Support

Admin Tools

#14218 Exception "Allow direct access to php file" doesn't work

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 02 December 2012 07:30 CST

Sunday, 02 December 2012 03:38 CST

Joel

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 2.5.8
PHP version: 5.3.13
MySQL version: 5.1.13
Host: (optional, but it helps us help you)
Admin Tools version: 2.4.2

Description of my issue:

I configured htaccess maker to allow access to some PHP files located in /plugins/content/myplugin/myplugin directory.

This exception works fine but if I activate the option "Allow administrator access only to IPs in Whitelist" or "Administrator secret URL parameter" in the Web Application firewall then I get the exception "Admin Query String" and I'm redirected to /plugins/content/myplugin.

In fact the exception apply only if I'm already logged as administrator. If only "Allow administrator access only to IPs in Whitelist" is activated (no "Administrator secret URL"), the exception works but only from IP listed in "Administrator IP Whitelist".

So, I have the feeling that "Administrator secret URL" and "Administrator IP Whitelist" are checked before the PHP exception configured in htaccess maker.

Any idea?

Regards,

Joël

Sunday, 02 December 2012 04:22 CST

nicholas

The Web Application Firewall and the .htaccess Maker are two completely irrelevant things which do not affect one another. The .htaccess directives run at the web server (Apache) level, very very long before PHP has a chance to run, let alone Joomla! run. On the other hand, Web Application Firewall runs as soon as Joomla! has finished initialising and right before it attempts to route the request. Despite your feeling, the .htaccess Maker settings are not relevant to Web Application Firewall's settings. Moreover, if you allow direct access to an arbitrary PHP file then be advised that the file is being accessed directly over the web, without Joomla! loading. As a result Admin Tools, which is a Joomla! extension, doesn't load. Therefore the Web Application Firewall settings have no effect on that directly accessed PHP file.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 02 December 2012 07:20 CST

Joel

Thanks for your quick answer!

I reactivated the "Administrator secret URL parameter" and it works...

Sorry for the post.

Regards,

Joel

Sunday, 02 December 2012 07:30 CST

nicholas

You're welcome, Joel!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!