Support

Admin Tools

#18088 Testing the WAF customisable HTML template?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by dkdb on Wednesday, 13 November 2013 12:41 CST

Wednesday, 13 November 2013 01:15 CST

dkdb
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 2.5.14
PHP version: 5,3,23
MySQL version: 5.1.70-cll
Host: Blanye
Admin Tools version: 2.5.8

Description of my issue:
I've created my template, and I've tried showing the HTML code directly, and there it looks ok, but how do I test it with a genuine test?
Can I just (temporarily) block myself via IP, and make it show (tried it, but unsuccessfull, could be my mistake)?

Best regards Kenneth

Wednesday, 13 November 2013 01:27 CST

nicholas
You can't test it by accessing it directly. That would be a security issue as it would allow the attacker to figure out if your site is using Admin Tools. Instead, do the following:
- Disable the automatic IP blocking
- Trigger Admin Tools' WAF from the front-end. SQL injection attacks are easy, just type a "123; D€L€T€ FR0M jos_someting" in the search bar of your site, without the quotes and substituting € with E and 0 with O. As you understand, I had to mangle the string to avoid my reply being considered an SQL injection candidate by Admin Tools on our own site :D If you want to be more vile, use a "123; DR0P TABL€ jos_something" command instead, but this might also trigger your server protection instead of Admin Tools.
- After your tests are done you MUST remember to clear all Security Exceptions Log entries of your IP address.
- Finally, enable the automatic IP blocking again.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 13 November 2013 06:22 CST

dkdb
Hmm, I don't see the error being displayed, I just get a result 'xxx not found' If I repeat the attack I get a red screen that says 'you've been blocked' (not my own designed page), but if I clear the page, I can still access the page.

Best regards Kenneth

Wednesday, 13 November 2013 06:33 CST

dkdb
I just trid moving the override file to the original files place, and then it's displayed correctedly, so it's somehow the overide path is not correct?
It's placed in /templates/active_template/html/com_admintools/blocks/default.php
Oh, and it doesn't handle UTF-8 letters?

Best regards Kenneth

Wednesday, 13 November 2013 06:51 CST

dkdb
I've added the line
<meta http-equiv="content-type" content="text/html; charset=utf-8">
to HEAD, and then it handles UTF-8 as it should.

Best regards Kenneth

Wednesday, 13 November 2013 08:52 CST

nicholas
I guess this means that you have no issue you want me to help you with?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 13 November 2013 09:38 CST

dkdb
Hi Nicholas
Yes, one bit, the override path seems to not work, if I replace the default.php in the 'original' location it works, but if I place it in .../html/... etc. it doesn't take effect?

Best regards Kenneth

Wednesday, 13 November 2013 10:14 CST

nicholas
I'm not sure you placed it in the correct directory. It needs to be in templates/yourtemplate/html/com_admintools/blocks/default.php where yourtemplate is the template you are using on your site. I'm pretty sure you made the classic –and understandable– mistake of placing it in templates/yourtemplate/html/com_admintools/views/blocks/default.php (note the extra "views" subdirectory).

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 13 November 2013 12:41 CST

dkdb
Hi Nicholas
Yes, I tried both of the paths, both with and without views in the path, just to be sure :-)
Currently the path is /templates/joomspirit_82/html/com_admintools/blocks or...
Hey, I just discovered that I somehow had hit a space in the 'blocks' so the path was ' blocks' instead, darned that was impossible to see until I pasted the path here :-o
And now it works perfectly!

Best regards Kenneth

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!