Admin Tools' Web Application Firewall (WAF) locked you out of your site

原文链接：https://www.akeebabackup.com/documentation/troubleshooter/atwafissues.html

Admin Tools' Web Application Firewall (WAF) locked you out of your site

The Web Application Firewall applies, by default, very strict security settings. This can cause you to be accidentally locked out of your own site.

The easiest way to work around this issue is using an FTP application or your hosting control panel's File Manager to rename a file.

Go inside the plugins/system/admintools/admintools directory on your site (on older versions of Admin Tools: plugins/system/admintools). You will see a file named main.php. Rename it to main-disable.php. This will turn disable the Web Application Firewall from executing and you can access your site's back-end again. After you have fixed the cause of your issue remember to rename main-disable.php back to main.php, otherwise your site will remain unprotected!

Now that you have access back to your site's control panel, let's fix the problem:

Automatically banned IP address

Go to Components, Admin Tools, Web Application Firewall and click the Exceptions Log button. Delete all records with your own IP address. Then, go back to Web Application Firewall and click on the Auto IP Blocking Administration button. Select the record showing your IP address and click on the Delete button to delete the block. Now you can rename main-disable.php back to main.php.

	Tip
	Don't know what your IP address is? Just visit whatismyipaddress.com to find out!

In order to prevent that problem from happening, you can add your IP address to either of our whitelists, as follows.

The first approach is to add your IP address to the Administrator IP Whitelist. Using this option will limit access to the administrator section of your site only to the IPs listed in the whitelist. We strongly recommend you to not use it unless you and all of your back-end users have static IP addresses. In all other cases you may get blocked out of your site. Go to Components, Admin Tools, Web Application Firewall and click the Administrator IP Whitelist button. Add your own IP address.

The second approach is to use the Safe IP List. All IPs in that list will not be automatically banned. In order to do that, go to Components, Admin Tools, Web Application Firewall and click on the WAF Configuration button. Inside the Auto-ban Repeat Offenders area find the Never block these IPs field. This is a comma-separated list. Add the IPs you want to never be automatically blocked separated by commas on that list.

Administrator IP white-listing

If you have enabled administrator IP white-listing, you have to make sure that your IP address is included in the white-list in order to be able to access your site. Go to Components, Admin Tools, Web Application Firewall and click the Administrator IP Whitelist button. Add your own IP address. Now you can rename main-disable.php back to main.php.

IP black-listing

If you have enabled IP black-listing, you have to make sure that your IP address is not included in the blacklist in order to be able to access your site. Go to Components, Admin Tools, Web Application Firewall and click the Site IP Blacklist button. Remove your own IP address. Now you can rename main-disable.php back to main.php.