Access not allowed from this IP Address

I cannot login to my account from IP addresses other than my office IP address even though my user does not have any IP restrictions in place

Please help with this. It’s urgent. I’m now not even able to login from my office IP address. It just shows session expired.

Message
Access not allowed from this IP Address

Not quite sure if this helps , hope it will though.

Maybe you need to describe in detail for any one to help you with it.

Mostly it is fail2ban. If you’re using static ip and even if its a static ip it should start working after 10mins.

Speak to your network adminstrator. ERPNext won’t disallow access to the server by itself.

This problem has only started occurring after updating to v12. So I don’t believe it’s a network issue

This is the error in the JS console:

GET https://domain/website_script.js net::ERR_ABORTED 401 (UNAUTHORIZED)

POST https://domain/ 401 (UNAUTHORIZED)

Traceback (most recent call last):
File “/home/frappe/frappe-bench/apps/frappe/frappe/app.py”, line 52, in application
init_request(request)
File “/home/frappe/frappe-bench/apps/frappe/frappe/app.py”, line 117, in init_request
frappe.local.http_request = frappe.auth.HTTPRequest()
File “/home/frappe/frappe-bench/apps/frappe/frappe/auth.py”, line 51, in init
frappe.local.login_manager = LoginManager()
File “/home/frappe/frappe-bench/apps/frappe/frappe/auth.py”, line 113, in init
self.make_session(resume=True)
File “/home/frappe/frappe-bench/apps/frappe/frappe/auth.py”, line 188, in make_session
full_name=self.full_name, user_type=self.user_type)
File “/home/frappe/frappe-bench/apps/frappe/frappe/sessions.py”, line 197, in init
self.resume()
File “/home/frappe/frappe-bench/apps/frappe/frappe/sessions.py”, line 264, in resume
validate_ip_address(self.user)
File “/home/frappe/frappe-bench/apps/frappe/frappe/auth.py”, line 418, in validate_ip_address
frappe.throw(_(“Access not allowed from this IP Address”), frappe.AuthenticationError)
File “/home/frappe/frappe-bench/apps/frappe/frappe/init.py”, line 360, in throw
msgprint(msg, raise_exception=exc, title=title, indicator=‘red’)
File “/home/frappe/frappe-bench/apps/frappe/frappe/init.py”, line 346, in msgprint
_raise_exception()
File “/home/frappe/frappe-bench/apps/frappe/frappe/init.py”, line 315, in _raise_exception
raise raise_exception(msg)
frappe.exceptions.AuthenticationError: Access not allowed from this IP Address

Commenting the last line out in the following code fixes the issue for me:

1 Like

I am also getting the same issue with ERPNext v12. I have 80 users out of which I am using 2 users from my office. These two users have “restrict Ip ~” field set as blank while the other 78 users have two IPs set in their respective fields. While these 78 users are able to login from these IPs, my 2 users who don’t have any restriction are also not allowed to login from my office ID or mobile. I can login these two users from their IP though.

What is even more wierd is that it does not allow me to even see the website, maybe because i am logged into with my cache.

Now I can not even logout, it gives me the same error that I am not allowed to login with my IP here in my office.

The reports and evidence here suggest fail2ban is typically responsible.

To check that theory for yourself, disable fail2ban to see if your problem goes away?

Hey Clark,
I can’t un-install fail2ban coz I am using other applications on the same server and this is the production server. Thanks for the quick reply. I will check on another server maybe sometime later. For now I have removed the restricted IP from all the users.

Thanks

I think John is suggesting that you temporarily disable fail2ban so that you can check if that is contributing to the problem, not that you uninstall.

I’ll google how to disable and will surely give it a shot today itself.

sudo systemctl stop fail2ban

should work. Once you’ve tested, you can re-enable with

sudo systemctl start fail2ban

How do I disable fail2ban on my developer machine running macOS?

I don’t know macOS at all, but I think the launchctl or

sudo `which fail2ban-client` start

This info is available here

https://github.com/frappe/frappe/issues/9185