Support

Admin Tools

#27757 How to allow a particular User Agent

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 16 May 2017 03:22 CDT

Monday, 15 May 2017 20:47 CDT

snaffle
Hi there,

Someone in the marketing department has engaged an agency who are doing some campaign tracking and they've informed me that the their custom User Agent is being blocked by the site, which is:

"Mozilla/5.0 (Java) outbrain"

I can see the User Agent in the access logs generating a 403 error but as it's not in the list of "Blocked User Agents" I'm a little stumped as to what's blocking it.

I'm wondering if there's a way I can "whitelist" this particular User Agent. They provided me with some IP addresses that I've added to the list in WAF for "Exceptions from blocking" but that doesn't seem to have done the job and they're asking me to whitelist the User Agent.

Any suggestions on how I might do that, or if you think something else might be the problem?

Thanks

Nathan

Tuesday, 16 May 2017 01:48 CDT

nicholas
I can tell you that this is NOT coming from the Blocked User Agents feature and it's NOT coming from the Admin Tools WAF (since you've whitelisted their IPs). Which leaves us with two possibilities:

1. Your host is blocking the user agent.

2. The user agent is completely irrelevant to your issue and you're receiving a 403 because another rule is triggered. For example, they might send some content which seems malicious, accessing URLs which point to files not normally accessible over the web (e.g. protected by the Frontend or Backend protection) or they are simply trying to access URLs of content that's only available to specific user groups but, of course, they are not logged in so Joomla! reports a 403.

If the 403 happens to ALL (no exceptions!) access attempts then it's #1.

If it only happens to SOME access attempts it's #2.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 16 May 2017 02:19 CDT

snaffle
Thanks for the quick reply and the explanation. It's possible that the host is blocking it so I'll contact them to find out.

There's no user groups restrictions on the content for this website and there's nothing particularly strange about the urls generating 403's other than having some referral parameters attached to them - eg:

 /media-centre/the-sane-blog/1994-osher-the-final-jenga-block-holding-my-sanity-was-knocked-out?utm_source=Outbrain&utm_medium=LinktoOsherSane&utm_campaign=SchizophreniaWeek&utm_content=Link HTTP/1.1" 403 455 "-" "Mozilla/5.0 (Java) outbrain"


That wouldn't be causing any problems would it?

Thanks

Tuesday, 16 May 2017 03:22 CDT

nicholas
On our dev site with all WAF and .htaccess Maker options enabled the URL above does not result in a 403, even when using the User Agent you specified. FYI the command line we used to test that is:

curl -A "Mozilla/5.0 (Java) outbrain" -kL "https://dev3.local.web/media-centre/the-sane-blog/1994-osher-the-final-jenga-block-holding-my-sanity-was-knocked-out?utm_source=Outbrain&utm_medium=LinktoOsherSane&utm_campaign=SchizophreniaWeek&utm_content=Link" -vv

Therefore we can conclude that your issue lies in the host configuration, a third party extension or custom .htaccess rules you have added yourself. Since this is not an Admin Tools issue we cannot provide any more help. Sorry :(

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!