Support

Admin Tools

#10121 Panic! Administration 404 after last upgrade... Heeeeeelp!

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 30 November 2011 14:34 CST

Chacapamac
I rename main, still 404 Help

http://www.tradsf.com/administrator/

Chacapamac
I got a com_admintools.updates.ini in my cache folder?

Chacapamac
Both in cache admin and root?

Chacapamac
Delete all cache with those 2 files — Clear cache/history/all browser.

No change this is bad....

I need that to be resolve ASAP

nicholas
Akeeba Staff
Manager
First, as the Hitchiker's Guide to the Galaxy reads, Don't Panic. You are in such a panic that you don't make sense and you are basically trying random things all over the map which are guaranteed to BREAK your site. Step one: think. Step two: act. If you do them the wrong way, ka-boom ;)

Here's what I see: when I try to visit your administrator URL, your server (NOT the Joomla back-end login page!) asks me for a username and password, a.k.a. this is the administrator password protection. If I don't enter anything or if I enter the (obviously) wrong credentials, I get a 404 page because your server doesn't have a document for the 403 Access Forbidden error message. Maybe that's what you get and it's easy to work around.

Just clear your browser cache, quit your browser, open it again and revisit your administrator area. Make sure you enter the correct credentials.

If that doesn't work, remove the .htaccess file from your administrator directory and retry the previous steps.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
Ok I rename htaccess in the administrator

What now?

nicholas
Akeeba Staff
Manager
Did you try logging in to your back-end again? Do you get an error? If you do get an error, would you mind sharing a screenshot and telling me all the necessary information (Joomla! version, PHP version, MySQL version) so that I can help?

Remember, I am not in front of your computer. You are my eyes. Describe what you see, otherwise I am blind as a bat and my replies are most likely vague and unhelpful ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
I can go in now...
Something whent strange when I enter a backend password

nicholas
Akeeba Staff
Manager
OK, now that the panic is over, I can tell you what happened. For some reason, your browser cached the wrong back-end password. At some point it started using it without asking you, causing your server to try to reply with a 403 Forbidden error message. If that happened, your browser would ask you the username/password again. However, your server couldn't find the 403 Forbidden error page and threw a 404 Not Found instead. This tripped your browser who thought that the login (actually: HTTP Basic Authentication to the administrator directory) worked, but a 404 Not Found occurred when trying to fetch the document you were asking (login page).

In those case, the simple workaround is to clear your browser's password cache, page cache and cookies for your site's domain name, quit and restart the browser, then try logging in again. This will cause your browser to ask you the administrator password protection's username and password all over again.

Or, you can remove the .htaccess file from the administrator directory.

Or you can use another browser, or another computer, or even your mobile device (cellphone, tablet, netbook, ...).

All that as long as you don't panic ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
for now I rename the htaccess in the administrator folder

If I remove the htaccess files (.htpasswd and .htaccess)
I will have probably to re-enter my username password?

That bring a question the htaccess maker is for the htaccess in the administrator or root.

Litle scare to play with that as I have a top of the line 301 redirect in my htaccess, don’t want to mess it up even if I have a backup..

Chacapamac
I rename my main-disable.php to main.php
I delete (.htpasswd and .htaccess) in the administrator folder
Check and clear my ip from firewall apps
clear all caches in Joomla
Clear all caches in browser

Because I trow away the (.htpasswd and .htaccess) I go directly to joomla admin (without Firewall user/pass)

Went back to Protect Administration — reenter my user/pass and when I apply I go directly to a 404 error same than before.

But I see in bright red letter on yellow that you can delete the 2 htacces files in the admin to regain your admin but something is definitivly strange.

What should I do?

nicholas
Akeeba Staff
Manager
The .htaccess Maker only deals with the .htaccess file in your site's root directory.

The feature you are looking for is called "Password-protect Administrator". First remove the .htaccess and .htpasswd from your administrator directory. Then go to your browser settings. There should be an option to clear stored password. Clear the stored passwords for your site (this is the problem). Then clear your browser's cache and cookies. Close your browser completely (if you're on a Mac use CMD-Q, on other operating system just close all browser windows). Start your browser again. Go to your site's back-end, Components, Admin Tools, Password-protect Administrator. Enter a new username/password and click on "Password-protect". Your browser should now ask you for username and password. Enter the same username/password you entered before clicking the "Password-protect" button.

Everything should now work.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
I download the 2 files
htaccess —> nothing in it.... empty
htpasswd —> I got myusername:someletternumber.

those letter numember are NOT my password — The username are ok

nicholas
Akeeba Staff
Manager
The password is encrypted, hence the funny-looking characters and numbers.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
Delete the htaccess files
Delete all password for that site
In Firefox Mac — Pref —> Security —> Saved Password

Curiously one said:
www.tradsf.com (Restricteed follow by my correct username for my backend firewal
Another one ( www.tradsf.com where the username is blank (curious)

Anyway delete all...

Reopen browser and clear all cache history on browser

Went to administration —> Direct to normal Joomla

Went to Admin — Secure Admin Access padlock

Return to 404 — Tiresome

Chacapamac
Ok this time I got in the htaccess

AuthUserFile "/mypath/web/administrator/.htpasswd"
AuthName "Restricted Area"
AuthType Basic
require valid-user

RewriteEngine On
RewriteRule \.htpasswd$ - [F,L]

Chacapamac
But stil a 404 when enabling the firewall

Chacapamac
the 404 adress is
http://www.mysite/administrator/index.php?option=com_admintools

nicholas
Akeeba Staff
Manager
Can you please post a screenshot of the 404 error? Also, if the 404 error disappears when you remove the .htaccess file from your administrator directory, the problem can not be with Admin Tools, because the error is coming from your server. In this case, you have to contact your host and ask them why a perfectly valid .htaccess/.htpasswd combination which adds password protection to a directory causes this kind of problem. We just can not troubleshoot Apache (we don't have access to its configuration!).

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
i686 ( Linux )
Platform Linux 2.6.32-5-686
#1 SMP Mon Jun 13 04:13:06 UTC 2011

Apache/2.2.16 (Debian)

I have complete access to that server VPS

I just will reinstall, just to be sure — Repeat everything

What you saying make sens. This is a brend new server environment...

If ’it’s the case...
I will have to protect the administration manually?

Chacapamac
I reinstall admin exactly the same thing. The code generated seem to not work on this server.

This is an high performance server I’m helping to mount for php sites.

I send the 2 AdminPro ht files to the server manager to look at.

I have access to a tool to protect files snd folders on that server, maybe I will have to protect administrator manually by that tool...

I try to generate some ht files with it to see the difference of codes but the ht files generated that way are completly protected (ISPConfig) I will ask the manager to send me an example

Do you see other potential problems using AdminPro in that environment?

nicholas
Akeeba Staff
Manager
It is possible that Apache doesn't support the simple password encryption (use of the system's crypt() function) in .htpasswd files. This could be done as a means of securing the server, enforcing only higher encryption schemes for .htpasswd- or .htaccess-stored passwords. In that case, the administrator password protection feature of Admin Tools won't work. That said, I don't see any other problems with your server, on the contrary. It looks up-to-date and beefy, which is a very good thing!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chacapamac
This is what the server ISPconfig control panel do...


htaccess

AuthType Basic
AuthName "Members Only"
AuthUserFile /var/www/clients/xxxxxxx/foldertoprotect/.htpasswd

require valid-user
 
/var/www/websitedomain.ca/web/otherfolders/config/.htaccess

deny from all
 
/var/www/websitedomain.ca/web/otherfolder/include/.htaccess

deny from all
 
/var/www/websitedomain.ca/web/otherfolders/.htaccess

AddDefaultCharset utf-8
 


.htpasswd
/var/www/websitedomain.ca/web/foldertoprotect/.htpasswd

bobo:$1$gxdWWyHK$5IYrCrvNbLLuGXOlftb9O0


I guess the alogaritm is different.....

nicholas
Akeeba Staff
Manager
Yes, this looks like a different algorithm, which would explain why the Admin Tools-generated .htaccess and .htpasswd wouldn't work with your server.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!