Support

Admin Tools

#40612 Help with htaccess rule for API call

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
Joomla! 4.4.3
PHP version
8.2.15
Admin Tools version
7.5.2

Latest post by attiii on Tuesday, 23 April 2024 10:22 CDT

attiii

Hi!


We are using a joomla module that requires api access. Everything works AOK when I disable htaccess, so I know the issue is there with admintool, but I can't figure out the appropriate place to create a rule or exception.

Here is the documentation for the app/api calls.

https://docs.nobosstechnology.com/api/external-credentials/#googlecalenda

The uri url is 

/administrator/index.php?option=com_nobossajax&library=noboss.forms.fields.nobossapiconnection.nobossapiconnectionhelper&method=generateToken&api=googlecalendar&format=raw   Can you please advise on correct way to ensure proper connectivity?   Thank you in advance!

nicholas
Akeeba Staff
Manager

Components, Admin Tools for Joomla, Web Application Firewall, WAF Exceptions.

Click on New on the toolbar.

Component: select the component name which corresponds to com_nobossajax

Click on Save & Close.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

attiii

I tried that yesterday but no luck (returns a 404), hence my thought it was htaccess issue. Is there a log file or anything else that might be helpful. This is set up as a google application (per documentation sent yesterday) that is linking my google calendar to this module.  

Edit: I left the view name and query parameters blank in the exception setup.

 

nicholas
Akeeba Staff
Manager

Let's make sure that the problem is indeed caused by Admin Tools. In order to do so, try the following:

1. Try setting the Error Reporting level in your Global Configuration to "None". Many errors are caused by harmless PHP Notices and Warnings being output to the browser, breaking anything which requires HTTP header manipulation such as Joomla!'s session management, AJAX calls and download systems.

2. Try to replicate the issue after disabling the "System - Admin Tools" plugin. Note that to do that you first have to go to Components, Admin Tools, Web Application Firewall, Configure WAF and set "Defend against plugin deactivation" to No. If you can still replicate the issue, it is not caused by Admin Tools. Disabling that plugin means that Admin Tools code (including the Web Application Firewall) is not running on your site.

3. If you suspect an issue with the .htaccess file, replace its contents with the contents of the stock htaccess.txt file shipped with every version of Joomla!.

If doing any of the above resulted in the issue still occurring, it's not related with Admin Tools and we can't help you. If doing any of the above did stop the issue from occurring, we'll have to do some troubleshooting.

First go to Admin Tools, Web Application Firewall, Configure WAF. Make sure "Log security exceptions" is set to Yes; if it's not, set it to Yes and click on Save. Now try reproducing your issue. Immediately after that, please go to Admin Tools, Web Application Firewall, Security Exceptions Log. The latest log entry at the top should have the date and time of when the issue occurred. Please copy the Reason and Target URL here so that we can further help you.

If, however, you do not see a log entry, or the Date and/or IP address do not match your last access, this problem is not caused by Admin Tools' WAF. In this case, you will have to do some .htaccess troubleshooting. You may need to read the general .htaccess troubleshooting page, as well as the page on finding out necessary .htaccess exceptions.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

attiii

It appears to be an issue with #3 httaccess. Restoring the original htaccess removed the 404, and allows the api call to redirect to the module.

/administrator/index.php?option=com_nobossajax&library=noboss.forms.fields.nobossapiconnection.nobossapiconnectionhelper&method=generateToken&api=googlecalendar&format=raw&code={changing token code}&scope=https://www.googleapis.com/auth/calendar.readonly

The site URL above is what is 404... normal behaviour has this tab close automatically and log a connection in the module modal for connecting the calendar API. Is there a way to wildcard this url as the token changes each time?

nicholas
Akeeba Staff
Manager

Ah, it's a Google API with scopes! Had you told me that I would have told you already what to do.

The problem is Google using full URLs as API scopes, e.g. https://www.googleapis.com/auth/calendar.readonly.

Go to the .htaccess Maker.

Set "Protect against common file injection attacks" to No.

Click on Save & Create .htaccess in the toolbar.

I believe you will find that it's working now.

At least that's the problem I had with Google integration (Login with Google) on my sites, and how I fixed it :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

attiii

Success! Much appreciated!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!