--- loncom/auth/lonroles.pm	2021/11/30 14:16:13	1.358
+++ loncom/auth/lonroles.pm	2021/11/30 15:55:40	1.359
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.358 2021/11/30 14:16:13 raeburn Exp $
+# $Id: lonroles.pm,v 1.359 2021/11/30 15:55:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -277,7 +277,8 @@ sub handler {
         $update = $then;
     }
 
-    my ($norolelist,$blocked_by_ip,$blocked_type,$blocked_ipaddr);
+    my ($norolelist,$blocked_by_ip,$blocked_type,$clientip);
+    $clientip = &Apache::lonnet::get_requestor_ip($r);
     if (($env{'request.course.id'}) && ($env{'request.deeplink.login'})) {
         my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
         my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
@@ -358,13 +359,12 @@ sub handler {
                         $ipaccessref = &Apache::lonnet::do_cache_new('ipaccess',$cdom,$domconfig{'ipaccess'},1800);
                     }
                     if (ref($ipaccessref) eq 'HASH') {
-                        my $remote_ip = &Apache::lonnet::get_requestor_ip();
                         foreach my $id (keys(%{$ipaccessref})) {
                             if (ref($ipaccessref->{$id}) eq 'HASH') {
                                 my $range = $ipaccessref->{$id}->{'ip'};
                                 if ($range) {
                                     my $type = 'exclude';
-                                    if (&Apache::lonnet::ip_match($remote_ip,$range)) {
+                                    if (&Apache::lonnet::ip_match($clientip,$range)) {
                                         $type = 'include';
                                     }
                                     if (ref($ipaccessref->{$id}->{'courses'}) eq 'HASH') {
@@ -386,9 +386,6 @@ sub handler {
                                 }
                             }
                         }
-                        unless ($showrole) {
-                            $blocked_ipaddr = $remote_ip;
-                        }
                     }
                 }
             }
@@ -783,7 +780,7 @@ ENDCLOSE
                         $r->rflush();
                         my ($msg,$blockcrit,$critmsg_check);
                         $critmsg_check = 1;
-                        $blockcrit = &Apache::loncommon::blocking_status('alert',$cnum,$cdom,undef,1);
+                        $blockcrit = &Apache::loncommon::blocking_status('alert',$clientip,$cnum,$cdom,undef,1);
                         if ($blockcrit) {
                             my $checkrole = "cm./$cdom/$cnum";
                             if ($csec ne '') {
@@ -1354,7 +1351,7 @@ ENDHEADER
             }
             $r->print('<h3><span class="LC_error">'.
                       &mt('The [_1] you selected is not available for access with a [_2] role from your current IP address: [_3].',
-                          lc($blocked_type),$blocked_role,$blocked_ipaddr).
+                          lc($blocked_type),$blocked_role,$clientip).
                       '</span></h3>');
         }
     }