This is a good article.
This is how I understand it: In WAF Configuration,
1 - enable IP blocking of repeat offenders and use something similar to 3, 3, 15 to block IP for 15 minutes if 3 attacks in 3 minutes.
2 - disable IP blocking of persistent offenders.
3 - Get a HoneyPot key and enable HoneyPot HTTP:BL filtering
Question #1 - can you comment on how much HoneyPot may impact pageload speed?
Issue #2: This is how I understand the 6th paragraph about IP Workarounds: your recommendation is to disable IP Workarounds, which will tell Admin Tools to ignore the X-Forwarded-For header, which will then Not allow the attacker to spoof his address.
Question #2 - Is that the correct understanding?
I think you might be able to improve the language of the article slightly, because when I read it, this item was not clear to me. In fact, I won't be sure until I receive your answer.
Issue#3 - hover-tip for IP Workarounds. It seems clear to me that IP Workarounds should be enabled if the user's server is behind reverse proxy, cache, or CDN.
However, the remainder of the tip says this: "If you are unsure, look below: Admin Tools will ask your browser to detect the recommended setting for this option."
I don't see that feature, and don't understand how to find it and use it.
|Joomla! version (in x.y.z format)||3.9.11|
|PHP version (in x.y.z format)||7.2|
|Admin Tools version (x.y.z format)||5.3.3|