Firewall crosscheck whitelist IPs?

Hola Jose,

This may be more of a Wishlist thing, but I'm submitting it to the Buglist forum since it may be a configuration setting I'm missing...

When a visitor does something that triggers any of the firewall filters and their IP address is added to the firewall log, does the firewall check with the whitelisted IPs before adding the record to the log? If not, I think it would be a good feature to add to SCP.

As you know, the attempts to crack into a site can be very numerous and I've found that often checking every single record in the log can be very time consuming. What I end up doing is viewing 100 records at a time, scrolling down quickly and looking for friendly usernames, and if none are seen, group select and add to blacklist. It is too time consuming to search for whitelisted IPs.

It would be very helpful and a real time saver if I could be sure that the firewall is checking with the whitelisted IP list first and if an IP is indeed whitelisted, it is NOT added to the firewall.

Does this feature exist, and if not, can you add it?

Thanks!

Thanks Jose,
This is a bit confusing. The most obvious priority settings would be to make the first priority: Dynamic Blacklist, second: Blacklist, and third: Whitelist. Though I think I might make it also Blacklist. In a firewall component, why would you ever set anything to whitelist anything automatically? In your opinion, is adding a feature so that the firewall automatically checks whitelisted IPs and does not add the attempt to the log, not a good idea?

Related to this topic, is there a setting in SCP which would display a message in the login panel that says "You have X number of login attempts left before you will be blocked."? And maybe also, after they are blocked, display another message which says "Please visit again after X minutes and try again."

Despite I added the OTP feature to avoid the blacklist securely, sometimes administrators are blocked and they can't access to the site. Imagine what happens when someone with low experience in Joomla is blocked... This is why I added the whitelist. They can list their IPs there so always can access to the site. Take note that ips are not added automatically: must be added by an administrator.

Yes, I understand the need for the whitelist. I was commenting on what you said about Priority where you could set the first priority to Whitelist, which means any offending IP would be whitelisted, which makes no sense to me. Unless I'm misunderstanding how your Priority system works.

Yes, it's a good idea. In fact, the first thing that the firewall checks is if the ip is in whitelist. In this case no action is taken.

This isn't the case for my sites. In my experience a record of a failed login or multiple concurrent logins (by Super Users) still appears in the firewall log, even though the user's IP exists in the Whitelist. Have I configured it incorrectly? By "no action taken" do you mean that even though a log record is created, the IP isn't blocked?

I usually visually scan for friendly usernames in the log, and if none exists, I group select and add to the blacklist. But that method will catch whitelisted IPs in the firewall log and blacklist them, too, which I don't want to do. I simply don't have time to scan for 8-10 whitelisted IPs each time I process the firewall log. So what I am asking is that if the IP is in the whitelist, that no log record be added at all.