If you have access to the Web.config, then I'm guessing you have access to the full site. I'm further guessing that the IP limitation is hard-coded although I suppose it could be in a firewall somewhere.
Can you do a search? Do you know an IP address from which access is not blocked? Could you do a search through file contents for that IP, or maybe even just the first set of numbers? You could also try searching for Request.UserHostAddress or any of the other ways a user's IP is accessed on the back end.
Can you tell where the error is coming from? Is it branded in any way? Does the HTML response have any clues? Are they denied access outright, or can they get to the login screen, but no further?
Do you happen to know what version of Umbraco they are running?
If you cannot login to the backoffice you can find out by looking at the product version of the Umbraco.core.dll file.
In web.config what is useLegacyEncoding set to? Is it true or false?
In web.config again is the UsersMembershipProvider set to a type of: Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco
If UsersMembershipProvider isn't set to that it means they've written their own implementation and they could have code in blocks there.
If userLegacyEncoding is true, you could reset the primary admin account's password so you can log into it via the database. It may be a case that the primary admin doesn't have the same IP block.
I did create a new users and add them to the same membership/organisation and was able to log in fine from our public IP here - so it sounds like there is an explicit block.
In
websitehostname\App_Data\umbraco.config
I've found references to
However this makes no sense since our public IP is not contained and works fine.
Perhaps this is a plugin or a custom implementation to prevent a brute force attack. Maybe someone at the customer's site forgot their password and repeatedly tried to log in? Normally that would just block the one user, but just wanted to mention that possibility. You could poke around in the user tables in the database to see if anything stands out there.
In a different vein, is it possible the old support company is doing something ornery here and has purposefully added block? Do they still have access to the system in any capacity?
I realised that this site is network load balanced.
Logged onto the secondary webserver and checked this file, three entries for the IP addresses that the customer uses were missing.
Made sure the config file matched the primary server - restarted IIS on both servers and voila! All resolved.
Thanks for your prompt responses guys, very much appreciated.
Good find. Just so you know, umbraco.config is a file generated from the database and would normally be refreshed on each server instance within a load balanced environment. So there might still be something wrong with the setup.
You are not allowed to access this system from this IP address
Good evening,
I work for a Managed Service Provider who has quite recently taken on a new customer.
They are using Umbraco as their helpdesk solution.
Unfortunately the previous support company has not given any handover what so ever with regards to the operation and troubleshooting.
One of their sites is receiving the aforementioned message when trying to log in.
I've browsed a few topics here, and can find no blacklist/whitelist in the Web.Config nor has this been blocked at the IIS level.
Any assistance would be greatly appreciated.
Many thanks,
Tom
If you have access to the Web.config, then I'm guessing you have access to the full site. I'm further guessing that the IP limitation is hard-coded although I suppose it could be in a firewall somewhere.
Can you do a search? Do you know an IP address from which access is not blocked? Could you do a search through file contents for that IP, or maybe even just the first set of numbers? You could also try searching for Request.UserHostAddress or any of the other ways a user's IP is accessed on the back end.
For back end Access, I only have Editor Access. (The customer doesn’t appear to have proper admin access).
I’ve queried the SQL dB that it sits on, and nothing in there points to it being blocked.
Accessible from every public IP address that I’ve attempted to log in from.
Also did a file search to ensure it wasn’t hard coded into any of the configs, no luck!
Weirdly this has been working fine until a couple of days ago; since my team has no knowledge of this system, it’s unlikely we’ve made any changes!
That sounds like a tough nut to crack.
Can you tell where the error is coming from? Is it branded in any way? Does the HTML response have any clues? Are they denied access outright, or can they get to the login screen, but no further?
They can access the landing page, the denial only shows after entering their credentials.
It allows them that fair.
The page is company branded other than that, but the error is just text which is embedded in the page above the login boxes.
Hi Tom,
Do you happen to know what version of Umbraco they are running? If you cannot login to the backoffice you can find out by looking at the product version of the Umbraco.core.dll file.
Thanks,
Nik
Hi Nik: 7.2.6 assembly: 1.0.5632.22681
Okay, so a couple more questions:
useLegacyEncodingset to? Is it true or false?UsersMembershipProviderset to a type of:Umbraco.Web.Security.Providers.UsersMembershipProvider, UmbracoIf
UsersMembershipProviderisn't set to that it means they've written their own implementation and they could have code in blocks there.If
userLegacyEncodingis true, you could reset the primary admin account's password so you can log into it via the database. It may be a case that the primary admin doesn't have the same IP block.Hi Nik,
UseLegacyEncoding = true "UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" passwordFormat="Hashed"
I did create a new users and add them to the same membership/organisation and was able to log in fine from our public IP here - so it sounds like there is an explicit block.
In websitehostname\App_Data\umbraco.config I've found references to
However this makes no sense since our public IP is not contained and works fine.
I've just had a thought..
They're using NLB for this site - checked that umbraco.config file and the IP addresses stated for this specific site aren't on the PRD2 webserver.
Added this, restarted the IIS.
Fingers crossed it might work now, just asking them to test.
It does sound like a customization. Plugins for login screens exist, but I don't know of any that support IP white/black listing.
Like George suggests you might want to do a full text search at the website root for code that is verifying the visitor's IP address.
With search terms like:
A couple of other thoughts...
Perhaps this is a plugin or a custom implementation to prevent a brute force attack. Maybe someone at the customer's site forgot their password and repeatedly tried to log in? Normally that would just block the one user, but just wanted to mention that possibility. You could poke around in the user tables in the database to see if anything stands out there.
In a different vein, is it possible the old support company is doing something ornery here and has purposefully added block? Do they still have access to the system in any capacity?
After a stroke of genius, I managed to find references to their allowed IP addresses in websiteroot\APP_Data\Umbraco.config
I realised that this site is network load balanced. Logged onto the secondary webserver and checked this file, three entries for the IP addresses that the customer uses were missing.
Made sure the config file matched the primary server - restarted IIS on both servers and voila! All resolved.
Thanks for your prompt responses guys, very much appreciated.
Good find. Just so you know, umbraco.config is a file generated from the database and would normally be refreshed on each server instance within a load balanced environment. So there might still be something wrong with the setup.
Come to think of it, I did see some logs which pointed to some kind of replication issue.
Thanks for the pointer.
is working on a reply...