APF firewall is blocking one user..., although his IP is in allow list

ns1

Active Member
Aug 8, 2006
31
0
156
One user cannot access my websites, or server.
When I turn off firewall he can access websites.
When I turn it on he cannot.

I have added his IP, and entire IP range in allow_hosts.rules. At this moment allow_hosts.rules looks like this:
Allow_hosts.rules

Any help is appreciated.
 

JPC-Shaun

Well-Known Member
Oct 29, 2008
49
0
56
Hi;

First of all make sure that the IP is not blocked in the APF by using the following command:

grep IP /etc/apf/deny_hosts.rules

If this results in the presence of the ip then use this command to unblock the IP in the APF.

apf -u IP

The IP may be blocked on the Iptables. Use the following command to verify which Ips are currently blocked on the server in the IPtables .

/sbin/iptables --list -n | grep "DROP" | grep "all" | awk '{print$4}'

If the Ip is blocked on the iptables firewall then follow as below to delete the rule from the firewall.

iptables -L INPUT -n --line-numbers

You'll get the list of all blocked IPs . Look at the serial number on the left as a result of this command, then

iptables -D INPUT <<serial number here>>
 

ns1

Active Member
Aug 8, 2006
31
0
156
Thx Jaguar PC, but his IP is not blocked. Further more, his IP changes every 24h so in the past 2 weeks he would have been able to go through.
It has to be something else....
 

JPC-Shaun

Well-Known Member
Oct 29, 2008
49
0
56
Hi;

If you are sure that the IP is not blocked on the server firewall and all the other users are able to access the server then there might be some rule in the .htaccess that is blocking the web access for the particular user .

Also Make sure that all the necessary service ports are opened in the firewall and are able listen properly.
 

PDW

Well-Known Member
Dec 29, 2003
138
3
168
Check the cPHulk Brute Force Protection
section in security center as well. I am sure you may have looked there but I have made the mistake many times of going into APF first and not finding it and moving on.

Also, could be their own firewall or ISP - can he/she make it to any other sites on the server?
 

ns1

Active Member
Aug 8, 2006
31
0
156
I have checked Brute Force protection. It was disabled.

I have just found out that ISP is moving servers to a new location. Could this be the problem?