Support

Admin Tools

#31728 Recommendation for language improvement in IP Blocking tute

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Tuesday, 08 October 2019 17:17 CDT

DCS
[url=https://www.akeebabackup.com/news/1661-bulk-ip-blocking-is-bad-for-your-site.html]

This is a good article.

This is how I understand it: In WAF Configuration,

1 - enable IP blocking of repeat offenders and use something similar to 3, 3, 15 to block IP for 15 minutes if 3 attacks in 3 minutes.

2 - disable IP blocking of persistent offenders.

3 - Get a HoneyPot key and enable HoneyPot HTTP:BL filtering

Question #1 - can you comment on how much HoneyPot may impact pageload speed?

Issue #2: This is how I understand the 6th paragraph about IP Workarounds: your recommendation is to disable IP Workarounds, which will tell Admin Tools to ignore the X-Forwarded-For header, which will then Not allow the attacker to spoof his address.

Question #2 - Is that the correct understanding?

I think you might be able to improve the language of the article slightly, because when I read it, this item was not clear to me. In fact, I won't be sure until I receive your answer.

Issue#3 - hover-tip for IP Workarounds. It seems clear to me that IP Workarounds should be enabled if the user's server is behind reverse proxy, cache, or CDN.
However, the remainder of the tip says this: "If you are unsure, look below: Admin Tools will ask your browser to detect the recommended setting for this option."

I don't see that feature, and don't understand how to find it and use it.

Thanks.

nicholas
Akeeba Staff
Manager
1. It depends on your server. It's a simple DNS lookup. Typically, the first lookup for an IP takes ~150 msec and from then onwards it's cached locally on your server and takes negligible time (less than 0.01 msec). If your server is misconfigured then every visit would incur the ~150 msec time penalty.

2. Correct.

3. You only need to enable the workarounds if and only if your server is behind a reverse proxy or cache or CDN which sets the X-Forwarded-For or equivalent HTTP header. If that's the case Admin Tools will try to detect that and notify you.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!