Support

Admin Tools

#15065 template= in URL Google & also denying access via .htaccess

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by anandmahey on Tuesday, 26 February 2013 03:09 CST

Sunday, 17 February 2013 20:58 CST

anandmahey

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? https://www.akeebabackup.com/support/admin-tools/12656-security-message-template--in-url.html
Joomla! version: 2.5
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown) Latest

Description of my issue:

Hi Nikolas, I have the template= in URL issue as well (Security Exception), which is actually occuring with google's crawlbot IP. My question is, the "send article by email" feature refers to the email icons displayed with articles? If so, I've disabled them in Article Manager. Further, I'm wondering if setting "Allow site templates" to Yes will pose some sort of security risk?

HTACCESS

There are files in the root directory such as readme.xml (Joomla) which can be directly accessed via the site url and filename. Is it advisable to restrict access to these files via .htaccess maker. If so, how do I go about doing that? would using the following work?:

<Files file.xml>
  order allow,deny
  deny from all
</Files>

 

Monday, 18 February 2013 02:23 CST

nicholas

the "send article by email" feature refers to the email icons displayed with articles?

Yes

If so, I've disabled them in Article Manager.

Google and other search engines remember the URLs for a while (anything between a week and six months) and keep on trying to crawl them until they can consistently no longer access them.

Further, I'm wondering if setting "Allow site templates" to Yes will pose some sort of security risk?

Not really. In your case it's a good tradeoff, as it will allow search engines to see your site.

There are files in the root directory such as readme.xml (Joomla) which can be directly accessed via the site url and filename

There's one line to catch them all:

RewriteRule ^(configuration\.php|CONTRIBUTING\.md|htaccess\.txt|joomla\.xml|LICENSE\.txt|phpunit\.xml|README\.txt|web\.config\.txt) - [F]

Please note that as of Admin Tools 2.5.0 this line will be included by default whenever you save and create .htaccess file in .htaccess Maker.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 18 February 2013 03:32 CST

anandmahey

Hi Nicholas,

As usual, wonderful reply. Thank you for your help. Just one more question.

For an ecommerce site with Virtuemart 2.0, would "Allow site templates" pose a higher security risk? I'm actually managing 2 sites, and one of them is an ecommerce site.

Eagerly awaiting Admin Tools 2.5.0!

Monday, 18 February 2013 03:53 CST

nicholas

You're welcome :)

Enabling the "Allow site templates" shouldn't cause any problems. What it does is allow the template=something URL parameter to change the current template, where "something" is the name of an existing template installed on your site. Provided that you've build your site correctly and have not resorted to modifying your template instead of using modules to display additional information (a bad practice I have, unfortunately, seen a lot) you will be just fine.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 25 February 2013 22:08 CST

anandmahey

Hello Nicholas,

Just a follow up. Since I've updated to 2.5.1, should i remove the lines

RewriteRule ^(configuration\.php|CONTRIBUTING\.md|htaccess\.txt|joomla\.xml|LICENSE\.txt|phpunit\.xml|README\.txt|web\.config\.txt) - [F]

Since this line is now included by default?

Tuesday, 26 February 2013 00:16 CST

nicholas

Yes, please.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 26 February 2013 03:09 CST

anandmahey

Awesome! Thank you :)

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!