This article can help in the right direction: http://tinyurl.com/3ax7u9 in combination with the accesslogs on where the client is actually heading when such app is being used.
Using the grep command from the CLI (command line interface, via ssh client), you can view a specific request from specific clients to troubleshoot why it was allowed, blocked, or which group it matched on.
Paste the response from the CLI and we can assist in analyzing the access logs.
1. Log into the CLI (via ssh client, putty)
2. Type in "grep" > (hit enter).
3. Select the accesslogs (usually 1) > (hit enter).
4. Type in specific client's ip address for the regular expression > (hit enter)
5. Leave all as default by hitting enter, type in "Y" for do you want to tail the accesslogs (allow to see current request).