In fact the first time I noticed this is via the GUS plugin where the Ban was on but there were still hits showing from this IP. The embedding was done at the Gallery config level and not by installing a separate integration plugin so we are subject to what gallery provides as headers.
The wrapper provided by gallery includes this in the header
PHP Formatted Code case 'GeekLog':
** Display header and left blocks
COM_startBlock ('My Picture Gallery');
// echo COM_siteHeader();
which I though should take care of lib-common but I dont know enough.
Anyway, I have tweaked some register-global-check setting in gallery and will report if that made a difference. Meanwhile, any insights would be useful.