Support

Admin Tools

#38058 Getting 400 Bad Request and locked out joomla 4.

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 22 November 2022 02:31 CST

rookbear

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

rookbear

Just upgraded to Pro and have locked me out. I believe I misconfigured something when I was add domains/IP to fields. Now I am locked out, but it seems the video on unlocking might be from J3 and can't find the files needed to unlock. administratot/system/admintools/admintools/main.php is not there.

I tried the first method to reset AKtools but again, the URL take me to Akeeba's page login. I tried to look for other videos, but nothing.  Your assistance would be helpful. Photo is of  the file structure in J4.

Chuck

nicholas
Akeeba Staff
Manager

If you only have the HTTP 400 error when accessing administrator, but not the fronted, and you have used the Administrator Password Protection feature please delete the files administrator/.htaccess and administrator/.htpasswd. Remember these are hidden files, you will need to tell your (S)FTP client or your hosting control panel to show hidden files to see them and delete them.

Otherwise, follow the instructions in https://www.akeeba.com/documentation/admin-tools-joomla/atwafissues.html to regain access (these are the J4 instructions; the video is indeed from J3), then fix the Allowed Domains and/or Exclusive Allow IP Lists feature you suspect you got wrong.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

rookbear

Thank you Nicholas!

I did the URL for email recovery, and I get a dialog box for login. Should I put Ad Tools secret PW, or regular login credentials? I do not see "Check your email for Rescue URL information" printed on your screen. The Login dialog box holds my ad tools secret password and user. It won't let me in. Get "Unauthorized" on the page. I did delete .htaccess in root and renamed htpasswd in Admin folder.

I am not sure how to proceed at this point.

Thanks again

 

nicholas
Akeeba Staff
Manager

OK, deep breath, we need to combine the first action I described in my previous reply and the second recommendation of the troubleshooting page I linked you to.

First, use FTP, SFTP, or your hosting control panel's file manager to go into the administrator folder (important!) and delete the .htaccess and .htpasswd files you see there. This removes the “Unauthorised” page and the login box. In fact, this is the Administrator Password Protection feature which I had already guessed you have enabled on accident, without noting down the username and password you used in it.

Now go back to your site's root and navigate into plugins/system/admintools/services. You will see a file named provider.php. Rename it to provider-disable.php. This will turn disable the Web Application Firewall from executing and you can access your site's back-end again.

Now you can log into your site's backend.

Go to Components, Admin Tools for Joomla!, Web Application Firewall, Configure WAF and adjust the settings you said you worked with last.

About the Allowed Domains feature. You have not told me what's your site's URL, otherwise I'd have told you exactly what to do here — and the reason we are asking for this information in the ticket. If your site is example.com or www.example.com you need to enter example.com in the Allowed Domains. If your site is something like whatever.example.com you need to enter whatever.example.com in the Allowed Domains. If your site can be accessed from multiple domains you need to enter all domains there following the examples I mentioned before (bare domain or www -> you enter the bare domain; subdomain other than www, you enter the full domain with subdomain).

Once you are ready to test if your changes made a difference go to Components, Admin Tools for Joomla!. There's a message about the plugin being disabled with an action button to re-enable it. Admin Tools detects that the provider.php file was renamed to provider-disable.php (and only that name, that's why I told you to use that name); the action button renamed that file back to provider.php, re-enabling Admin Tools' system plugin.

If this didn't work, it's basically rinse and repeat. Rename the file again and reconfigure WAF.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!