Admin Tools

#27924 CSRFShield and yootheme pro

Posted in ‘Admin Tools for Joomla! 4 & 5’

This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version

n/a

PHP version

n/a

Admin Tools version

n/a

Latest post by dlb on Monday, 12 June 2017 08:27 CDT

Sunday, 11 June 2017 10:21 CDT

user88951

Hi,
Yootheme pro builder fails to load with 403 error if WAF CSRFShield is enabled - even in basic mode. Is there an exception for yootheme pro that I can set that can allow CSRFShield to be enabled ?

Thanks

Sunday, 11 June 2017 13:28 CDT

dlb

Since it is a WAF exception, there should be an entry in the Security Exceptions Log. Please copy and paste that and it will give the information needed to create the exception. Or you can check the documentation here: https://www.akeebabackup.com/documentation/admin-tools/wafexceptions.html.

Dale L. Brackin
Support Specialist

English: native

Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Monday, 12 June 2017 02:25 CDT

user88951

Hi Dale,

There wasn't any relevant info in the log - just said CSRFShield and the site index page. I tried quickly to set up an exception using the documentation but it didn't work. However, I tried setting the CSRFShield > Advance and surprisingly it didn't create the error - I think there might be me something amiss between the two settings ?

Thanks

Monday, 12 June 2017 08:27 CDT

dlb

The technique used by the Advanced setting is more accurate and less likely to give false positives. But it is slower and can't be used for very high traffic sites. So if everything works as expected with the Advanced setting, it's fixed. If you notice the site slowing down, we need to go back to the Basic setting and take another look at the WAF Exception.