Dynmap when put behind a firewall with an IDS (in my case pfsense with Snort), the HTTP responses that dynmap sends to players can cause the IDS to think it's bad traffic, leading to people's IPs being temporarily blocked on the firewall.

In my case I'm using Pfsense (version: 2.4.4-RELEASE-p3) with the http_inspect rules enabled on Snort.
Snort identifies the traffic as: (http_inspect) JUNK LINE BEFORE HTTP RESPONSE HEADER

dymap version: core=3.0-beta-10-257, plugin=3.0-beta-10-257

Unsure if this affects it but I am also using https://dev.bukkit.org/projects/dynmap-essentials

Here is a screenshot from the firewall:

Note: the yellow X buttons are normally red, I added an exception to this rule as a temporary measure. Also the source IP is my Minecraft server and destination is players looking at the dynmap.

Going to close this as its not an issue with dynmap but your firewall. I recommend using an external webserver with dynmap to attempt to resolve this issue

Snort is enabled on the LAN interface. In the LAN Rules tab, the rule HI_SERVER_JUNK_LINE_BEFORE_RESP_HEADER is enabled under the preprocessor.rules category. This rule has the GID 120 and the SID 26.

Sadly that's the most information I can give right now. I may be able to get more when I have time.

In order to replicate the issue and fix it we will also need details of your pfsense config, specifically how the http_inspect feature is configured.