Support

Admin Tools

#9777 403 Error in Safari after updating to Admin Tools Pro 2.0

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 14 March 2011 16:50 CDT

timbreese
Help! I updated manually by installing through the Joomla installer Admin Tools Pro 2.0

As soon as I installed it the front-end of the site showed a 403 error. The front end works in Firefox but not Safari. The test site URL is http://173.236.25.210/~fusworg/index.php

Please advise.

vickiwatson
Interesting. I just updated also. I got 403 errors in Firefox but not Safari.

Rebooted my computer and restarted FF. After that I didn't get the 403 error on the front end, but still get a 403 error when I log out of the back end.

nicholas
Akeeba Staff
Manager
@timbreese Please log in to your back-end, go to Components, Admin Tools, Web Application Firewall, Configure WAF and make sure "Log security exceptions" is set to Yes. Then try accessing the front-end. Once you get the 403, please go again to your site's back-end, Components, Admin Tools, Web Application Firewall, Security Exceptions Log and check the topmost item. What does it read on the "Reason" field? This will allow me to track down and possibly replicate the issue which is the first step to resolving it.

@vickiwatson So, rebooting fixed this? Interesting. The 403 on logout is now a known issue (it's reported by another user as well). I am currently hunting it down :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

timbreese
This morning the front-end was working from my home. I checked to make sure that "Log Security Exceptions" was yes but there were no Security Exceptions in the log.

Also- the Joomla backend keeps making me log back in even though I have my session set for 60 minutes in the Joomla Globals. Is AdminTools doing that?

Thanks for your help!

Tim

nicholas
Akeeba Staff
Manager
Please try clearing your browser's cache and cookies before trying to access your site. This should solve the 403. Then, go to your site's back-end and use the Purge Session button in Admin Tools to expire all active user sessions to make sure that your site's users are not affected by this as well.

Regarding the double back-end log-in, most likely you try to access your site as mysite.com/administrator instead of www.mysite.com/administrator.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

timbreese
I purged sessions. I will check this at work later to see how Safari is behaving there. Unfortunately I can't change the site to a www. because it is the testing site.

I also found it odd that when I manually updated AdminTools some of the settings in .htaccess maker had been re-set to the defaults. I am not sure why I cannot auto-update through AdminTools. I have tried this on my other sites as well and it didn't work, even after I turned on the ftp.

nicholas
Akeeba Staff
Manager
In that case:
1. Remove your .htaccess file
2. Go to your site's back-end, Admin Tools, .htaccess Maker
3. Expand the "System Configuration" tab
4. Set the "Host name for HTTP requests (without http://)" and "Host name for HTTPS requests (without https://)" parameters to reflect the test site's domain name
5. Set the "Redirect www and non-www adresses" to "Do not redirect" in the "Optimisation and Utility" pane.
6. Click on save and apply .htaccess

This should solve the login issues.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

timbreese
After making the changes that you suggested in the .htaccess maker I am now getting a 403 error in Safari. The home page is appearing in Firefox. I will replace the .htaccess file with one that I saved for now.

nicholas
Akeeba Staff
Manager
Did you try clearing the cookie cache in Safari? Also, what does the Security Exceptions Log say about the reason you got the 403?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

vickiwatson
Fixed it for me. I only updated one site, will wait on the others. :)

I initially tried clearing the cache in FF, but it didn't make a difference, rebooting did for some reason.

---------------
@vickiwatson So, rebooting fixed this? Interesting. The 403 on logout is now a known issue (it's reported by another user as well). I am currently hunting it down :)

user14074
I don't know where you are on this, or this will be helpful, but I, too, had this issue, after updating to AdminToolsPro 2.0 The front-end of the site became 403 in Firefox (what I use for the Admin) while remaining fine in Chrome and IE. In the Security Exceptions Log it lists the reason as XSSShield. In the end I ran CCleaner and it took care of it.

I hope that helps. Thanks for the great product.

user14074
Yeah, it keeps happening as fast as I can clear my cache. It seems to be doing anything in the backend sets it off. Hmmm.

I'll keep an ear to the ground.

timbreese
I did not have anything logged into the securities exception log.

The browser that I use to access the backend is Safari and after removing cookies the front end no longer had a 403 error but it returned after working on AdminTools again.

Does it have anything to do with the new htaccess.admintools file?

Yes- if I make any changes to the admin area of the site I get the 403 error on the same browser!

I decided to uninstall 2.0 and the .htaccess and .htaccess.admintools files and re-install 1.2. I want to wait until these issues are sorted out before upgrading.

By the way, I changed the session handler to database in the Global Config and now I'm not being logged out all the time.

nicholas
Akeeba Staff
Manager
I have had other reports about it and in all cases it was a 403 due to XSSShield and happening only with the browser used to administer the site before upgrading Admin Tools due to stale cookie information stored in the browser. I have found this workaround:

1. Use Admin Tools "Purge Sessions" button to purge your site's sessions
2. Install the latest developer's release
3. Log out from your site's back-end
4. Clear your browser's cookies and cache. If you don't want to wipe out all cookies, make sure that you remove the cookies for your site's domain name
5. Shut down your browser and restart it. Then, try accessing your site.

Does this solution work for you?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

timbreese
The same thing is happening. I did get messages in the Security Exceptions Log:

2011-03-11 02:13:02 207.237.181.16
  Add to Black List XSSShield http://timothybreese.com/
2011-03-11 02:12:47 209.20.69.196
  Add to Black List Bad Behaviour http://timothybreese.com/

I re-installed AdminTools 1.2 without removing the .htaccess file and the problem went away nonetheless.

Even after updating my ftp info I still can't use the auto updater though. The older way of updating worked for me :(

vickiwatson
403 error came back in FF and IE on the front end. I uninstalled Admin Tools and the site came back up first try on both browsers.

Love the component, but don't have the time right now to sort through this. :(

nicholas
Akeeba Staff
Manager
Vicki, you can try the latest developer's release I linked to in the previous post. If that still doesn't work for you, you can simply disable to XSSShield feature from Components, Admin Tools, Web Application Firewall, Configure WAF. There's no need to uninstall the component when you can simply turn off the setting which is causing the issue :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

nicholas
Akeeba Staff
Manager
Tim, if you can give me access to an affected site I might be able to track the problem down or at least allow me to install logging code which will help me keep a detailed log of the filtering that takes place so once this happens again, I can find out why it is happening and resolve this issue.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

vickiwatson
Okay, didn't realize it was that simple. :)

nicholas
Akeeba Staff
Manager
No problem :) If you want to help me identify and properly fix this issue, you can do something very easy:
1. Install the latest Developer's release
2. Go to WAF Configuration and make sure "Log security exceptions" and "Cross Site Scripting block (XSSShield)" are both enabled.
3. Get a 403 error in your site's front-end.
4. Go back to your site's administrator part and disable the XSSShield option.
5. Using FTP, go into your site's logs directory. There is a file named admintools_breaches.log. Put it in a ZIP file and attach it here.

This will allow me to figure out why the XSSShield protection misfires and throws the 403 error. This, in turn, will allow me to properly fix this issue.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

k0n5uLatI
OMG, I thought I was going crazy and created a new instance of a site (all testing). I will watch it but will still hold my breath...

Thanks!

Eric

nicholas
Akeeba Staff
Manager
Please upgrade to the just released 2.0.1 which addresses this issue.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

timbreese
This seems to be working fine now. Although even though the upgrade is to 2.0.1 the admin panel says up to date at 1.5.22.

Out of interest- what was the problem?

Thanks for the fix!!

nicholas
Akeeba Staff
Manager
Look closely. That's the Joomla! version being reported ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

timbreese
So it is! Sorry!

nicholas
Akeeba Staff
Manager
No problem :) At least your question means that you did see the version numbers being reported. You wouldn't believe how many people have asked me why these version numbers are not reported anywhere :D

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!