Contrib.social

Log filling up with User 1 IP addresse access denied

Open on Drupal.org β†’
Created on 11 September 2024, 2 months ago
Updated 13 September 2024, 2 months ago

Problem/Motivation: Access denied log showing User One IP address, and as Anonymous/not verified

(I just updated to Drupal V 10.3.4 ) Ever since a few Drupal versions back I have been noticing, in my access denied log, that my IP address is showing up (Logged in as User One). It is also showing that I am a Anonymous/not verified user. It does not seem to affect anything I am doing, it just shows up in the logs. There is no Development Logging and Errors. I have tired clearing cashes in Drupal and Server, as well as with my browser (FF). Using PHP 8.3.11

Although it doesn't affect anything that I am doing, I am worried since I have some Autoban rules set up for some access denied / Anonymous rules, and I am wondering if I might trigger a ban on my IP address.

I don't know if this is already a known/posted issue, or if it is something particular with my system (I am running 3 similar sites and they all have started showing this issue) There are a number of historical Access denied issues I have looked at, but have not come across anything current (with this version) or quite similar, as most deal with actually being denied access.

I wish I could provide more information, but this is a mystery to me. I don't even know where to start looking for more info.

Steps to reproduce: Unknown, I don't know why this is happening.

Proposed resolution: Unknown, I don't know why this is happening.

πŸ› Bug report
Status

Closed: works as designed

Version

10.3 ✨

Component
OtherΒ  β†’

Last updated about 6 hours ago

Created by

πŸ‡ΊπŸ‡ΈUnited States corE

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @corE
  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States corE
  • Status changed to Postponed: needs info 2 months ago
  • Comment 2 months ago β†’
    cilefen

    It's interesting.

    For a bug report we'll need some more technical info. Some examples of the log messages would be a good start, as would a list of modules enabled and their versions.

  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States corE

    Thank you cilefen. Here is the technical info you mentioned, below.

    I checked my advban log for my ip address, which I also have whitelisted, thinking this might be the issue (and it still might) but I couldn't find any addresses or ranges containing my address. I will restart my router later, to generate a different ip address, and see what happens. Do you think this might be where this is happening? Perhaps clearing out all my banned ip addresses? I seemed to notice this starting when I did a Drupal update a few versions back, but it could be something dumb I did and just haven't caught on yet (that happens 😳)

    These are all being triggered my me (User One) even after logging in.
    access denied Anonymous (not verified) Severity Warning

    ---------------------------------------->>
    Location: /admin/reports/dblog/event/252177

    Path: /admin/reports/dblog/event/252177. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'access site reports' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    ----------
    Location: /admin/reports/dblog?page=1

    Path: /admin/reports/dblog?page=1. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'access site reports' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    ----------
    Location: /admin/config/people/autoban/settings

    Path: /admin/config/people/autoban/settings. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'administer autoban' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    ----------
    Location: /admin/config/people/advban/edit/13159

    Path: /admin/config/people/advban/edit/13159. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'advanced ban IP addresses' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    ----------
    Location: /admin/reports/dblog

    Path: /admin/reports/dblog. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'access site reports' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    ----------
    Location: /admin/config/people/advban

    Path: /admin/config/people/advban. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'advanced ban IP addresses' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    ----------
    Location: /admin/reports/status

    Path: /admin/reports/status. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'administer site configuration' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).
    ----------
    Location: /admin/flush?token=F-A-kKzIuHwNWEDeXIIjXyCZG-3zjRY4WKL3Cgq385o

    Path: /admin/flush?token=F-A-kKzIuHwNWEDeXIIjXyCZG-3zjRY4WKL3Cgq385o. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: 'csrf_token' URL query argument is invalid. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    ----------
    Location: /core/authorize.php/?batch=1&id=1966&op=start

    authorize.php
    ----------
    Location: /admin

    Path: /admin. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'access administration pages' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    ----------------------------------------------------------------------------------

    Modules:

    Drupal core 10.3.4
    Address 2.0.2
    AddToAny Share Buttons 2.0.5
    Admin Toolbar 3.5.0
    Advanced ban 8.x-1.6
    Advanced Queue 8.x-1.2
    Antibot 2.0.4
    Automated Logout 2.0.0
    Automatic IP ban (Autoban) 8.x-1.10
    Back To Top 3.0.0
    CAPTCHA 2.0.6
    CAPTCHA Riddler 3.0.1
    Chaos Tool Suite (ctools) 4.1.0
    Checklist API 2.1.6
    Color Field 3.0.1
    Commerce Checkout Order Fields 8.x-1.2
    Commerce Core 8.x-2.40
    Commerce Email 8.x-1.6
    Commerce File 8.x-2.2
    Commerce License 3.0.1
    Commerce PayPal 8.x-1.8
    Commerce Product Limits 1.0.3
    Commerce Shipping 8.x-2.11
    Content-Security-Policy 2.1.0
    Copy Prevention 2.0.0-beta1
    CSS Editor 2.0.2
    Diff 2.0.0-beta2
    Drupal Symfony Mailer 1.5.0
    Entity API 8.x-1.5
    Entity Reference Revisions 8.x-1.12
    Entity Usage 8.x-2.0-beta14
    External Links 2.0.2
    Field Group 8.x-3.6
    File (Field) Paths 8.x-1.0-beta7
    File Delete (D8/D9) 2.0.0
    File Delete UI 1.0.0-beta3
    Flood control 2.3.4
    Frequently Asked Questions 8.x-1.2
    Google Analytics 4.0.2
    Honeypot 2.2.0
    Inline Entity Form 3.0.0-rc20
    Interval Field 8.x-1.14
    JS Cookie 1.0.1
    Libraries API 4.0.5
    Login Security 2.0.2
    Ludwig 2.0.7
    Metatag 2.0.2
    Paragraphs 8.x-1.18
    Password Policy 4.0.3
    Pathauto 8.x-1.13
    Physical Fields 8.x-1.4
    Profile 8.x-1.11
    Protected Forms 2.0.4
    Protected Pages 8.x-1.6
    Redirect 8.x-1.10
    Redirect 403 to User Login 2.2.2
    Reporting API 2.0.2
    Rules 4.0.0
    Schema.org Metatag 3.0.3
    Secure Login 8.x-1.16
    Security Kit 2.0.3
    Security Review 3.0.3
    SEO Checklist 5.2.1
    Simplenews 4.0.0
    Social Feed 2.0.0-beta2
    State Machine 8.x-1.12
    Token 8.x-1.15
    Typed Data API enhancements 2.1.0
    Views Infinite Scroll 2.0.3
    Webform 6.2.7
    XML sitemap 8.x-1.5
    Industrial Zymphonies Theme 3.0.3

  • Comment 2 months ago β†’
    cilefen

    There are no IP addresses shown above but IP addresses seem to be involved in this bug report, which I admit I don’t yet understand. Is the content of log messages the Core bug you are reporting, or is it the access denied?

  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States corE

    All the log entries are my IP address... I'm triggering the access denied log entries, even though I am User1 Administrator with full permissions - I just didn't include that for space/repetition. I'm not sure what I'm reporting yet, or what/why this is happening. So far, it is just the log that is filling up with these Access denied entries. I don't even know if it's a core issue, or module... or just something I'm doing. I'm going to try some things and see if I can find out what's going on. I'm not detecting that anybody else is having, or noticing, this , so it may just be me.

    All the entries have: in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of .../public/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

    I'm not sure how this technically works, or is a part of. Is this a clue?

  • Comment 2 months ago β†’
    cilefen

    Are you saying that you yourself are not intentionally visiting those pages? The more explanation I see the less I understand. Maybe you could break it down to the simplest possible narrative?

  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States corE

    No, that all looks like my activity in the logs, I believe I am causing the entries. However I am logged in as Administrator with full permissions and there is no part of the site that has been blocked to me. These things are just showing up in the logs. Other than these things showing up in the logs (for my activity), the site functions normally as does my access. I wouldn't even know anything was amiss if I didn't look at the logs. I guess I could ignore it, but I'm wondering if it's something that could cause a problem later, or there is some problem somewhere that needs to be addresses?? Or perhaps it is a bug with Drupal or a module. ???

    I'm entertaining a number of ideas, such as some kind of session corruption with my browser (firefox), or perhaps a setting somewhere, or a module... or maybe my IP address is in the ban block list, but because I'm whitelisted I am not blocked, but it still shows in the log??? scratching head here. I even ran this past AI and no resolution there, but some interesting areas to look. I'll try some things and post my results here.

    If you have any ideas I'd love to hear them. So far I seem to be the only one with this going on. Thanks!

  • Comment 2 months ago β†’
    cilefen

    Things to try: Obtain stack traces. Uninstall suspect modules until it stops.

  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States corE

    I'm not quite sure yet, but currently I'm exploring that there may have been a problem with my browsers session cookie cache. ?? I am using different browsers and I cleared the cache cookies and site data in Firefox to test. I'm trying to build up some log information to determine if this is the case.

  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States corE

    Hi cilefen; It is looking like there was a situation with a cached session cookie in my browser that was causing this, since I cleared the browser site data the logs have seemed to stopped - Something I didn't originally suspect. My apologies for the bug report, I thought it was with the Drupal system / version update that was amiss since it's timing correlated with what I started noticing. This post/report might cause confusion and can be taken down... is that something you do or something I do?

  • Status changed to Closed: works as designed 2 months ago
  • Comment 2 months ago β†’
    cilefen
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024