Support

Admin Tools

#35375 WAF Blocking Get / Returning 403 for Docker Script

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 15 July 2021 20:17 CDT

attiii

Hi, 

I am running a docker file that calls on an image on our website. It is publicly available, and I can access it via a webrowser, but I believe our WAF is blocking the command. What is the best way to resolve this?

tampe125
Akeeba Staff

Hello,

are you blocking specific User Agents within the Htaccess Maker? How are you calling such URL? Using Wget or cURL? In that case you should pass a specific user agent, since the default ones are blocked by the Htaccess Maker.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

attiii

Is there an implicit danger to removing wGet from the list of user agents. Can this protocol be used to access secure content on the site that otherwise would be unavailable (e.g. configuruation.php)? Is it possible to open a singular folder to wGet for files intended to be shared?

tampe125
Akeeba Staff

It's not possible to allow only a single directory to wget. Allowing the wget user agent won't make your site less secure; it's just a simple rule to annoy and block script-kiddies and most inexperienced attackers from connecting to your site.

For what is worth, you can always change the user agent reported by the wget program, it's just a command line option.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!