Support

Let's make sure that the problem is indeed caused by Admin Tools. In order to do so, try the following:

1. Try setting the Error Reporting level in your Global Configuration to "None". Many errors are caused by harmless PHP Notices and Warnings being output to the browser, breaking anything which requires HTTP header manipulation such as Joomla!'s session management, AJAX calls and download systems.

2. Try to replicate the issue after disabling the "System - Admin Tools" plugin. If you can still replicate the issue, it is not caused by Admin Tools. Disabling that plugin means that Admin Tools code (including the Web Application Firewall) is not running on your site.

3. If you suspect an issue with the .htaccess file, replace its contents with the contents of the stock htaccess.txt file shipped with every version of Joomla!. If you are on GoDaddy please wait for 1-30 minutes for the changes to be effective. Then, retry loading the problem page. If you can still reproduce the error, then it is not caused by .htaccess Maker.

If doing any of the above resulted in the issue still occurring, it's not related with Admin Tools and I can't help you. If doing any of the above did stop the issue from occurring, we'll have to do some troubleshooting.

First go to Admin Tools, Web Application Firewall, Configure WAF. Make sure "Log security exceptions" is set to Yes; if it's not, set it to Yes and click on Save. Now try reproducing your issue. Immediately after that, please go to Admin Tools, Web Application Firewall, Security Exceptions Log and go to the last page. The last log entry should have the date and time of when the issue occurred. Please copy the Reason and Target URL here so that I can help you.

If, however, you do not see a log entry, or the Date and/or IP address do not match your last access, this problem is not caused by Admin Tools' WAF. In this case, you will have to do some .htaccess troubleshooting. You may need to read the general .htaccess troubleshooting page, as well as the page on finding out necessary .htaccess exceptions.

#2 does not make any sense. When you disable the plugin or rename its files it doesn't run. I believe that you made a mistake and disabled the wrong plugin.

#3 also doesn't make sense with respect to #2. Uninstalling the component doesn't restore your .htaccess file.

I have an idea. Maybe that arbitrary PHP file (plugins/content/easyfolderlistingpro/eflp_files/download.php) somehow ends up loading all system plugins, no matter if they are disabled. I have seen something like that once and that would explain the crazy results in #2.

OK, here's what I would suggest you to do:

• Only if you are using the .htaccess Maker, add plugins/content/easyfolderlistingpro/eflp_files/download.php to "Allow direct access to these files" in the .htaccess Maker and click on "Save and create .htaccess". You may also have to disable "Protect against common file injection attacks" on the same page.
• If that didn't solve the problem, try renaming plugins/system/admintools/admintools.php to admintools.php-bak. If that works then the arbitrary PHP file is doing something wonky as I suspected and the only fix is to turn off the RFIShield (Remote File Injection protection) in Admin Tools' Configure WAF page.

You definitely have to. Looking at the URL I have all this information about your folder layout that I shouldn't even be able to have access to.