18.1.1 IPS still blocking access to joomla admin panel (SOLVED)

[elektroinside]

@Dzioobasek:

Apply the patch (via putty for example), restart your OPNsense just to be sure, then access the Joomla login page.
If blocked, go to your alerts and verify the results.

It has to be there, with the patch, IPS will alert you for all blocked packets (without it, it does for just a few). So if you don't apply it, you might miss the offending rule.

[Dzioobasek]

@Dzioobasek:

Apply the patch (via putty for example), restart your OPNsense just to be sure, then access the Joomla login page.
If blocked, go to your alerts and verify the results.

Buddy im noob :) I mosty wait for official updates :P Anyway after 18.1.2 I have all rules enabled and updated and its not blocking my joomla admin panel :)
Great work guys.

PS
Does opnsense has any bandwitch controller enabled by default? I have plugged few clients to opnsense and now instead 100mbps i have 40mbps on speedtest.net. When i was only connected client it was running at full speed

[elektroinside]

Let's find the cause by finding the trigger first:
1. Temporarily disable just the IPS -> speedtest at least twice
2. Temporarily disable IDS entirely -> speedtest at least twice
3. Enable them -> speedtest at least twice

Please report back your findings.

P.S. Remember:  do not enable "promiscuous mode"

[Dzioobasek]

God im so lame :P
I forgot i was switching gateways when i was accesing joomla and forgot to switch back to opnsense. Now its at full speed again.
Tho it started blocking panel access again but alert are displayed correctly now and i have found rule which was responsible - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
All working like a charm now, thank you guys!

[elektroinside]

Awesome :)
You're welcome!