Support

Admin Tools

#28265 Admin Tools conflict with JCE Editor - WAF blacklist rule

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 21 September 2017 17:17 CDT

Monday, 21 August 2017 06:48 CDT

brandnew
Hi!

There is a problem with new version of Joomla Content Editor.
Resize action triggers WAF rule and displays error "Action "resize" failed. Temp image could not be loaded."

Problem appears because WAF rule:
!#^[\p{L}\d,\s]+$#iu
while resize uses link like this:
http://www.mysite.com/tmp/wf_ie_d7ead1873bacbfeb5bb83df3c1d953d3.jpg?1503052159261

The question is, how to change this rule to allow JCE resize, without loosing protection to real attacks?

All is described here:
https://www.joomlacontenteditor.net/support/forum/92886-admin-tools-akeeba-problem-with-jce-editor

Best regards,
Artur

Monday, 21 August 2017 09:08 CDT

tampe125
Hello,

you can safely disable that rule. They are meant to protect old installation of Joomla, if your Joomla site is updated to the latest version, you are already protected, so you can disable it.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 21 August 2017 11:30 CDT

brandnew
Hello.

Thank You for fast reply.

This solution worked but only in half.
I can not use the resize function and still have the same message:

Action "resize" failed. Temp image could not be loaded. "...

Firebug shows error:
"NetworkError: 404 Not Found - http://www.mysite.com/tmp/wf_ie_d7ead1873bacbfeb5bb83df3c1d953d3.jpg?1503332904559"

Second part of this problem is probably .htaccess file generated by Admin Tools.
Replacing it by standard Joomla! .htaccess removes the problem, but I think this is not best solution.

Best regards,
Artur

Monday, 21 August 2017 11:48 CDT

brandnew
Hello!

Second part of my ticked (this about .htaccess) was resolved by Ryan from JCE support.

Solutions is:
"Please try setting the Cache Folder value in in Editor Profiles -> Editor Parameters -> Filesystem to media/jce"


Best regards,
Artur

Tuesday, 22 August 2017 01:53 CDT

tampe125
That's right, the tmp folder should be used only for server side temporary files and they shouldn't be web accessible.
I'm glad you fixed your issue.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 21 September 2017 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2017-09-21 17:17 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!