Support

Admin Tools

#10079 Paypal blocked (xssshield)

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 26 October 2011 08:42 CDT

Tuesday, 25 October 2011 15:12 CDT

Joel
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 1.5.24
PHP version: 5.2.17
MySQL version: 5.0.92
Host: (optional, but it helps us help you)
Admin Tools version: 2.1.10


Description of my issue:
Since a while my WAF config is:
- Enable Bad Behaviour filter: Yes
- Strict Mode: No
- White list IPs: 66.211.170.66

Today, 2 Paypal orders has been blocked by WAF with reason xssshield.
I've checked again my WAF config, removed 66.211.170.66 from Auto blocking IP and Security exception log but got same blocking few minutes after.

Attached Security Log Exception showing the problem.

White list avoid blocking due to bad behavior here we have a 'xssshield'.
Last order yesterday was Ok and I checked my website (diff between 2 backup), nothing has been change since several days.

I'll have to stop orders.
Please help!!!

Regards,

JoΓ«l VALLIER

Tuesday, 25 October 2011 17:17 CDT

nicholas
Just disable XSSShield from the WAF Configuration page. AS I've written many times, XSSShield and Bad Behaviour are two humongous overkills of a feature. They try to do too much, they are not really necessary and they do throw a lot of false positives. It's the downside of having to do heuristics. In all fairness, I have them turned off on my own sites and I haven't bumped into a problem. So, there you have it, just disable XSSShield in clear conscience.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 26 October 2011 00:57 CDT

Joel
Thanks for your prompt response.

In fact, I've removed a second time 66.211.170.66 but first from Security exception log and then from Auto blocking IP.
Few minutes later, the second blocked Paypal payment has been accepted and a few hours later the the first blocked Paypal payment has been accepted as well!!!

I could disable xssshield as you suggested but when I put 66.211.170.66 in the 'White list IPs' why your extension lets 'Bad behavior' pass through and block 'xssshield'???

Regards,

OopsTouch

Wednesday, 26 October 2011 08:42 CDT

nicholas
The IP whitelist applies only to the Bad Behaviour integration, that's why it is inside a panel which has to do with Bad Behaviour. It doesn't apply to any other protection provided by Admin Tools.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!