Yes, if you configure Incapsula and Admin Tools correctly :)
Please note that
per their blog post they act like a transparent proxy sitting in front of your server. As every transparent proxy they implement the web standard X-Forwarded-For HTTP header. This header tells the destination web server –the one that serves your Joomla! installation– what is the
real IP address of the visitor.
Why is that necessary? Incapsula works as a proxy sitting in front of your site. This means that visitors connect to Incapsula's server and then, if it decides to not block the request, it is Incapsula's server which accesses your web server. As a result the IP address your server sees is the IP address of Incapsula itself, not the actual user. When Incapsula lets a suspicious request go through and Admin Tools blocks it the IP address Admin Tools sees (actually: the IP address your web server sees and reports to PHP) is Incapsula's, not the visitor's, and that is what it will block. As I mentioned above, the solution is the X-Forwarded-For HTTP header.
Admin Tools does offer support for the X-Forwarded-For HTTP header but it's turned off by default. The reasoning is a bit complicated, but it suffices to say that if you enable it when you don't need it it is causing trouble. However, you
do need it and you
must enable it.
TL;DR - The solution
Go to Components, Admin Tools, Web Application Firewall, Configure WAF and click on Basic Protection Features. Set "Enable IP workarounds" to Yes and click on Save.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
