Support

Admin Tools

#39210 WAF not protected by master password

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.3.2
PHP version
8.0.29
Admin Tools version
7.3.3

Latest post by nicholas on Monday, 17 July 2023 08:42 CDT

Friday, 14 July 2023 13:42 CDT

meldedchaoz

Since moving to Joomla 4.x, the "Main Password" is no longer required to make changes to the AdminTools WAF.  I can go in and reduce the hardening options or change any settings in the WAF without having to enter the "Main Password".  Is there something that I'm missing?

Monday, 17 July 2023 02:54 CDT

nicholas

You're right, there's a failed check. It only blocks the WAF control panel page, not the Configure WAF page. I will fix that for the next release.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 17 July 2023 03:00 CDT

nicholas

Actually, it works fine. I just realised that both of us did the same mistake.

In the Main Password page there are two separate toggles:

  • Web Application Firewall: this blocks access to the Web Application Firewall control panel page.
  • Configure WAF: this blocks access to the Configure WAF page.

I assume that, like me, you enabled the former and did not enable the latter. When you enable the latter then yes, the Configure WAF page is also blocked by the Main Password.

Please remember that the Main Password check is stored in your session. You need to completely log out for it to clear and block you again. If you are using Linked Sessions in your site's Global Configuration remember that you may be still logged into the frontend because of the Remember Me feature. Log out from the backend, load a page in the frontend and if you're still logged in, log out from there too.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 17 July 2023 07:56 CDT

meldedchaoz

Perfect.  Thank you, your products are amazing!!

Monday, 17 July 2023 08:42 CDT

nicholas

You're welcome and thank you very much for the kind words :)

Have an awesome day!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!