Menu

Topic-icon Mobile registration blocked when Web Firewall active (JRealtime Analytics)

  • interstorm
  • interstorm's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
1 month 5 days ago #8422 by interstorm
Hello -- first off, thank you very much for an outstanding Joomla extension -- I am very pleased by it.

A few weeks ago I installed the JRealtime Analytics module and I have since seen that mobile registration appears to be blocked when the web firewall is enabled.  I looked in the logs and found the actions were blocked due to "Forbidden words in pattern" and noted the component was JRealtime Analytics.  Below is the description and I've included a screenshot of the log.  As I'd like to keep the Web Firewall active AND use the JRealtime Analytics component, any suggestion you have to allow these to work together (again, only an issue for mobile and happens on my registration page when the new user form is submitted) would be greatly appreciated!  Thank you!

div.body>div.container-fluid>div.row-fluid>main.span12>div.category-blog-posts-article->div.item-page>div>div.__pf_908sol>section._DblQBlAM._0679CqAW>div._pDNE0kYl._pQdduqQV.pb-grid.pb-grid--stackable.pb-grid--automatic>div.grid__column>div._O689JW7n._V8bBUD6d>div._62k0rWD_._VDZMiY7E>div.moduletable>div>div.loginWndInside>form.ial-form>div.gi-elem.ial-email2.ial-active>input.loginTxt.regTxt
Attachments:

Please Log in or Create an account to join the conversation.

More
1 month 5 days ago #8423 by Jose
Hi interstorm,

Hello -- first off, thank you very much for an outstanding Joomla extension -- I am very pleased by it.


Thank you very much!!! Glad to hear you like the extension! :)

A few weeks ago I installed the JRealtime Analytics module and I have since seen that mobile registration appears to be blocked when the web firewall is enabled.  I looked in the logs and found the actions were blocked due to "Forbidden words in pattern" and noted the component was JRealtime Analytics.


Try adding com_jrealanalytics into Waf configuration -> Filter exceptions -> second level filter. This should solve your issue.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • interstorm
  • interstorm's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
1 month 3 days ago - 1 month 3 days ago #8427 by interstorm
Thank you and that did help.  I am coming across another similar issue where I am getting blocked but the log message is slightly different (possible XSS attack) -- see first image attached.  I added the 'com_ajax' to the XSS filter section but this appears to be blocked whenever I save a custom HTML module using the JSN Pagebuilder interface.  Any thoughts would be greatly appreciated!
Attachments:
Last edit: 1 month 3 days ago by Jose. Reason: Avoid information disclosure

Please Log in or Create an account to join the conversation.

More
1 month 3 days ago #8428 by Jose
You're welcome!

Adding com_ajax to the xss filter -> strip tags filter should solve your issue. Do you still get the log after adding It?

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • interstorm
  • interstorm's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
1 month 3 days ago #8429 by interstorm
Yes - unfortunately that configuratio is set and when the WAF is enabled and I use JSN Pagebuilder, I get blocked.  I can manage by briefly turning the firewall off, making the change then enabling it again -- just would prefer not to go that route.

Please Log in or Create an account to join the conversation.

More
1 month 3 days ago #8430 by Jose
Can I get access to the site to check what's happening?

If so please send me administrative credentials to access to the backend. Use the email from which you receive forum notifications.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.095 seconds
Powered by Kunena Forum

Login or Sign In