Support

No, you can't get a gateway timeout from that. These entries are not loaded all at once in memory. We only insert records in those tables and then query the count of rows matching certain criteria when a security exception occurs. Most likely you tried accessing the Admin Tools' Security Exceptions Log page having set up Joomla's default list limit to 100 or more items in which case it is trying to load lots of records at once and you may indeed run out of memory (which causes a PHP error which causes the gateway timeout). The correct solution is using a smaller default list limit. 20 or 50 is a safe number and, frankly, anything more than that is not even practical to begin with.

I would recommend doing an IP auto-block with a bit more relaxed settings: auto-block after 3 security exceptions in 1 minute and block them for 15 minutes.

Regarding repeat offenders, I am against blacklisting IPs. This is a feature other clients have asked for. I would recommend disabling it.

Also edit the System - Admin Tools plugin configuration and set it to keep at most 200 entries. These are enough to auto-ban IPs automatically and temporarily using the parameters I explained.

Regarding whether you need the request filtering options, yes, you do need them. That's the entire point of Admin Tools, protecting you from malicious requests.

The performance implications are negligible. A successful requests gets delayed by approximately 0.1 seconds when all Admin Tools web application firewall features are turned on. A blocked request uses up even less resources than a full page load since it gets blocked very early in the lifetime of Joomla (the earliest event possible, onAfterIntialise), before any components or modules have been loaded.