Blocking IP Addresses still allows users onto website

the extension /Login?Reason=7 is still available to blocked users, so they can attempt to log in via a local user or SSO. This is a borderline vulnerability to me as it should block them completely. 

Either allow to remove the LOCAL buttons,username, and password fields and/or when you say block, it actually blocks them completely from viewing the website