Support

Well, if it is not the .htaccess Maker blocking the gallery, it has to be the Web Application Firewall. Please note that the "System - Admin Tools" plugin gets the security features configuration from the component, it's what you set in the Configure WAF page.

The good thing about WAF is that it is logging everything it blocks. So, enable the plugin, visit an affected gallery page and then immediately go to your site's back-end, Component, Admin Tools, Web Application Firewall, Security Exceptions Log. Take a look at the latest entry with your IP address on it. What does the "Reason" column read?

Idea: Have you enabled WAF's "Remove all instances of Joomla from the output" feature? If so, try disabling it.

Moreover, you must be receiving some HTTP error code, be it a 403 or a 404. It's just not possible to see no errors and something not working. It defies common sense ;)

Can you give me a URL to the affected page on your site?

I visited that page and immediately received a 403. Please go to your site's back-end, Admin Tools, Web Application Firewall, Security Exceptions Log and look for the entry from the IP address 212.70.213.223. What does it read?

If you do not see such a record, please make sure that you're using Admin Tools 2.1.14 or 2.2.a2 and that "Log security exceptions" is set to Yes in the Configure WAF page. If it's set to No, set it Yes, Save and ping me so that I can visit the page again and generate a log entry you can see, paste the Reason here and help me help you :)

I can not believe that a developer can be so ignorant... You have to disable the "Hide/customise generator meta tag" feature in Admin Tools' Configure WAF page.

Why? Because the developer of that gallery component does not understand how Joomla! works! This guy is using format=html to serve image data. Of course, this is just plain WRONG. Joomla! has format=raw exactly for this reason. Therefore, even though Admin Tools' plugin is using Joomla! 100% correctly, the gallery is using it 100% incorrectly, causing this problem upon itself when you use dynamic resizing (if you turn it off, it works properly). Well, you can disable this option in Admin Tools without compromising your site's security very seriously, but if I were you I'd just find a different gallery component, written by someone who at least understands the basics of how Joomla! works...

*sigh*

Actually, the guy doesn't have a clue :) The proper solution is to use format=raw to serve non-HTML data. Admin Tools does not suppose it is running in HTML mode. Not ever. I write software which uses format=raw (that's how downloads are served by Akeeba Release System) so it would be stupid on my part, to say the least, to have Admin Tools break this behaviour. No, sir, we don't do that. We use JDocument's setGenerator() method. This is present in the base class (JDocument) out of which both JDocumentHTML and JDocumentRaw extend.

But since we're using JFactory::getDocument() to fetch the document, we do force Joomla! to create a specialised document object. If format=html or skipped altogether in the URL (or the SEF extension is .html) then a JDcoumentHTML is created. If you do set format=raw, however, a JDocumentRaw object is created.

Even the way things are right now, the developer could work around that! JDocument doesn't get rendered until AFTER the component has finished executing. If you want to abuse format=html to deliver non-HTML data (as I do, for the same reasons, in Akeeba Backup's backup page, where the AJAX requests no longer use format=raw) there is a workaround. Just use @ob_end_clean(), output your headers and data, then call JFactory::getApplication()->close() or jexit() (both are fine, but AFAIK jexit() is deprecated since Joomla! 1.7). This will halt Joomla! before it has the chance to use its internal document renderer. This is infinitely more stable than betting on being able to set the document type in a component.

Of course, all of this requires that the developer actually understands how Joomla! works. This guy has a few things to learn, but instead of learning he prefers to put the blame on plugins which are written to use the Joomla! Framework correctly, unlike his component...