I am not sure if you are actually reading my replies.
In my first reply I told you which features can be relevant to you:
If you’re using any feature which does a DNS resolution but your host’s DNS is slow that would do it. Project Honeypot is one, not blocking by domain name is another.
Another possibility is the DFIShield which tries to do loopback access to your own site to evaluate the URLs it catches as suspicious. Depending on the server configuration this might not be possible.
In my second reply I told you that you can disable these features in the Configure WAF page:
Yes, this is an option you will find in the Configure WAF page.
In my last reply I confirmed that saving anything in the component has nothing to do with the plugin, i.e. you can change setting in the Configure WAF page with the plugin disabled:
Saving anything in the component has nothing to do with the plugin.
To be crystal clear: you do NOT need to have the plugin enabled to configure Admin Tools' Web Application Firewall. The configuration takes place in the component, which has a few simple Joomla forms to manage the configuration data. The component does nothing more than handle configuration. You DO need the plugin to apply the Web Application Firewall. The plugin reads the configuration from the database, and has all the code which implements the actual Web Application Firewall login.
The component is the police chief. He handles policy, but does not patrol the streets. The plugin is the neighborhood cop. He reads the policy documents handed over by the police chief and patrols the streets. The police chief does not need to and WILL NOT confer with the neighborhood cop when setting policy; he only needs to confer with the city mayor (that's you). The neighborhood cop absolutely needs to be given the policy, because that's what he will be following when patrolling the streets. I hope that's a bit more clear.
No, let's put these things together. Here's what you need to do:
- Disable the System - Admin Tools plugin. That's what you have already done. Keep it that way.
- Change the configuration in the Component's Configure WAF page; You should disable both DFIShield and Project Honeypot.
At this point, your changes should save. If they are not saving and the server seems to hang you have proven that the problem is with the server (or CloudFlare) since Admin Tools web application firewall code does not run at this point (it's the plugin which implements the firewall, not the component).
If the changes saved just re-enable the plugin.
If it's still unclear, I believe that you very likely have two unrelated problems based on what you have described. Problem A is that maybe one of the features in Admin Tools makes your site slower. Problem B is that something on your server or CloudFlare configuration is very likely blocking the submission of the Configure WAF form.
I am trying to get you to do something which will prove or disprove problem B. If it exists, you will need to solve it with your host / CloudFlare as it's external to our code and we have no control over it.
When problem B is solved, or if it doesn't exist (maybe your description was inaccurate, or the problem submitting the form was happenstance), we are trying to solve problem A.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
