Important | |
---|---|
This feature uses .htaccess files which are only compatible with Apache, Litespeed and a very few other web servers. Some servers (such as NginX and IIS) are incompatible with .htaccess files. If we detect a known to be incompatible server type this feature will not be shown at all in Admin Tools' interface. It should be noted that even if you do see it in the interface it doesn't necessarily means that it will work on your server. This depends on your server's capabilities. If you are unsure or believe it doesn't work please consult your host. |
Joomla!'s off-line feature, the one you can enable in your site's Global Configuration, has a major deficiency. It doesn't actually put the site off-line. All it does is to replace the HTML output with the "off-line" page... after running all plugins, modules and the component which would display on the page. This can have serious security implications, especially when you need to take your site off-line to deal with a security issue (e.g. an extension known to be vulnerable or a hacked site) or to update a key component of your site.
The Emergency Off-Line Mode of Admin Tools enables you to really and securely take your site off-line. More specifically, the Emergency Off-Line Mode does the following actions:
It creates —if it doesn't already exist— a static HTML page named offline.html in your site's root. This page contains the offline message to show to visitors. Feel free to modify it to your liking.
It creates a backup copy of your site's
.htaccess
file, if there was one, under the
name .htaccess.eom
.
Finally, it creates a .htaccess
file
which will temporarily redirect all access attempts to the
offline.html
page. It will allow only your
current IP address to have access to the site.
To put your site in Emergency Off-Line Mode, simply click on the Emergency Off-Line button in Admin Tools' Control Panel page. This will get you to the following page:
The Emergency Off-Line Mode page
Clicking the Set Offline button will attempt to perform the steps outlined above. Should any of those steps fail, for example due to insufficient file permissions, you can still put your site in Emergency Off-Line Mode by taking out the following procedure:
Keep a copy of your site's .htaccess
file, e.g. renaming it to htaccess.bak
.
Create a new .htaccess file in your site's root with its contents being what displayed in the last part of the Emergency Off-Line Mode page.
If your Internet IP address changes before you disable the Emergency Off-Line Mode —i.e. your connection drops or you switch to another computer which connects to the Internet through a different Internet router— you will be unable to log in to your site. In this case, follow these steps:
Using an FTP application of your liking remove the .htaccess file, or upload a blank .htaccess file overwriting the old one.
Go to your site's administrator back-end and relaunch Admin
Tools' Emergency Off-Line mode. Clicking on the Set Offline button
will create a new .htaccess
file with your
current IP address. Your backup .htaccess.eom
file will not be overwritten.
If you want to set your site back on-line, just visit the
Emergency Off-Line page and click on the .htaccess
file with the contents of the
.htaccess.eom
backup file and remove the backup
file. If this doesn't work, follow this manual procedure:
Using an FTP application of your liking remove the .htaccess file, or upload a blank .htaccess file overwriting the old one.
Rename the .htaccess.eom
backup file back
to .htaccess
Of course! This feature only prevents web (HTTP/HTTPS) access to your Joomla site from IP addresses other than yours. It can't and won't touch FTP access or your hosting control panel's file management.
That's the point. You can access the site but people coming from other IP addresses cannot.
If you need to test this use a different device with a mobile Internet connection, e.g. your phone disconnected from WiFi and connected to mobile data. This will have a different IP address than your current device.
This means that your site is behind a proxy such as a CDN, third party Web Application Firewall service, load balancer or caching proxy. In these cases the visitor's address appear to be the same for all traffic coming to your site. In this case you cannot use this feature. It's a server limitation.
Note | |
---|---|
In theory, we could change the .htaccess file we generate to use the HTTP X-Forwarded-For header. However, you'd need to know if you are hosted on a server under the configuration described above and tell us in advance. In most cases this happens when you are using a third party CDN (such as CloudFlare) or third party Web Application Firewall service (such as Sucuri). It's easier to go into the control panel of these third party services and block traffic from all IPs except yours than remembering to configure the Emergency Off-Line Mode every time you need to use it. |
No. There are many cases where using Joomla!'s off-line feature is more convenient, i.e. when you want to simply make your site's content unavailable to random web visitors and search engines while building a new site. The only cases when you should use the Emergency Off-Line Mode are:
If you believe that your site has been compromised (hacked). The Emergency Off-Line will make it impossible for the hacker to access your site while you are working to restore it.
When updating key components of your site and don't want to risk a user following a direct link which might interfere with the process. This use case is largely irrelevant nowadays since databases will automatically lock the tables they are making structural changes to when an extension update is in progress, making it very unlikely if not impossible that you'll ever see a problem like that.
In all other cases it's more convenient and sufficient to go to your site's Global Configuration and enable the off-line feature of Joomla! itself.
Well, you're not wrong. It's a bland, unbranded, boring page. Of course you can change it. Simply upload an offline.html of your liking to your site's root. You can link to JPG, GIF, PNG, BMP, SWF, CSS and JS files —on the same or a different server— from inside the HTML of this file. Do not try to link to other file types, it will not work.
No. The redirection to offline.html
is made
using the 307 HTTP status code which tells search engines that this
redirection is temporary, they should not index the page now, but come
back later when the problem will have been restored.
Delete the .htaccess file from your site's root. Rename the file .htaccess.eom back to .htaccess and that's about it.
Don't panic! You have an old version of Apache —1.3 or 2.0— which
doesn't support one feature used in the .htaccess
file generated by Admin Tools. You can easily work around this issue by
editing the .htaccess
file in your site's root,
using an FTP application. Replace [R=307,L]
in the last
line with [R,L]
(that is, remove the =307 part) and save
back the file. That's all.
It depends. If you have a static IP address, no, you will never get locked out. If you have a dynamic IP address, I don't know. When I used to have a dynamic IP address I observed that my IP address wouldn't change if my connection dropped for less than 1-2 minutes. It all depends on how your ISP assigns IP addresses to its clients. The only way to find out is the hard way: trial and error.