Admin Tools

#32568 WAF blocking URL but why?

Posted in ‘Admin Tools for Joomla! 4 & 5’

This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version

n/a

PHP version

n/a

Admin Tools version

n/a

Latest post by RRO on Thursday, 27 February 2020 03:24 CST

Thursday, 27 February 2020 01:16 CST

RRO

Hi Overthere,
I use Websiteauditor, which is part of Linkassistants SEO-Powersuite. This tool crawls the pages and looks for problems regarding meta, content, structure, and many other things.

When doin' so AdminTools kicks in and blocks access with "template= in URL" status. Can I see anywhere which part of the URL was triggering the block?

Example:
https://client.com/component/mailto/?tmpl=component&template=xyz&link=599df174a5e5aa9dc8025dfc50665c97adad7e03

Additional Question: Is there a way to only temporarily whitelist my actual IP e.g. for the actual scan procedure?

Thursday, 27 February 2020 03:06 CST

nicholas

Look at the URL closer, you'll see the template= in it as the message tells you:

https://client.com/component/mailto/?tmpl=component&template=xyz&link=599df174a5e5aa9dc8025dfc50665c97adad7e03

If you are using the Mail To feature in Joomla you can enable the "Allow site templates" option per our documentation.

Additional Question: Is there a way to only temporarily whitelist my actual IP e.g. for the actual scan procedure?

Yes, of course. Web Application Firewall, Configure WAF, Exceptions, Never Block these IPs. Add the IP address where the requests will be coming from in there. Remember to remove it once you're done.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 27 February 2020 03:24 CST

RRO

Hi Nick,
#1 did the trick.

Thx a lot,
Ralf

Support