What should I do?

Nothing in the console. Network shows an ajax request that appears successful.

I'll need your IP address and SSH public key to do that. I'm wondering what "check the validity" is trying to do - my server has quite tight firewall rules.

I'm a bit nervous about this, but requested information:

Ah, silly me!

Broken in what way? What I see when visiting the site is and the problem is shown .

Neither the ipv4 nor the ipv6 addresses you quoted appear in the access log for the site.

Hmm. The site looks fine to me. But running tests from other locations suggests that Bunny CDN is not serving the images (and maybe not the CSS). This appears to be resolved if I turn off the CDN plugin, although you may be affected by cached data.

Bunny are looking at the site rendering problem. Your latest IP addresses should be enabled now. If you don't have fixed addresses, I'd recommend getting a hostname from e.g. dynu.com or setting up a VPN server.

OK, it should not do that. But I am in the middle of a lot of changes - partly forced by a hosting provider going out of business and partly on account of a decision to migrate from iptables to nftables. For the time being, I have removed the IP restriction on the administrator directory.

It certainly isn't possible to use arbitrary ports. You didn't respond to "I'm wondering what "check the validity" is trying to do - my server has quite tight firewall rules".

Certainly it is possible to telnet to regularlabs.com on port 443, for example.

I've never doubted that it was likely to be an issue with my site, but did not have enough information to sort out the reason. And you've hardly been informative about what your software is trying to do.

You can believe that it was the IP restriction if it makes you happy, but it seems unlikely. The block on the administrator directory (except for specific IP addresses) is server wide, and is implemented on all my servers using the exact same configuration. I have been able to activate your software on other sites on the same server (that are obviously subject to the same IP restriction).

Your access to my site used ipv6 and it is difficult for me to test that, since I do not have such an address myself. But it should have worked if the information you provided was correct. The Apache documentation states that Require ip can be used with either ipv4 or ipv6. The list of IP addresses is included in the rule that limits access, and Apache is reloaded if it changes. The list is currently as follows, and includes the last addresses you provided.



The rule itself is pretty simple:
<DirectoryMatch "^.*/administrator/">
Include /etc/apache2/common.d/selectedip
<FilesMatch "(.*\.ajax|.*\.html|.*\.css|.*\.js|index[0-9]?|restore)\.php$">
Include common.d/selectedip
</FilesMatch>
</DirectoryMatch>

I'm not really very happy with software that makes external connections that are not necessary for its actual functionality. Hardly conducive to robust security, especially for software from someone who does not reveal any real world contact details. And if you must make such connections, it would be sensible to use TLS on port 443, which is the least likely port to suffer blockages through the internet.