requests)
(Maybe) an IP block should only be made after 10 POST requests.