Support

Admin Tools

#10011 .htaccess and picture

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by slaes on Wednesday, 28 September 2011 06:42 CDT

Thursday, 25 August 2011 15:29 CDT

user45107
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the forum before posting? yes
Have I read the documentation before posting (which pages?)? No
Joomla! version: 1.7
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: pro


Description of my issue:

Hello, sorry i'm french user.
i bought and install admin tools pro tonight, when i install the admin tools pro .htaccess, all my pictures disallow and i see the link...

How to make a good htaccess
thanks

Thursday, 25 August 2011 16:00 CDT

nicholas
Hi!

You just need to find and apply some exceptions. I have documented the process step-by-step in https://www.akeebabackup.com/documentation/admin-tools/server-protection.html#determine-required-exceptions

Unfortunately, my French is much worse than your English, therefore I can't produce a French version of this guide :( Perhaps you can ask someone who speaks pretty good English to help with the translation of that page.

Please let me know if you have any problems so that I can help.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 25 August 2011 17:34 CDT

user45107
hey...
so i write "image" with this idea "Allow direct access, except .php files, to these directories list in the Exceptions section of this pane."
and it's work... sorry to not read your FAQ before ask you here but i don't know found the answer because i'm a poor english reader...

and translate.google translate the technical word with a lot of ... bug... unreadable

for the story, before, i use crawlprotect (in french ^^), he has a good protect, but not black list the ip who attack automaticaly..

Friday, 26 August 2011 01:53 CDT

nicholas
He he! Yes, Google Translate sucks with technical documentation. I am glad it is all working now!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 22 September 2011 09:54 CDT

Andrew38-12
Hello!
I have problem with .htaccess as well.
I use Redshop+Mercado template from rocktheme.
If I put Front-end protection to "YES" my website goes broken.
I use firebug to distinguish what exceptions I have to make.
The ptoblem is that there are already exceptions for the directories like templates and components.
But I still have problems with extensions that use that directories.
How can that be? Even if I add exception for the whole directory ones more in Server protection > Allow direct access, including .php files, to these directories
But this doesn't help as well.
Maybe there are some

Thursday, 22 September 2011 17:23 CDT

nicholas
If you're using RocketTheme's optional RokGZipper plugin, please disable it. This plugin is a security nightmare, I've told them and they don't agree.

What it does is that it requires you to allow execution of arbitrarily named PHP files all over your site. However, this means that if an attacker manages to upload a sinister file (like a C99 variant, usually named inconspicuously e.g. README.php) anywhere on your site, you have just became a sitting duck. Besides, RokGZipper is using PHP code to deliver GZip-compressed versions of your PHP and JS files. Guess what? Using .htaccess Maker's option to automatically compress static resources is far better and far more efficient. Instead of using inefficient PHP code, the .htaccess method uses Apache's blazing fast GZip module. Moreover, Apache caches the compressed static resource in memory, meaning that your side loads faster. Double win!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 23 September 2011 02:34 CDT

Andrew38-12
Hello Nicholas!
I have read materials on Akeeba website and turned Rockzipper off.
Good, I am out of this threat.
But at the same time I can not understand why the whole template gone wild if I add all possible troublemakers directories to the exceptions.
In my case the functionality is ok (at least I do not see anything goes wrong), but the Modules, fonts, sidepanel that is all messed.
I have turned Front-end protection off for the server.

Got only one Idea. I have strong hosting with high level of security, I think that can be cause of the problems with "Server protection" directory.
Anyway, I have used many other security things from Admin tools), so my issue is of no hurry at all).
Best Regards!
Andrey

Friday, 23 September 2011 03:02 CDT

slaes
Andrew,

We run very tight servers. Mod Security and CSF rule sets are hardened to the max. We also use all features of Admin tools. (with the expectation of bad behavior and ip blocking). Personally i dont believe in ip blocking generally, the only ip blocking we do is for port scanning and various other probing attempts, and even that isnt particurley necessary. With all that in mind, we never experience the problems your talking about.

The front end protection feature, is probably the best feature of the htaccess maker and probably something you should consider putting back on. If you switch it off, their is no point in making exceptions.

Are you sure you have added all the necessary exceptions? Sometimes if you elect to join/minify/compress/cache things they are actually rewritten to another directory in which case you would need exceptions to that directory.

Hope that helps you.

Friday, 23 September 2011 03:03 CDT

nicholas
Hi Andrey,

Unless I take a look at the broken site, I can rarely understand why it breaks. What I've seen many times is a PHP script serving compressed versions of static resources which doesn't work properly when the front-end protection is enabled but does not throw a 403 error. If it's possible, please create a clone of your site in a subdomain (not a subdirectory!) or a different domain and send me a Personal Message so that I can take a look.

BTW, there is no way a host's configuration can interfere with the Front-End Protection in .htaccess Maker. Each protection works on a different level. The host usually applies mod_security2 or a similar software firewall feature. .htaccess Maker, well, creates a .htaccess file which runs after mod_security2 and only if the request has passed mod_security2.

For everything else, slaes is 100% up to the point :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 23 September 2011 07:12 CDT

Andrew38-12
Hello!
Thanks you all for sharing experience. Well, I have to get back to front end protection feature ).
I will try to find the problem one more time, and if no positive result, than I will use generous proposal from Nicholas and send my data.
That will be better, than go lazy)

Best Regards

Friday, 23 September 2011 07:13 CDT

slaes
good decision ;)

Friday, 23 September 2011 07:13 CDT

nicholas
You're welcome! We're here to help :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 28 September 2011 06:06 CDT

Andrew38-12
Hello, Nicholas!
I have tried to make Server protection > Front-end protection working.
Only one thing I can not do is Front page slide show from Joomla works (FPSS).
I have added even the whole directory to the "Allow direct access, including .php files, to these directories" but it still presented just like list of slides not like slide show anymore.
That the last issue with Front-end protection.
Maybe there were cases with FPSS before?
Thanks in advance!
Andrew

Wednesday, 28 September 2011 06:10 CDT

Andrew38-12
I also followed advice from Slaes, and added cache directory to the exceptions list.
So now FPSS is little bit better but still looks messy.
Here it is http://carlsbad-rnc.com/

Wednesday, 28 September 2011 06:17 CDT

slaes
u also need to add, to and include php files

that should fix it

1. modules/mod_fpss/tmpl/FSD/css
2. cache

Wednesday, 28 September 2011 06:30 CDT

Andrew38-12
Hello, Slaes!
Thank you very much! I have followed your direction!
And All is working!
By the way I have got covered by Admin tool from my first attack today).
Thanks God, I am now with The front end protection feature!
Best Regards!

Wednesday, 28 September 2011 06:42 CDT

slaes

Yeah front end protection is probably the most powerful part of htaccess maker, hence its highly recommended to have it on.

Great to hear it's all good for you now.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!