+ Post New Thread
Results 1 to 12 of 12
Home Access Plus+ Thread, IP Address Banned?! in Projects:; Someone has just emailed me to say their IP address is banned from the booking system, and sure enough it ...
  1. #1

    Join Date
    Apr 2012
    Posts
    424
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    16

    IP Address Banned?!

    Someone has just emailed me to say their IP address is banned from the booking system, and sure enough it is! It has banned them for 30 minutes.

    Why would that be? And how can I sort it?

  2. #2

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,839
    Thank Post
    669
    Thanked 2,188 Times in 1,493 Posts
    Blog Entries
    19
    Rep Power
    900
    Bad login details?

  3. #3

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,691
    Thank Post
    43
    Thanked 560 Times in 468 Posts
    Rep Power
    124
    The system is now set to ban specific IP addresses if it detect abuse of the login box to try and get in. You can release the bans by recycling the HAP application pool

  4. #4

    Join Date
    Apr 2012
    Posts
    424
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    16
    This is causing issues, we have whole classes using this, and it appears to be blocking them at random, can I turn it off?

  5. #5
    mattgrimley's Avatar
    Join Date
    Jun 2011
    Location
    Bedfordshire
    Posts
    321
    Thank Post
    36
    Thanked 22 Times in 20 Posts
    Blog Entries
    1
    Rep Power
    11
    We have had the blocking stuff since release and not had a single issue with it (800 kids, 500 computers and 9 bookable suites only booked via HAP). It only blocks a user account for a limited time (20 mins i think) after several (4?) bad passwords attempts and represents the most basic level of "brute force" hacking protection.. (i.e. you dont want an internet facing server that a bot can just infinitely try random passwords on)

    If you are having issues, i wonder if something specific is broken for you.. Are you able to verify first-hand that it is blocking incorrectly? What are the specific circumstances that a block occurs? Are the connecting via the normal homepage or directly to the booking system? Is there anything going in the event log on the server and finally can you replicate it?

    Nick would be the person to advise on more detailed troubleshooting.. We use the web-log SQL functionality too and i know alot of stuff gets logged there (which can be handy for troubleshooting).

    Good luck in troubleshooting your problem.

  6. #6

    Join Date
    Apr 2012
    Posts
    424
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    16
    We don't have to look far I would imagine. Students getting passwords wrong is common

  7. #7
    mattgrimley's Avatar
    Join Date
    Jun 2011
    Location
    Bedfordshire
    Posts
    321
    Thank Post
    36
    Thanked 22 Times in 20 Posts
    Blog Entries
    1
    Rep Power
    11
    I sense brevity in your response.. but i was responding to your problem report:
    Quote Originally Posted by mattianuk View Post
    it appears to be blocking them at random
    However,
    Quote Originally Posted by mattianuk View Post
    We don't have to look far I would imagine. Students getting passwords wrong is common
    would be working as intended.

    I guess what you want should probably go into the feature requests.. and that would be granular control over the login watchdog rules. Not a bad request, especially if you have a younger user-base or if you are not using it over the Internet.

    Anyway,
    Weekend beckons.

  8. #8

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,691
    Thank Post
    43
    Thanked 560 Times in 468 Posts
    Rep Power
    124
    Hi both, v9 will have the ability to define an internal ip range, which will use kerberos for login (no username or password for IE, FF and Chrome will need a setting tweak), which should remove the logon prompt.

    v9 will also have MaxLogonAttempts attribute of AD in the hapConfig.xml file, so you can increase the logon attempts if needed

  9. #9

    Join Date
    Apr 2012
    Posts
    424
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    16
    Sounds brill nick.

  10. #10

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,691
    Thank Post
    43
    Thanked 560 Times in 468 Posts
    Rep Power
    124
    Unlimited logon attempts is not supported, nor is setting it to 0, just an FYI

  11. #11

    Join Date
    Apr 2012
    Posts
    424
    Thank Post
    39
    Thanked 35 Times in 28 Posts
    Rep Power
    16
    But if it no login is needed hopefully our younger users won't have this issue

    I say it's wrong passwords, but what are the rules of it locking people out ATM so I can verify?

  12. #12

    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,691
    Thank Post
    43
    Thanked 560 Times in 468 Posts
    Rep Power
    124
    If it can't log the user in after 4 attempts, either bad username or password.

    It also does it based on IP address and Browser, so if you have a reverse proxy server infront of the HAP+ server, the server will only see the proxy server's IP as the users address.

    So, here's the current logic

    if IPAddress is known AND Browser for that IPAddress is known AND the Attempts on those two is more than 4 THEN block for 20 minutes



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 7
    Last Post: 25th March 2009, 10:38 AM
  2. Centrinity FirstClass not working with DHCP IP Address?
    By CM786 in forum Wireless Networks
    Replies: 4
    Last Post: 14th December 2006, 07:14 PM
  3. Broadband connection: RBC NAT versus Public IP addresses
    By NetworkGeezer in forum Wireless Networks
    Replies: 23
    Last Post: 1st December 2006, 10:34 AM
  4. Replies: 9
    Last Post: 10th October 2006, 11:53 AM
  5. Ping an IP address and log results
    By mrforgetful in forum Wireless Networks
    Replies: 13
    Last Post: 8th July 2006, 11:03 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •