Support

 Hello,

For URL:

en/network/registration/steps/3

which is really:

en/index.php?option=com_easysocial&view=registration&layout=steps&step=3

(en comes from using Falang language component)

I get a 403 for DFI shield.

When specifying a WAF exception using:

component: com_easysocial
view: registration
query: step

I still get a 403. In fact, if leave query blank, I still get a 403. The only way that seems to work is if leaving both view and query blank.

Am I configuring this wrong?

Jodan

You are doing it right.

The WAF Exception opens up your website security just a crack. In this case, this is required by your component, it is a necessary crack. The more parameters you give the WAF Exception, the smaller the crack is. But it may not be possible to get your extension working with just a small crack, it may need a bigger crack. For example, you may be using multiple views depending on how you enter the page, so a single view on the exception won't work. You can research the component and identify each separate view that requires an exception and set up an exception for each, or you can just leave the view blank, allowing all views for that component to use the exception.

We are not talking about leaving the back door open here. The exception is limited to that one component, so even without the view or query parameters, it is still a very small crack.