Support

Hi,
I've got some issues with admin tools blocking some Hikashop checkout activity.
Reason "Login failure" Target URL "https://mywebsite.com/panier/checkout/submitblock?tmpl=raw"

"tmpl=raw" is in the list of allowed templates (see attachment)

I've tried to add a WAF exception but I don't really know what to do here (yes I've read the doc but… - see attachment)

The checkout works for the majority of customers but there is a small minority who triggers this blocking, I don't understand why.
I'm almost (!) sure this is legitimate behaviour.

Any idea ?
Thanks
Marc

Hi, I should have tested more thoroughly before but I've been blinded by the unusual form of the url blocked.
I've tested when connected through a vpn so I could test in the public side and see, with my regular IP, what is logged in AdminTools in real time.

The result is that AdminTools blocks users for "login failure" when user exceed what is set in the WAF Auto Ban, so it's just normal behaviour.

The thing is:
- when the connexion is done in the Hikashop's checkout page the url logged by AdminTools is "https://mywebsite.com/panier/checkout/submitblock?tmpl=raw" (without username logged)
- when the connexion is done in the regular joomla login form, the url logged by AdminTools is the standard one "https://mywebsite.com/component/users/?task=user.login&Itemid=101" (with the username logged too, ex. "Username: sfdgsfdgfsdio")

So, sorry, it's just standard behaviour from AdminTools and Hikashop.
I've relaxed the auto-ban rules a little bit and it should do it.

And now we know…

Regards
Marc