Support

 Hello there,
I have a serious problem regarding the virtuemart cart. ! Actually i cannot add any item to the cart cause the WAF thinks that are XSSShield exceptions and blacklists the ip !
I am giving you some data from the exception log file of the WAF attached....
The solution you propose with the Allow Site Template does not do any difference at all ! It keeps blacklisting the user for no reason
Please the same issue in two different sites with the same eshop/joomla versions !

Admin Tools can not blacklist an IP address "for no reason." My guess would be that you cleared the blocked IP addresses but did not clear those IP addresses in the Security Exceptions Log. That would mean that the exceptions are already in the log file and the IPs are being blocked for old exceptions. You have to clear both files.

Your post implies that you fixed the problem of ongoing XSS exceptions. That does not sound right by changing a template setting. I think you will need a WAF exception for Virtuemart to stop the XSS exceptions.

Sorry but i am new to Admin Tools ! I did not fix it....That is why i am here !

I will try clearing both fles and come back to you for more ! You said:"I think you will need a WAF exception for Virtuemart to stop the XSS exceptions." How can i do that ?

After clearing both files it keeps creating exceptions for the cart add action !
I will try the WAF EXception when you tell me how to do it !

Your exception is, in part:

?option=com_virtuemart&nosef=1&view=cart

Under Web Application Firewall, WAF Exceptions, New, The Component is com_virtuemart and the view is cart.

Thanks a lot for the effort to help me ...

Well i got the logic you mention but i have enabled SEF in my site so all my urls are like index.php/books/σπανιαβιβλια10800/9788888890531-detail...

Then how should i type the view and Query Parameter ?

I took the information from the Security Exceptions log that you posted. That should have the information in it that you need to set up the exception. The line in the log file is what Admin Tools is seeing, that should be what you need.

aha ! I understood ..No matter how it looks in the browser the Security Log shows how it looks inside the Security Log !

OK Then let's try it ! Let me come back for the outcome !

Right! :-)

Hello there again !

After doing what you proposed it seems that it works fine... So the issue is fixed !

Thanks again for the quick and accurate support.. You solved me the problem...

You are welcome!