Getting IP-based exclusions to work

Hi @codeispoetry Any of these definitions should work. Is there any chance you could check the database to double check the value is actually configured? It be a query like this but you’d probably need to adjust the table prefix wp_ depending on which blog within your network it affects:

select option_value from wp_matomo_option where option_name = 'SitesManager_ExcludedIpsGlobal'

> Also, it would be wonderful if there were a filter, or if exclusions did work retrospectively

It should be possible to achieve this by going to Admin -> Privacy -> GDPR tools. There you can segment by IP address and delete these visits.

I checked the db, and the option is indeed configured on all three sites.

Wow, I’m impressed by that GDPR tool. Deleting them worked like a charm. If I could add a star to my 5 star review of Matomo I would do it!

• This reply was modified 4 years, 5 months ago by Mark.

@codeispoetry thanks for checking. Regarding the excluded IPs: Any chance you could maybe add your own IP for a test? Note: While it might work within a minute, when network enabled it can take an hour or so to get this setting syncronized across all blogs. A click in Matomo -> Diagnostics -> Sync All Sites should sync it immediately though.

Note that you might be seeing the anonymised IP in the UI but it seems the exclusion is running on the original full IP which seems kind of bit like a fail as it maybe should run both on the full and anonymised IP. I’m thinking this might be the issue here.

I have in fact added my own IP, and that does seem to work. (Though few visits from it are tracked because I’m usually logged in and I exclude logged in accounts.)

I don’t suppose there is anything special about the two IPs I’m meaning to exclude, but I’m emailing you so that I don’t have to mention them here.

@codeispoetry thanks for sending us the email.

What is happening is that the user’s IP might be 35.99.10.10. But because IP anonymisation is enabled, you are only seeing 35.99.0.0. However, currently, the excluded IP is only compared to the original IP, not the full anonymised IP. That’s why it’s not working there.

To fix this you’d need to configure 35.99.*.* or try to find the actual IP eg in the server access logs.

I’ve created an issue here to improve this in the future: https://github.com/matomo-org/matomo/issues/new

Hope this helped.

BTW the correct link is https://github.com/matomo-org/matomo/issues/16094

Aha! That makes a lot of sense. I’ll try the broader exclusion rules and see whether that works.

Note: the UI still says “Global list of Excluded IPs”, which clashes with the message atop the page that the rules only apply to the local website. (But I understand you’re working on an overhaul of the settings system in relation to network activation anyway.)

The solution that would have prevented my support quesiotn would be to simply add a line to the text box next to the IP exclusions, conditional on whether IP anonymization is on:

You can use CIDR notation eg. 1.2.3.4/24 or you can use wildcards, eg. 1.2.3.* or 1.2.*.*. Note: Your IP anonymization settings mask the final byte of IP addresses. Use 1.2.3.* to capture IP’s you want to exclude.

or for 2 bytes:

You can use CIDR notation eg. 1.2.3.4/24 or you can use wildcards, eg. 1.2.3.* or 1.2.*.*. Note: Your IP anonymization settings mask the final two bytes of IP addresses. Use 1.2.*.* to capture IP ranges you want to exclude.

Thanks for the feedback @codeispoetry . Very helpful and appreciated.