Support

Admin Tools

#16381 Joomla 2.5 htaccess and google map

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by clamat on Tuesday, 18 June 2013 11:16 CDT

Wednesday, 12 June 2013 11:33 CDT

clamat
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (2.5.11)
PHP version: (unknown)
MySQL version: (php 5.4)
Host: (1und1)
Admin Tools version: (2.5.5)

Description of my issue:
When I create the htaccess with Admin Tools I get "restricted acces" in the frontend, when I call a site with a google map.(www.baugenossenschaft-og.de; Menue: "Anfahrt". (com_gmap 3.2). When I click "Quit" in the Log-in Form, the site works normal and the map appears. Can I make a manuell change in the htaccess?
Best regards

Matthias Lipps

Wednesday, 12 June 2013 11:45 CDT

nicholas
You will have to do some .htaccess troubleshooting. You may need to read the general .htaccess troubleshooting page, as well as the page on finding out necessary .htaccess exceptions.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 12 June 2013 14:15 CDT

clamat
I read this documents and the problem will be caused by

/administrator/components/com_gmap/assets/images/google_maps_logo.jpg.

Then I add the exceptions as followed: (and try some other things)

##### Advanced server protection rules exceptions -- BEGIN
RewriteRule ^administrator\/components\/com_akeeba\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_admintools\/restore\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !(\.php)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^administrator\/components\/com_gmap\/assets/.png$ - [L]
RewriteCond %{REQUEST_FILENAME} !(\.png)$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^templates\/jsn_epic_pro/ - [L]
##### Advanced server protection rules exceptions -- END




I am a normal user and not a programmer, therefore I can not continue with Your help documents. I buy the Admin tools, because I think, I get help here.

Best regards

Matthias

Thursday, 13 June 2013 02:12 CDT

nicholas
What really happens is that a front-end component is asking you for a username or password after you enabled Admin Tools' administrator password protection. This is not a bug in Admin Tools, but a problem with one of the extensions (components, modules or plugins) you are using, namely the com_gmap component.

More specifically, Joomla! extensions are not supposed to load anything from the administrator area of your site in the front-end. However, some badly written extensions try to access static media files (CSS, Javascript, images) from directories inside the administrator directory. Since all of the contents of your administrator directory are protected with a username/password, your browser will prompt you for one as soon as it is instructed to download a file from that protected directory or any of its subdirectories.

There are two workarounds:

1. Disable the administrator password protection. This degrades your site's security but is the easiest and most immediate change.

2. Consult the developer of the offending extension and explain to him that loading files from the administrator area of the component in the front-end of the site is insecure and he has to resolve this issue. Hopefully, developers will realize that this practice is unsafe and fix their software.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 13 June 2013 04:54 CDT

clamat
I found the last answer in other topics and I'm not very satisfied about it.

What I don't understand is, that I the exception doesn't work.
The only file, the component takes from the administrator directory is

/administrator/components/com_gmap/assets/images/google_maps_logo

and I add this under "exceptions". Why does this exception not work?

Best regards
Matthias

Thursday, 13 June 2013 05:06 CDT

nicholas
> I found the last answer in other topics and I'm not very satisfied about it.

What do you mean? This is how your web server and the third party software work. The developer of the third party software does something extremely insecure: he references a file from the administrator part of the site in the front-end. The back- and front-end parts of the site are supposed to be completely separate from each other. I don't understand how we can be liable for a third party developer who doesn't get the most basic notions of web site security.

Please DO ask the other developer to remove that reference. Please DO tell him that since 2007 Joomla! has a media directory where he's supposed to add the media files (images, Javascript, CSS); the files in there can be referenced from both the back- and front-end of the site without risking the security of the site. All in all, I don't understand why you are not satisfied with our software which is developed with the most modern standards in coding and security practices but are satisfied with the third party component which ignores the most basic security provisions made by Joomla! six years ago.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 18 June 2013 11:16 CDT

clamat
Thank You for your help. I remove the component and take another tool. Now it's working. The developper told me, that he know the problem and he will solve it with the next update.
So you can close this ticket.

Best regards
Matthias

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!