Support

Admin Tools

#12605 not sure I understand the URL redirection

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Saturday, 14 July 2012 18:00 CDT

Sunday, 10 June 2012 17:16 CDT

user8011
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the tickets before posting?
Have I read the documentation before posting (which pages?)? yes
Joomla! version: 2.5.4
PHP version: 5.3.8
MySQL version: 5.1.52-cll
Host: Arvixe
Admin Tools version: pro 2.2.6

Description of my issue:

I'm trying to use the URL redirection feature to assist some users of my site that keep generating security exceptions, but it's either not working as I thought it was supposed to, or I just don't understand how to make it.

I keep seeing this in my security exceptions log:
http://crypticsites.com/templatedemo/?template=carmandria
(or some other template name)

Which obviously, generates a security exception -- that crypticsites.com/templatedemo/ URL doesn't exist any longer.

The thing is, if they only entered it this way:
http://templatedemo.crypticsites.com/?template=carmandria

it would work just fine, because that subdomain is my template demo site.

But, what I have entered in the URL redirection feature doesn't seem to be working; all I can turn up is a 404 error.

This is what it looks like in my feature editor:


I have also entered it the other way around, but after further reading, thought that didn't seem right, and it also didn't work. So I can't make it work, no matter in which direction I enter the URLs. Am I going about this wrong, or is this even possible? It seems that some users have bookmarked old URLs, and I'm trying to get them to the new correct URL, since they apparently haven't come to the main site yet to see the new template demo site's URL.

Thx,
Andria


Monday, 11 June 2012 02:06 CDT

nicholas
Hi Andria,

You've got it all backwards :) The Existing URL is the URL which exists without Admin Tools. In your case it's http://templatedemo.crypticsites.com. The New URL is the URL path and query string parameters which Admin Tools must see to perform the redirection. That is to say, the New URL must not have the protocol and domain name. So, there we go:
Existing URL: http://templatedemo.crypticsites.com
New URL: templatedemo
Try this, it should work.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 11 June 2012 09:41 CDT

user8011
Hmm, well, that kinda works, but kinda doesn't; if they just enter "http://crypticsites.com/templatedemo" then it works just fine, redirects to the new demo site. However if they enter "http://crypticsites.com/templatedemo/" or that same URL with any template parameter, then it just gives a 404 error. So it doesn't seem that helpful for these folks who have apparently bookmarked old URLs for specific templates.

I'm also thinking of what you told me just last week, that templates also can yield security flaws that can be exploited by the hacking bastards who do these things, and I'm wondering if the two templates I'm seeing referenced might be exploitable -- they were both very early efforts of mine, when I first started creating Joomla templates. (both have since been updated for 2.5, so I think the new versions, at least, are secure, but I can't say for sure about the old versions).

I also considered that maybe I was seeing a 404 error instead of the security exception msg because I had my own IP whitelisted, but even after I took my IP out of the whitelist, I still get the 404 error, so I'm a bit confused about that. See, for my main site, I have that "Block template=foo site template switch" set to YES, since there's no reason to try and load a different template on that main site; all the demo templates are at the demo site, and I really don't want others to be able to see or load any new templates I might be testing out at my main site. If I take my IP out of the whitelist, do I need to logoff or anything, in order for the changes to be recognized? Because even when I entered "http://crypticsites.com/templatedemo/?template=carmandria" I just get the 404 error, and I don't see it in my security exceptions log, even though it's showing up for others who enter that type of URL.

Sorry to be such a pain about such a small issue; I just can't get my head around what's happening here, and how I might address it to help users who don't realize that URLs have changed.

Thx!
Andria

Monday, 11 June 2012 10:54 CDT

nicholas
That behaviour has to do with the way Apache parses trailing slashes. You can add another redirection where the new URL is "templatedemo/" (with a trailing slash). That should work, even though the redirection feature was never designed to catch directories :)

Most likely the template= parameters come from very old links, forgotten somewhere in the vast universe of the Internet. I still see the occasional joomlapack.net request, referencing a page from the very first site I had created for the precursor to Akeeba Backup. That was almost six years ago :D

You see a 404 error because Joomla! returns a 404 error. If you were being blocked by Admin Tools, you'd see a message or the customisable error page (based on your choice in the Configure WAF page), as well as an entry in the security exceptions log. Remember, your problem is that the URLs with a trailing slash weren't redirected. Hence they throw a 404.

No worries about your questions. It took me two full years to learn how Joomla! works and there are still some hidden secrets I am only beginning to learn about. Like how Joomla! will autoload a -uncompressed.js version of your JavaScript file if the file exists, without you explicitly specifying it, as long as you have Debug System turned on. Or how there was a patch at some point which allowed CSS and JS file overrides, but now even the maintainer has no idea what happened to that code. And so on... ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 11 June 2012 23:35 CDT

user8011
Ok, I did get that to work, if the old URL is entered with a trailing slash -- that was actually my bad, I made the mistake a very long time ago of installing my demo site to a subdir off my main site's root, when my main site actually WAS the root at my old hosting acct. I saw my error at once, but I had already published a buttload of articles with that URL, so I left it that way for some time.

What I could not get to work is if they enter a template parameter; they would end up at the demo site, true, but without any template at all being loaded, and an error msg that said that template could not be loaded, contact site administrator. *sigh* So the only way I could address that is to edit the en-GB.ini file, so now it says, in big H2 letters, "That URL is not available. To view CrypticSites' Template Demos, please click here." and a link to the root of that site, which is a great deal more informative than "contact site admin." It's the best I can do, and it does have the benefit of weeding out spam bots; it requires an actual human to read it and go, oh ok, (click). ;)

Thx!
Andria

PS: I think the reason that the specified template isn't being loaded is because my template names have all changed -- even the old ones now have a _J25 suffix! But, it seems to me that instead of loading the site with no template at all being loaded, which of course looks totally insane, it should *always* fall back to the default template. This seems like perhaps a bug or an oversight, in Joomla 2.5 or maybe just Joomla in general.
ABD
Edited by user8011 on 2012-06-11 23:44 CDT

Tuesday, 12 June 2012 02:27 CDT

nicholas
Hm, when i try a stock Joomla! 2.5 site with an inexistent template parameter all I get is the regular page with an error message stating "The template for this display is not available. Please contact a Site administrator.". Now, I just tried visiting http://crypticsites.com/templatedemo/ and http://crypticsites.com/templatedemo. In both cases I was redirected to http://templatedemo.crypticsites.com/ and it works fine. Ah, dammit, I know what's wrong! Clear your browser's cache, your cookies, shut down the browse and start it again. Now retry visiting http://crypticsites.com/templatedemo/. What do you see?

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 12 June 2012 06:50 CDT

user8011
Ok, well, I don't want to clear my cookies, because then all the sites that need a pw will start asking for it again, and I'll have to try and remember what they are -- and with over 20 tabs open, I don't really want to close it either, it takes too long to start back up.

So I did what you said with my very-little-used Chrome browser, and yes of course, the redirection now works fine when you just enter http://crypticsites.com/templatedemo/ because I put it in the URL redirection feature, both with and without the trailing slash.

But when it does not work fine, despite having added entries to the URL redirection thing to try and cover it, is when you enter

http://templatedemo.crypticsites.com/?template=carmandria

or

http://crypticsites.com/templatedemo/?template=crypticgray01

However I realize now there's probably a different reason why they don't work -- they wouldn't work even if the url was the right way around, and not even if the template name is specified correctly -- because I'm using a plugin+module to switch templates in that site, and I suspect it has disabled Joomla's native commandline template switching ability.

I can try it again on another computer, I have another one sitting here that's not being used for anything, or I can try it in Opera, which I installed on this one for some reason, then decided to use Thunderbird for mail instead of Opera, because 1) they changed Opera so radically I couldn't use it anymore, and 2) everytime I use's Opera's browser, half the sites I'd try to visit would holler at me to get a "real browser." So in this machine, I've never used Opera, so there should be no cookies.

To me, cookie deletion is a bad, bad, BAD thing -- if they get deleted by accident, I have to start calling up creditors and trying to find out my password for their site. 8-| Then they act like I'm an identity thief. 8-O

Bad, bad, BAD thing. I'd make those lil bastards immortal if I could. :)

Thx,
Andria

Tuesday, 12 June 2012 07:43 CDT

nicholas
I'm using a plugin+module to switch templates in that site, and I suspect it has disabled Joomla's native commandline template switching ability.

That's exactly what it is :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 12 June 2012 10:06 CDT

user8011
Well, I think my mod of the language file to make the URL known, with a link, is helping; instead of seeing "2 guests" now I see 7. And on my main site, instead of seeing some number of guests/members in the 300-400 range, which I knew was total BS because at my old site I had it specified to both number and usernames, and saw a bunch of BS spam usernames, now it's in the 40-50 range, which seems a lot more likely as far as "real" visitors goes. If only my site was as popular with template-seekers as with spammers, I'd really be in business! :)

The main way that Arvixe was able to help me with all those SQL processes was to take my Admin Tools blacklist, and copy all those IPs over to the IP blocker in cPanel; that way, they never hit the site at all, sparing my database from hundreds of spurious hits as it tried to block all those spam buttheads. So, I've still got http:BL active, to block any known malicious agents if they appear (and they do), my Joomla database is now not so burdened, since cPanel is blocking over a hundred IPs for me. I'll go thru any new ones that appear in the auto-block list, I suppose on a weekly basis or so, and copy over to cPanel's blacklist any that seem legitimately malicious instead of just confused by the new site.

If I had the next-level-up of hosting, the SQL processes wouldn't be a problem, but I'm using the "Personal" class, and it's somewhat limited. For now, it's sufficient, and if I start to make any $$$ from the subscription setup, then I can upgrade my hosting pkg and turn all the AdminTools bells and whistles back on.

Thx!
Andria

Tuesday, 12 June 2012 10:32 CDT

nicholas
This is one of the reasons of me recommending against using IP blacklists :) The other is that they are completely ineffective. A decent hacker would use an anonymizing proxy, Tor or a botnet to attack your site. This is why I tell people to use the automatic IP blocking with "fast" settings, e.g. 3 exceptions in 1 minute incur a 15 minute ban. It's enough for bot attacks to "cool off" and not long enough for legitimate users to become irritated. Plus, the list never gets too big so as to cause tons of db usage. Add Project Honeypot to the mix and it's as sweet a deal as it can get.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 12 June 2012 10:55 CDT

user8011
Well I'm definitely using the Honeypot, it's invaluable; and I'm using the auto-ban repeat offenders, and on your advice, changed my settings to slightly faster than I had them -- 3 attempts in one hour, bans for 3 hours. I did have to change my settings, to not treat login failures as security exceptions, but after I see how my db is doing, I might change that back. But I'm keeping my cPanel blacklist, I've just had so many spammers plaguing me for so long, I can't deal with it anymore. After 6 months or so, I'll gladly go to the trouble of searching up all those blocked IPs again, on Honeypot, to see if there is any recent nefarious activity or not. On the "Geographic Blocking" page, I didn't set anything to be blocked -- EXCEPT, anonymous proxies. I don't allow phone calls at my home that block their number from caller ID, either. If they're ashamed to show who they are, then I have nothing to say to them, whether on the phone or the internet.

One thing occurs to me, about that mod to the language file -- will a Joomla update wipe that out? I note that in the language dir, there's a dir called "overrides" -- should I save my en-GB.ini into that folder, or do I copy my entire en-GB folder into that folder? I tried the "media" folder in my template, the way I protected my akeebasubs CSS file, but that method doesn't seem to work for languages. Which is good, I think, since the mod I made is irrespective of template -- I need it to display when a template parameter is specified and thus no template loads at all, thanks to my plugin+module template switcher. But I'd hate to be having to do this everytime Joomla updates.

Thx,
Andria

Tuesday, 12 June 2012 11:00 CDT

nicholas
Joomla! updates always wipe out the modified language files. But! Joomla! 2.5 has a handy-daddy little feature called language overrides in the back-end. Just go to Extensions, Language Manager and click Overrides in the link ribbon. Once you get the hang of it you'll wonder how it was possible to customise websites back in the stone age ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 12 June 2012 17:28 CDT

user8011
God, does Joomla just keep going from strength to strength, or what? Thanks for that tip; I swear I've started in on the "What's New in 2.5" docs at least half a dozen times now, and still haven't gotten thru it all -- I'm working on it, though!

That's really great for me, because I like to go thru the en-GB files and change the spellings to en-US. :) (and change the wording for a few things) But after I did it 3 or 4 times with my old 1.5 sites, I got tired of having to re-do it everytime it updated. Now I can do it once per site, and it's done! Picture me dancing the Snoopy dance in pure joy!

Thx!
Andria

Wednesday, 13 June 2012 01:47 CDT

nicholas
Andria,

Yes, Joomla! 2.5 has gone a very, very long. It's now much more than just a decent CMS.

There's also an en-US language file. Can you guess what the difference is between en-GB and en-US? Right. Now stop reinventing the wheel and download the language file :D

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 13 June 2012 06:58 CDT

user8011
Well, I could, though I seem to recall being less than impressed with the en-US language pack. I think it's that while I prefer the US spelling of "authorize" and "favorite," I prefer the traditional spelling of words like "cancelled" -- en-US does weird things like "canceled" which just looks wrong to me.

Basically if the change in English was circa Noah Webster, I'm in favor; anything later, very much opposed. And don't even get me started on this modern phenom of regularizing verbs -- "shined" instead of "shone," "lighted" instead of "lit," "dived" instead of "dove," etc. I dread the day I see the unfortunate "runned," but if these verb-regularizing fools have their way, it'll get here.

I think when you start bitching about what they've done to your language, it's a sign of old age. So I guess I've arrived, or will shortly. :)

Anyway I only found 2 things to change, one "authorise" and one "favourite." And my default (well, ONLY) language still appears to be en-GB to any extensions that check for things like that, which causes far less problems.

Thx,
Andria

Wednesday, 13 June 2012 07:24 CDT

nicholas
Well, most British people would agree with you regarding the bastardisation of English, if only it wasn't for your spelling preferences :D

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 13 June 2012 17:46 CDT

user8011
Webster's Dictionary was published in 1828, so there is little anyone can do almost 200 yrs later; his amendments are permanent at this point -- the S's to Z's, dropping the extraneous U, and so on. Actually rather modest changes, compared to the modern-day re-structuring of grammar! I hate to think what may happen to the various tenses of "be."

But I believe that Mr. Webster held Dr. Johnson in very high esteem, and sought to carry on his work, for a new group of people speaking the language -- at the vast distance of the Atlantic Ocean, there is no way that American and British English could remain the same, especially given how "porous" English is to other languages (Saxon, Old Norse, Old Danish, Norman French, Latin, Greek, etc!), and how the MANY different languages represented by America's people, 99.9% of immigrant forebears, could not help but change the language, into the infinity of the future.

I'm just disgruntled that something as fundamental as the structure of verbs should be so radically changed, with no particular notice given to anyone about it, just the appearance of all these mangled verbs in nearly every book I read, in songs, on TV, just damn near everywhere. It really does make me feel I'm getting old, to be so disgruntled about it.

Andria

Thursday, 14 June 2012 06:27 CDT

nicholas
I agree with you on verbs. Oversimplification of the language will eventually lead to what Orwell described as "newspeak" and will have the same detrimental effects on human intelligence as he described, but I digress :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 14 June 2012 12:10 CDT

user8011
Yeah, now that I apparently have this site sorted out, I gotta get back to the designing. It's like... putting on different glasses, to focus on something entirely different -- less tech, more art. It can be a challenge to switch gears sometimes, but if I don't start, it'll never happen. Left brain, back to sleep. Right brain, stop slacking!

Thx!
Andria

Thursday, 14 June 2012 12:11 CDT

nicholas
Ah, tell me about it! Good luck :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 14 July 2012 18:00 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!