No, Apache is concerned too.
If you are trying to login on the GUI with a wrong password, you will get a log on apache and so, you could be banned as well.
You need to check if the IP of the server is in the Internet Zone (It shoud be by default).
Next, need to check if the network is not declared on a trusted zone for example; 192.168.0.0/24.
Also, check the service Web Management is on Local, and not on Internet. And why not UCP , HTTP Provisioning, HTTPS Provisioning, REST APPS too.