Security and privacy

IP Blocker - help

 
This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.
Picture of Paul Baumeister
IP Blocker - help
 

I have been having issues with our office not being able to go to our moodle website. I know it is not our router because at the modem it does not work before it gets to the router.

So, I looked up my IP address and added it to the IP Addresses Allowed list in the Administration=>Security=>IP Blocker.

So, now I cannot access the website from any other IP address. The one that I inputed in the IP Address Allowed will not work since it was already blocked somehow.

So HELP. I cannot remove the IP Address since I cannot go to the website from any IP address. Do I have to change the setting from my database? How do I do that?

When I go there it says, "This site is not available currently." my site is online.apostolicschooloftheology.org

 

 

 
Average of ratings: -
Picture of Ken Task
Re: IP Blocker - help
Group Particularly helpful Moodlers

In your config.php file for the site, add:

$CFG-> blockedip = "";

meaning none are blocked.

If there are any IP addresses in mdl_config table for 'allowip' remove them.  This variable allows ONLY those IP addresses.  A blank value for same opens site up to all IP's:

$CFG-> allowedip = "";

Such lines in config.php override database.

Using any DB tool you have ... phpmyadmin or webmin's MySQL tool or command line mysql, edit the mdl_config table looking for the values shown above. 

Once those edits are made in mdl_config table, one can comment out the lines in the config.php file adding by // in front of them.  Suggest commenting out in-case you don't get it right the next time.  Easy to edit and un-comment to be able to get back in then. ;)

'spirit of sharing', Ken

 

 
Average of ratings: Useful (3)
Picture of Paul Baumeister
Re: IP Blocker - help
 

Thanks. That did it.

 
Average of ratings: -
Picture of Greg Padberg
Re: IP Blocker - help
 

I think the IP Blocker page on Moodle needs some enhancement / improvements.

I had added about 14 CIDR networks to the blocked IP list previously and this seemed to work OK (prevented new Moodle accounts from being created by spammers).

Upon investigating why another school district could not seem to access our Moodle server through a parent-child proxy server configuration, I added the RFC1918 private address space to the addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to the Allowed IP List, without realizing that any addresses outside of those specified would be blocked from accessing Moodle.  I locked myself out of the server from home, and had to drive back to the office late at night to fix my mistake!

There should be some warning on the Moodle IP Blocker page to indicate this, as there minimal instructions to be found on the IP Blocker page.

 
Average of ratings: Useful (1)
Picture of Greg Padberg
Re: IP Blocker - help
 

This should help others better understand the IP Blocker, I expect to submit the following into the Moodle Docs some time this week after confirming that our issues have been resolved (having learned a few lessons the hard way):

Be aware that with any entries in the Allowed IP List, the effect is to allow ONLY those IP addresses and block all others. Exercise care with this setting, as it is possible to lock yourself out of Moodle.

If there are entries present in the Blocked IP List, any hosts for which Moodle cannot determine the IP address will be blocked by default. For example, hosts that are behind a web proxy server which does not pass the HTTP headers containing the remote IP address information. In this case Moodle cannot determine the host's IP address with which to compare against the Blocked IP List, so the host is blocked by default. A suggested workaround may be to change the Logged IP address source (getremoteaddrconf setting within Site administration > Server > HTTP > Reverse Proxy) from the default to "REMOTE_ADDR" which will log the IP address of the proxy server instead of the host behind it.

 
Average of ratings: Useful (1)
Picture of angel locsin
Re: IP Blocker - help
 

I have a problem regarding IP BLocker, I've checked it on Linux and its working properly. But on moodle on Windows server the ip's i inputted on the block list is not blocking, meaning the IP indicated there can still access the site.


Please help .. anyone ... thanks

 
Average of ratings: -
Picture of Benjamin Waller
Re: IP Blocker - help
 

Hi Ken,


I have the same issue. But after following your steps I still can't get access to my site!!!!! 

I have removed the ip addresses from the mdl_config table however that didn't work. And also when I added the: $CFG-> blockedip = ""; to the config.php file it didn't upblock those ip addresses !!


PLEASE help.

Regards,

Ben Waller

 
Average of ratings: -
Picture of Benjamin Waller
Re: IP Blocker - help
 

UPDATE: 

It seems that I can only get access to the site now when I leave the ($CFG-> allowedip = "";)  line in the config.php file?

So is it safe to leave it there?


Cheers,

Ben

 
Average of ratings: -
Picture of Ken Task
Re: IP Blocker - help
Group Particularly helpful Moodlers

"Such lines in config.php override database." from a previous response in this thread.

Changing them gets to be tricky ... but try this ...

Navigate to the page where you could change those variables via the Moodle Admin interface.  But don't change/edit just yet.

Then comment out the lines in config.php file.

Back to browser and hit refresh ... we are still on the page setting up/changing blocked ips etc. ... it should allow you to edit now (fingers crossed).

If it doesn't ... then put  config.php file back the way it was  ... then to Plan Z ... for which I have no plan! :\

'spirit of sharing', Ken


 
Average of ratings: Useful (1)
Picture of Benjamin Waller
Re: IP Blocker - help
 

Thanks Ken,

I am going to hold my breath and try your suggestion over the weekend when not much traffic to the site.

I'll keep you informed.

Cheers,

Ben

 
Average of ratings: -
Picture of Benjamin Waller
Re: IP Blocker - help
 

Hello Ken,

Well, that worked Ken! maybe with crossed fingers it magically work! This time I was able to comment out this ($CFG-> allowedip = "";)  line in the config.php file but was still able to get access to the site. smile , so far so good. 

Actually, was getting some odd behaviour with that line overriding database because I was seeing some text being injected into text field boxes when on various admin pages. 

Also I had a user who couldn't login this morning and he got the following error message:  getting invalid User ID/PWD message – also when trying to  “reset ID/PWD” But strangely when I went in to edit his password, it was blank! So his password was empty! I don't know how!!  So maybe the override was causing these issues, I'm hoping anyway and it should be resolved now since I have successfully commented out that line of code!!

Thanks so much Ken for helping with this one!!! Much appreciated! You're a champ.


Cheers,

Ben

 
Average of ratings: -
Picture of Ken Task
Re: IP Blocker - help
Group Particularly helpful Moodlers

Glad you got that sorted.

'text injected' doesn't sound good.   Has that stopped now that blocked/allowed IP address thing back to the DB?   If not what does 'text injected' look like?

Couldn't tell ya anything about blank password.

'spirit of sharing', Ken

 
Average of ratings: -
Picture of Benjamin Waller
Re: IP Blocker - help
 

Ken,

It's was the password I have set up for cron to get remote access is being injected into other password fields!!!!

So it is still an issue: That user who couldn't log in and I changed his password now when I when back into is account to check, strangely the password for my cron remote access is now his password,  how do you figure that?

Should I just remove the cron password for remote access temporarily? 

So it like that password is now being injected into other password fields when I open to edit!!!!! Gosh, scary!!! But it only seems to do that when I go into edit the user's account! Why I say that is that after changing that user's password back to what it was, I can login into his account!! So it is saving it to the database but as soon as I go to edit, is when it happens..


Any ideas?


Ben



 

 
Average of ratings: -
Picture of Ken Task
Re: IP Blocker - help
Group Particularly helpful Moodlers

Sounds like a browser issue.   Does that behavior exhibit itself with all browsers on your workstation system?

Shouldn't .... as browsers (like FireFox and Safari) don't share logins/password, etc. in profiles unless told to do so.   Same goes for IE/other.

I wouldn't make the cron password the same as the users password ... just in case.

'spirit of sharing', Ken

 
Average of ratings: -
Picture of Benjamin Waller
Re: IP Blocker - help
 

Hi Ken,


Taken a few weeks to get back to you. But I think you were right and it was just a browser thing..it isn't happening now so all is good smile

Thanks again for taking the time to support me and people here.

Much appreciated!


Ben

 
Average of ratings: -
Picture of Ken Task
Re: IP Blocker - help
Group Particularly helpful Moodlers

Welcome!  Am for people everywhere! ;)

'spirit of sharing', Ken

 
Average of ratings: -
Ernani Freire
Re: IP Blocker - help
 

You saved my life!!!

Thank you.

 
Average of ratings: -