I see that this questions has been asked many times but I cannot solve it myself.
It only happens when I try to log in from the wifi at home. Then I see it tries to log in, then the screen is refreshed and I have to try to log in again. And when I try to do that then I get this message.
Then I usually turn my wifi off, turn the hotspot on my telephone, connect to this hotspot and log in.
I try to find if my IP from my home is on on the black list but there is nothing there.
I can find my try to log in and put this IP in the white list but this doesn't help.
The user session protection checks if you are logged twice with the same account and then close both sessions. Also the latest version added an improvement in the 'session hijack protection' feature that checked if your IP and/or user-agent change during an active session. By default now is triggered if any of those parameters change. Both features should write a log.
To avoid cases like yours you can:
- whitelist your IP OR ip range. This can be done from Waf configuration -> Lists. This way you never be banned.
- enable a 2fa and use the OTP feature:
This way you can circunvent the blocking increasing also general security.
- configure the 'session hijack protection' feature to be launched if the IP AND user-agent change.
- disable the user session protection.
You can choose any or more than one options above.