Support

Admin Tools

#24587 403 - This request is blocked by Admin Tools.

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Saturday, 02 April 2016 17:20 CDT

Wednesday, 02 March 2016 21:09 CST

EmediaAssoc
 I'm using RSforms, and when I submit a form, I'm getting the following error message, when I would be expecting a simple 'Thank you for filling out this form' message:

403 - This request is blocked by Admin Tools. Please change this message in the component's options.

In the Security Exception Log, it's showing my IP address, and a CSRF Shield error message.

Looking at this article: #10058 – Admin tools may be throwing an error page for other component, I think I'm really close to resolving/understanding the issue, but I'm not quite sure what or how to configure the resolution.

I looked at several other sources as indicated, but the answer wasn't there. Or it was there, and I didn't understand it.

BTW, when I comment out the .htaccess file, the form works just fine.

Thanks,

Gene Crawford

Thursday, 03 March 2016 01:31 CST

nicholas
You should disable the CSRF protection feature of Admin Tools. Frankly, this is a feature that made sense in the Joomla! 1.5 to 1.7 era because third party developers wouldn't implement CSRF protection (tokens) in their own software. The last few years we haven't seen this kind of software in the wild, making this option in Admin Tools irrelevant. Unfortunately we get a lot of pushback from our users when we try to remove a useless feature from Admin Tools, leading us to leave a small number of obsolete features far longer in the product than we should – we quietly remove them after a while. The CSRF protection is one of the two remaining obsolete features.

Please go to Admin Tools, Web Application Firewall, Configure WAF, Active Request Filtering and set "CSRF/Anti-spam form protection (CSRFShield)" to No.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 03 March 2016 08:06 CST

EmediaAssoc
Hey Nicholas,

That did the trick. Thanks for the explanation.

Gene C

Thursday, 03 March 2016 09:18 CST

nicholas
You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 02 April 2016 17:20 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!