Support

Admin Tools

#23314 Admin Tools Security exception

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Wednesday, 07 October 2015 04:59 CDT

Friday, 25 September 2015 16:27 CDT

slavonec
 Hi Nicholas,

I have j2store installed with paypal plugin. All work ok until paypal send me back to the website after a successful payment.

Here is the link I'm getting:
https://dimensioncraftinc.com/component/j2store/checkout/confirmPayment.html?orderpayment_type=payment_paypal&paction=display

Would please guide me how to create WAF Exception for it.

Thank you in advance

Slavi Hristozov

Monday, 28 September 2015 02:08 CDT

tampe125
Hello Slavi,

can you please double check if inside the WAF config page you have the feature XSS shielding enabled?
If you so, can you please try to turn it off? Moreover, is there anything inside the security exception log?
Finally, could you please attach the raw log produced by Admin Tools? You can find it inside the log directory of Joomla, the one specified inside the Global Configuration page

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 04 October 2015 16:12 CDT

slavonec
Dear Davide Tampellini,

Thank you for your response. I'm attaching the log file so you can see the security messages.

Thank you in advance

Slavi

Wednesday, 07 October 2015 01:37 CDT

tampe125
Yep, as I suspected the request was blocked by the csrfshield feature.
Can you please double check that is correctly disabled inside WAF Configuration Page?

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 07 October 2015 04:08 CDT

slavonec
Dear Davide,


Tank you for your response.
In a meantime I put an WAF exception for the component. It worked. Do you think it is better to turn off csrfshield feature or to keep the exception?

Thank you in advance

Slavi

Wednesday, 07 October 2015 04:23 CDT

tampe125
You can keep the exception, but please be aware that the CSRF protection usually creates several false positives. If you have anything broken, as a first thing try to turn it off

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 07 October 2015 04:28 CDT

slavonec
Thank you Davide,

I will keep that in mind.

Have a nice day


Slavi

Wednesday, 07 October 2015 04:59 CDT

tampe125
You're welcome!

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!