Support

Admin Tools

#30807 Website Test Site Blocked

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by DaveOzric on Monday, 21 January 2019 09:47 CST

Friday, 18 January 2019 11:41 CST

DaveOzric
Hello, I am trying to use a tool to test my site, which is a website that tests for responsive views but it's getting a connection refused notice.

http://responsivedesignchecker.com/#home

I have tried to turn off a bunch of various thing in the .htaccess and firewall but I cannot figure out what is blocking this site.

Would you be able to help me?

Thank you

Friday, 18 January 2019 11:52 CST

dlb
Does the website require anything to be installed on your site?

Are you using GeoIP blocking?


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Friday, 18 January 2019 12:00 CST

DaveOzric
Hi, I tested other sites on my server that were HTML only sites and it worked. There is nothing special that I need to add to my site. It's just all my Joomla sites that are blocked. I tested with sites that have no GEO blocking.

I removed all the user agents in .htaccess but no go.

I just wondered if you had an idea on what specific part of the AT security might be blocking this.

Friday, 18 January 2019 13:05 CST

dlb
Let's start with the server error log and see if you can see what is throwing the 403. If we can find the error, we should be able to do an exception to make it work.

If that doesn't work, then we need to drop back and do some basic troubleshooting.
  1. Disable the System - Admin Tools plugin. Does the scan work now?
  2. Rename your .htaccess file, then rename htaccess.txt to .htaccess. Does it work now?
These two steps will at least tell us if the block is in the firewall or in the .htaccess.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Friday, 18 January 2019 13:51 CST

DaveOzric
Great ideas. It's the .htaccess file.

I was having trouble finding the error log entries, so I moved to the next steps.

It appears the "Protect against clickjacking" is what blocks it.

I guess I could turn this off when needed or..?

Thank you

Friday, 18 January 2019 13:56 CST

dlb
We're a little bit out of my comfort zone here. At least you can get it to work in the short run. I'll ask Nicholas and Davide what the next step should be on Monday and let you know what I find out.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Friday, 18 January 2019 14:00 CST

DaveOzric
Honestly, I know now, so I can turn it off during testing phase. I certainly don't care about it once the template is functioning correctly.

Unless there is a way to add some exceptions then I would not worry about it. If exceptions can be added for this I'll be interested in knowing as there may be other instances of iframes that may need to be allowed on other sites.

Thanks for your help.

Monday, 21 January 2019 04:55 CST

nicholas
Turning on this option will protect you against clickjacking. It does so by preventing your site's pages to be loaded in a, Frame, IFrame or Object tag unless this comes from a page inside your own site.

Clickjacking is a serious issue. A malicious actor could spoof an email coming from your site with a link that goes through their site. Their site would be loading your site through an IFRAME or FRAME and overlay elements on top of your site. You would think that you are entering your login or other privileged information on your site but, in fact, you'd be doing so on the attacker's site, allowing them to see exactly what you submit.

You should only turn off clickjacking briefly, to run the tool you want access to, but turn it back on again. Otherwise you wouldn't be protected against this kind of attack.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 21 January 2019 09:47 CST

DaveOzric
Hi, thanks for letting me know what this is exactly. I will do just that. Test and then turn back on.

Thanks

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!