Admin Tools

#40426 jreviews - non sef url request blocked from admintools

Posted in ‘Admin Tools for Joomla! 4 & 5’

This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version

4.4.3

PHP version

8.2

Admin Tools version

7.4.8

Latest post by tampe125 on Tuesday, 12 March 2024 04:02 CDT

Monday, 11 March 2024 11:58 CDT

n00bster

HI.
I have troubles with admintools and non sef urls of jreviews.
https://climbing.plus/widgets?wid=1

in the browser console i see that the non sef url "https://climbing.plus/index.php?option=com_jreviews&format=ajax&url=widgetfactory%2FreadmoreUrl&count=3&columns=1&task=listings%2Fmany&wid=Pvn2K" are blocked and have no idea how i can set this url with as non blocked in admin tools

i have also set this filter in waf exception list, but that does also not work: https://app.screencast.com/kZNAboiLxxk7F

what can i do to fix this, because if i disable the admintools plugin it does work as it should and show up the jreviews widgets?

Tuesday, 12 March 2024 03:22 CDT

tampe125

Hello,

can you please take a look inside the Blocked Requests Log, what's the reason for the block?

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 12 March 2024 03:56 CDT

n00bster

hi Davide!

here is a screenshot about the blocked entry from this issue:
https://app.screencast.com/8DI61tTnklRg6

Tuesday, 12 March 2024 04:02 CDT

tampe125

Ok, this explains everything. They are using for the "task" variable, the value "listings/many". This is not the correct format, since usually it's a simple word or something like "foo.bar".

The only solution is to disable the option Suspicious Core Parameter inside WAF settings.