Support

Admin Tools

#40932 Admin tools is blocking me with request reason adminpw

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.4.6
PHP version
8.1
Admin Tools version
Latest

Latest post by Krachtstroom on Thursday, 18 July 2024 06:58 CDT

Krachtstroom

I have this strange thing. Admintools is blocking me with request reason adminpw, even when I'm not logging in and there is no browser window open from this site.

Any idea what is going on?

Regards, Hans 

nicholas
Akeeba Staff
Manager

Yes, it's your browser.

I know it sounds stupid, and I sure as heck thought I was hallucinating when I first discovered this problem a few years ago, but I promise it's true.

You know how your browser shows thumbnails of the most recently visited sites when you open a new tab / window? Now think about when and how these thumbnails are generated. Yes, it happens in the background while your browser is open, or when you open a new browser tab / window. The browser visits that URL, and if the result is HTTP 200 OK it takes a screenshot of the page it loaded in the background, makes a cropped thumbnail out of it, and shows it to you.

So, yes, you are not visiting the site, but the browser is.

It's bonkers, isn't it?!

Luckily, there is a very simple workaround to that problem in recent versions of Admin Tools.

Go to administrator, Components, Admin Tools for Joomla!, Web Application Firewall, Configure WAF. Click on the Basic Features tab. Set the “Browser cookie override for the administrator secret URL parameter” to Enabled. Click on Save & Close. Now log out, and log back into your site. This creates a cookie in your browser which securely tells Admin Tools that this is a browser which has previously used the correct Administrator Secret URL Parameter to view the backend of the site, bypassing the check that got you blocked in the first place.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Krachtstroom

Hi Nicholas,

Thank you for that. I would have never thought of this one. But, and this is a nice one, I checked my backend and saw this setting was enabled already.
But I use Ghostery extension in my browser to block a lot of cookies, so I think this cookie was blocked in the first place. Fixed this, and I hope this is not coming back.

Cheers, Hans

nicholas
Akeeba Staff
Manager

Ah, yes, that explains why it had not worked the first place. The same thing happens in the (equally rare) condition that you've set up your browser to remove all cookies after closing it down.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Krachtstroom

Nice. Please close this ticket.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!