AIOS dashboard redirects to 127.0.0.1 (brute force prevention issue?)

Hi @nerdynel17,

Here the Dashboard sub links means the “Locked IP addresses”, “Permanent Blocklist” etc not accessible.

Do you have any cache plugin installed. If yes please try diable it.

Only dashbaord links / pages redirect to127.0.0.1 is not the general case.

Regards

• This reply was modified 10 months ago by hjogiupdraftplus.

Yes, I have a caching plugin. I cleared all browsing history and cookies, then cleared my cache via the caching plugin, then disabled and reenabled brute force. This appears to have worked. I’ve regained access to the AIOS dashboard and I’m not locked out of admin (for now), so I’ll mark this resolved. I’ve had occasional issues with 127.0.0.1 redirects in the past, so I’ll continue checking for this issue.

Hi @nerdynel17

Please try disable below settings if any cronjob running locally and do have blank http headers with post request might be blocking your load balancer.

WP Security > Firewall > Internet bots ban – Blank HTTP headers Ban POST requests that have a blank user-agent and referer

It might be the your IP blocked due to it migth be the pages start to redirect to 127.0.0.1 during local cronjob run which purge cache and local try when create new cache it is redirecting to 127.0.0.1

Let me know if still the issue persists.

Regards

Hi:

I’m reopening this topic because I’m having the same issue with cookie-based brute force prevention and 127.0.0.1 again. I can work around it by disabling cookie-based brute force via the constant, clearing my cookies and browsing history, then accessing my admin and reenabling cookie-based brute force. However, I have to do this every few days and for obvious reasons it’s not optimal. (For full disclosure, my host changed servers from Apache to Nginx in October of last year.)

For the record, I currently have the “Ban POST requests that have a blank user-agent and referer” setting disabled.

In one of the other topics, I saw that you’re working on a fix related to cookies and Nginx; would this fix also fix issues with cookie-based brute force prevention?

Hi @nerdynel17,

The recently identified issue with cookie-based brute force is regarding salt postfix, not the ban post requests that have blank user agents.

Do you have salt postfix feature on ? WP security > User security >Salt tab have it or any other salt-related plugin? please cross check and let me know.

Hi: yes, I have the salt postfix feature enabled. Should I disable it until the fix is released?

Hi,

Yes please disable salt postfix until the fix is released.

Regards

Got it, thanks!

Hi @nerdynel17

Keep me posted disabling the?salt postfix solved issue or not.

As the fix is ready I will also update you.

Regards?

Hi @nerdynel17

The recently identified issue of cookie-based brute force with salt postfix feture is being worked on and The upcoming release will have it solved.