MOR - Blocked IPs
This page allows you to block IP addresses in the MOR's GUI.
Blocked IPs can be used from Admin account and from Accountant account with Monitoring permissions enabled. From Admin account, go to Security -> Blocked IPs to manage blocked IPs. An IP can be blocked by entering valid input values and by clicking the Block icon. The to-be-blocked IP must not be local or a current server IP. By clicking on the Unblock icon, an IP is unblocked. All the blocking/unblocking changes will be active in one minute after they have been applied. Country information (flag) can take up to one hour to appear.
When IP is blocked manually, the reason is: MOR-BLOCKED-IP-FROM-GUI. When IP is automatically blocked by MOR, the reason says: fail2ban-AST_CLI_Attack. Below you see an example of how it looks in the GUI:
Explanation of the values given in the Reason column can be found here. Reason "INPUT" means that IP was blocked manually by using these instructions: How to block someone's IP
Reasons why IP was not blocked:
IP is incorrect or blank
IP is already blocked for this server
Cannot block server IP
IP address is private
IP address is local
You can search blocked IP. Possible search by a single IP or for the range using wildcard %, like in the example.
Blocked IP format
It is possible to block IPs in such a format:
- Single IP, for example, 2.2.2.2
- Subnet in CIDR notation, for example, 2.2.2.0/24. Please note that CIDR notation will be automatically converted to the canonical format. For example, if you enter 2.2.2.1/24, it will be converted to 2.2.2.0/24. This is because 2.2.2.0/24 denotes the range 2.2.2.1 - 2.2.2.254, so any subnet from 2.2.2.1/24 to 2.2.2.254/24 means exactly the same range, and a canonical way to represent this is range is with 2.2.2.0/24
- IP range in format x.x.x-xx, for example 2.2.2.1-125. Please note that all IPs in the range will be blocked as separate IPs, so entering 2.2.2.1-125 would create 125 single IP entries. For this reason, we strongly recommend using subnets if possible.
