Support

Admin Tools

#12541 WAF config will not save on Rochen host

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 03 June 2012 05:20 CDT

Sunday, 03 June 2012 00:39 CDT

user64282
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes, found the same issues but I may have some additional information that I think could help - or not.
Have I read the documentation before posting (which pages?)? Yes all of them
Joomla! version: (2.5.4)
PHP version: (5.3.13)
MySQL version: (5.1.62)
Host: (Rochen)
Admin Tools version: (2.2.6)

Description of my issue:

Same issue as RobSet in #12538. WAF config is not saving, returning a Forbidden 403 error for administrator/index.php and a page not found 404 error. The reason I'm posting here is that I did try installing ATPro on another host and it worked fine, so I contacted Rochen. I thought their reply might be of some help - they say they have a WAF layer that's part of Apache and they say that the Admin Tools WAF conflicts with their WAF. To quote:

"We are not saying that you can't use Admin tool on our server, You can use it on our shared server, But it will keep on conflicting with our server security and give you 404 errors like the one you have experienced and that is why you should avoid using any such component on our server, We have our own security set on this server which is done keeping in mind the scripts our clients use on our shared server and that is why there is no need of any extra modules."

I don't know if this will help in troubleshooting this - or if this is a conflict that cannot be resolved with Rochen's current setup, but FWIW.

Pam

Sunday, 03 June 2012 02:17 CDT

nicholas
That's the crappiest of crappy responses I've ever seen! Their server only has mod_security2 with bad default rules. They regularly have conflicts with just about anything. For example, their cPanel proposes MySQL passwords which contain non-standard characters like ampersands, question marks and so on. When you try setting up Joomla! with this password you get the same 403 errors. Why? Because they have a bad mod_security2 setup. I've told them, but they won't change it. Anyway. Back to your issue. This should only happen when you enter a secret URL parameter which contains characters other than lowercase unaccented latin letters (a-z) and numbers (0-9). If you refrain from using such characters, it will work.

As to whether their shared server's security is adequate and renders using Admin Tools obsolete, my reply is LOL!. In case they don't remember, I was the guy who built the first version of their "Joomla! Tools" feature in cPanel. The .htaccess I had included at that time, two years ago, is now obsolete. I have released six versions of my master .htaccess ever since. They never bothered updating their tools and they won't even give you support with it. Does their security tackle CSRF, XSS, DFI, RFI, malicious uploads and all of the attacks Admin Tools can fend off? Heck no! So, their reply is completely misguided and I'd certainly recommend not using Rochen's shared hosting. The reason is simple: Rochen's support on shared accounts is subpar. They have awesome support for MVS users (like me), so their recent subpar level of support for their shared accounts came to me as a surprise.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 03 June 2012 02:46 CDT

user64282
That makes sense, that the shared hosting would get minimal support. I was trying them out because so many Joomla devs use them and I want to give my clients a good experience, but this isn't it!
I tried a bunch of things - leaving most of the config file settings alone and just adding my e-mail, but nothing worked. I installed it on a site I have on Dreamhost and no problem! So I figured it was a host issue and not operator error.
It's okay. I am so pleased with what AT does and how much easier it will be to track hack attempts, among other things, that I figure it's Rochen's loss! I did mention in my ticket to them that you had written that for them. And the first response from them was nicer - still lame, but nicer!

Thanks so much - for the work you do and for the response!
Pam

Sunday, 03 June 2012 05:20 CDT

nicholas
What seems very (very!) strange is that not all sites and Rochen servers are affected. My personal blog is hosted on Rochen, using their cheapest shared hosting plan on a UK-based server. I can save Admin Tools' WAF configuration without a problem. I guess the problem stems from some parameter used on your sites or a different configuration between different Rochen servers - or both. Since they are not willing to help, I can do nothing but stop recommending them as a hosting provider.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!