Support

Admin Tools

#12405 firewall blocks access, unknown cause

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Thursday, 24 May 2012 03:39 CDT

Wednesday, 23 May 2012 13:07 CDT

lcdservices
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 1.5.26
PHP version: 5.2.9
MySQL version: 5.0.95
Host: (optional, but it helps us help you)
Admin Tools version: 2.2.5

Description of my issue:
I have a site visitor who reportedly received the 403 "do i feel lucky" page when attempting to login from Safari -- but doesn't receive it when logging in from FireFox. That would appear to rule out an IP-based blocking, and I don't see them in the auto IP, blacklist, or geographic blocking anyway.

What other causes would potentially trigger the block? Why would it be browser-specific?

Wednesday, 23 May 2012 14:37 CDT

nicholas
Two things to try.

1. Try clearing Safari's cookies storage and cache.

2. If that doesn't work, please try disabling the Bad Behaviour integration in the Configure WAF page.

If that still doesn't work, take a look at the Security Exceptions Log. What does the Reason column read for the latest record regarding your IP address?

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 23 May 2012 22:42 CDT

lcdservices
clearing cache had no effect.
it ended up being the CSRF/Anti-spam form protection (CSRFShield) setting.
i disabled that and they no longer have issues.

odd issue, as it was repeatable on several computers, but only with Safari.

Thursday, 24 May 2012 03:39 CDT

nicholas
Hm, it sounds like Safari is autocompleting hidden fields, including the hidden field used by the CSRFShield feature. Normally, that hidden field is supposed to be left blank, otherwise you get blocked. Regular browsers don't render that field and should leave it blank, spambots however do fill it in and get blocked. How nice, Safari acts as a spambot :s

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!