Support

Admin Tools

#20009 How to Block a Query String

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Wednesday, 07 May 2014 07:34 CDT

Wednesday, 07 May 2014 04:32 CDT

mwlake
 There have been Vulnerabilities found in NoNumbers Joomla Products. My Sites do not use them but they do get hit by hackers searching for this vulnerability.

I use Incapsula on all my websites as a Firewall and Admintools on the Joomla Sites.

This is a event notification from Incapsula:
URL:/index.php (GET)
Status: Client was sent a JavaScript security check, request was suspended
Query String:?nn_qp=1&url=http%3a%2f%2fwww.nonumber.nl%2f
Remote File Inclusion (Alert raised)
Attempted on:request parameter url
Threat pattern:http://www.nonumber.nl/

Question is: Is there a way to block a Query String using Admintools? I can block IP's, Countries, etc. but how do I setup blocking Query Strings

Wednesday, 07 May 2014 07:34 CDT

tampe125
Hello Michael,

what you got is a false positive report.
Inside Admin Tools there isn't a "Block query string" feature, since it's useless to always block a request.
What you have to do is to enable the DFIShield (direct file inclusion protection), in this way Admin Tools will always analyze the content of remote the remote url: if it contains PHP code it will be blocked, otherwise it must not and will not be blocked.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!