Support

Admin Tools

#9722 .htaccess and RocketThemes

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 26 December 2010 03:07 CST

Wednesday, 22 December 2010 12:47 CST

user5108
Hi --
I am trying to figure out what parameter of the htaccess generation I need to change so that the result will not interfere with the rendering of the RocketTheme template on one of my websites. I have tried various parameters, but no luck. Now, it is back to the default generated htaccess.

I have set up a test system so that I could eliminate some of the complexity of my website. (removed the flash logo, frontpage modules, ...) I have tested it with simpler templates and it work fine. So the culprit seems to be conflict with the RocketThemes Dominion template.

The test website is http://creativesnap.com and the production site is http://pisspigs.com.

Many thanks
Edited by user5108 on 2010-12-22 12:52 CST

Wednesday, 22 December 2010 16:53 CST

nicholas
The template in itself will load correctly. However, RocketTheme templates come with many optional extensions (modules, components, plugins). I guess your problem is with one of them. In that case I suggest following the troubleshooting advice in the "How to determine which exceptions are required" section of our documentation.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 22 December 2010 21:04 CST

user5108
Hi Nicolas,

Please excuse me as I did not provide enough information. I have already used your procedure for isolating errors and I eliminated two error messages, the the way I did this I am not sure is the correct way.

I use COMETCHAT, so this is a complete separate directory outside of Joomla, and I added the directory cometchat in the directory exceptions area.

I also found an error related to the use of RocketTheme's Gantry cache, so after trying other options, the only one that eliminated the error was to add the cache directory in the directory exceptions area. (But does this open up a potential security hole?)

So this leaves me with an error message that I know is related to RocketTheme's Ganty GZipper feature that compresses the templates CSS & JS, because when I disable this feature in the template, the problem goes away. I would image that any of your customers using a RocketTheme template will have this same problem, so I thought maybe you had already figured out a solution.

The error message I am getting in the Firebug console is "NetworkError: 404 NOT FOUND - http://creativesnap.com/component/option,com_com_gantry/Itemid,/"
which does not really point me in a good direction. I get this message when the cache has been purged. If the malformed css is already in cache, then I get the message, The stylesheet http://creativesnap.com/component/option,com_com_gantry/Itemid,/ was not loaded because its MIME type, "text/html", is not "text/css".

Any suggestions as to how to proceed?
Edited by user5108 on 2010-12-22 21:21 CST

Thursday, 23 December 2010 03:20 CST

nicholas
Adding the cache to the exceptions directory may be a security hole. If you had to add it to the exceptions which allow direct access to all files (including PHP) then it can be exploited to launch an attack against your site if a hacker manages to upload a malicious PHP file in Gantry's cache directory.

The other errors you are getting seem like a bug in Gantry. Do you see the com_com_gantry? That should be com_gantry. There's also an Itemid missing from the URL. Furthermore, the URL structure I am looking at reminds me of Joomla! 1.0, not 1.5. Which version of Gantry are you using? Have you tried installing the latest version of the RT template you're using? I had some severe issues with earlier (1.x) versions of the Gantry framework, but the latest Gantry release solved all of them for me. This site, in fact, is running on a RT template with minimal changes :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 23 December 2010 08:05 CST

user5108
Hi Nicholas,

Yes, I am actually running with the most current versions of all the products. I know that the problem areas has to do with the use of the GANTRY GZIPPER functionality, but this necessary for a large website running Gantry, so disabling it permanently is not an option.

With a clear cache, a routine should run to combine together css & JS into a couple of php files that it ultimately stores in component/com_Gantry/cache. I think that the .htaccess definitions are interfering with this routine running properly resulting in this file name http://creativesnap.com/component/option,com_com_gantry/Itemid,/ not being generated correctly... at least that is my best guess.

I tried just adding a lot of directories that could be used in the Gzippering to the .htaccess directory exceptions, but nothing has worked.

As for the other issue, you cannot predict what file name Gantry is going to give to the zipped php, so I it seems adding cache to the directory exceptions is the only alternative, but this does seem like a big security hole.

I opened a log at RocketTheme that goes into this problem a bit. However, my experience with RocketTheme support is not so good, especially when there is another product involved.

Thursday, 23 December 2010 08:24 CST

nicholas
On alternative (compression without concatenation) can be accomplished by adding the following section of my Master .htaccess to your site's .htaccess (or use Admin Tools Professional's .htaccess Maker feature):

########## Begin - Automatic compression of resources
# Compress text, html, javascript, css, xml, kudos to Komra.de
# May kill access to your site for old versions of Internet Explorer
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
########## End - Automatic compression of resources


If you also want to concatenate the CSS and JS files, you can use a third party extension like CssJsCompress which does a much better job than Gantry's cache. Moreover, it produces files named css-*.php and js-*.php in your cache directory. This allows us to add customized rules to allow access only to those PHP files in the cache directory. It is still a security hole, but it's better than allowing access to any PHP file.

That said, one of the features on my to-do list for the next version of Admin Tools is the inclusion of a smart CSS/JS aggregator and compressor. The idea is that instead of serving the aggregated media files as arbitrarily named PHP files they will be served by a Joomla! plugin with a URL in the format of http://www.example.com/index.php?atcss=IDENTIFIER.css. As this method doesn't require direct access to executable (PHP) files in a directory it is much safer and doesn't degrade your site's security.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 25 December 2010 12:08 CST

user5108
Hi Nicholas,

RocketTheme's response to my report of the two products not working together was somewhat unsatisfactory (but from my experience about the same as most of their support responses).

"This is a known issue and is buried in the Akeeba documentation to not use RokGzipper or the Gantry Zipper in conjunction with these utilities.

Unfortunately, there isn't a workaround for now."

So, they basically just kicked the ball back to you... Which for me means I will eliminate use of GZipper and follow the suggestions in your last post. There is another annoying bug in GZipper that I have been encountering and RocketTheme support has not been helpful there either.

---------------------

In the meantime, your development plans for Utilities sound exciting!

Best regards

Sunday, 26 December 2010 03:07 CST

nicholas
RokGZipper hasn't seen much development ever since it was introduced, about 2 years ago IIRC. As I said in my previous post, the way it works forces you to a compromise regarding the security you can apply on your site. IMHO it's best to disable it for another reason (maybe it's the bug you're referring to): if a CSS or JS file changes, RokGZipper doesn't seem to pick it up properly and causes stale media files to be served to your visitors' browsers. In fact, I "discovered" JsCssCompress when RokGZipper was misbehaving on one of my sites and was looking for an alternative.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!