Support

Admin Tools

#9783 continuing admin access after setting firewall

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Saturday, 19 March 2011 15:25 CDT

Friday, 11 March 2011 12:51 CST

user30134
Hello
I have been trying to finalize the setup of a site and have hit a wall with the firewall.
Following the setup tutorial I set a password for the admin side and a "?secret" word for the admin page access. This failed to work and I had to rename/disable the main.php plugin.

I have followed setting up ftp on the joomla site and an .htaccess file etc is now being generated on the admin side (it wasn't before) - however when I reset the main.php plugin name I cannot access the admin side with either the normal url or with the "?word" access. I just get the front page of the site.

Any suggestions as to where I could look next?
Thanks
John

Friday, 11 March 2011 13:03 CST

nicholas
After renaming the main.php file, go to Web Application Firewall, Configure WAF and reset the the secret word to an empty string (i.e. delete the contents of the field). Save the WAF configuration. Then rename the file back to main.php and you should be able to access your site's back-end normally.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 11 March 2011 13:48 CST

user30134
Thanks Nicholas, that worked.

However is this an all or nothing solution (I can't use the ?word) option.
I don't mind if I can't force this option, just need to know if there are possible settings that are stopping the use.

Regards
John

Friday, 11 March 2011 15:32 CST

nicholas
You can, but make sure that the secret work consist of only lowercase letters and numbers. Any other character is not guaranteed to work (it depends on many factors, including how the browser translates the URLs before sending them to the server and how the server parses them before sending them to PHP).

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 11 March 2011 17:26 CST

user30134
Hello Nicholas,
The word that I was using was test no spaces etc and that failed.
Is there any other options that I can check?

regards
John

Saturday, 12 March 2011 05:02 CST

nicholas
I have never run across this issue. Make sure that the "System - Admin Tools" plugin is set up to be the first system plugin to load (if unsure set its order to -30000). If you are using another plugin with a similar feature, like jSecure or RSFirewall, please disable that feature on the other plugin.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 12 March 2011 14:55 CST

user30134
Hello Nicholas
Unfortunately, that didn't resolve the issue either.

I have disabled the ?word portion for the time being.

Thanks
John

Saturday, 12 March 2011 15:30 CST

nicholas
Wow, that's the first time this feature doesn't work! And that's a fairly trivial feature, too. Can I ask you to please help me tracking it down? Please go to your site's back-end, Help, System Info and copy the data from the System Info tab's table here. Also tell me if you use a third party SEF extension and, if so, which one and which version. Thank you!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 12 March 2011 15:50 CST

user30134
Hello Nicholas

Sorry for being a pain...:-) for such a small feature.

Here is the system info

PHP Built on: Linux domain.server.com 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010 x86_64
Database Version: 5.1.55
Database Collation: utf8_general_ci
PHP Version: 5.3.4
Web Server: Apache
Web Server to PHP interface: cgi-fcgi
Joomla! Version: Joomla! 1.5.22 Stable [ senu takaa ama woi ] 04-November-2010 18:00 GMT
User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15


There is no other SEF plugin with this particular joomla site (sef is switched off) and the only other difference would be this one has JUGA installed, but that has not interfered with any other AT pro functionality.
Regards
John

Sunday, 13 March 2011 04:40 CDT

nicholas
That's very strange. I tried with the same configuration without a problem. Given that you have no third part plugins installed on the site, I am at a loss. There's nothing I could think of that would cause this issue. Admin Tools simply asks Joomla! to see if the secret word is passed as a URL parameter. I have some ideas, though: make sure you access your site's administrator as http://www.yoursite.com/administrator/index.php?secretword

Note the index.php part in the URL. Depending on your host configuration, accessing it as http://www.yoursite.com/administrator?secretword or http://www.yoursite.com/administrator/?secretword may issue a 302 HTTP response to redirect your request to index.php which causes the query part (the ?secretword thingie) to be dropped. In this case, Admin Tools doesn't see the secret word and believes you are a hacker. I have only seen that on one misbehaving host, but it's never a bad idea trying it out.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 19 March 2011 13:35 CDT

user30134
Hello Nicholas,
I tried your suggestion without success unfortunatley.

I will manage without the use of the ?word option.
Thanks for the suggestions & help.
John

Saturday, 19 March 2011 15:25 CDT

nicholas
I'm sorry, that's not something I can replicate on another host :( Maybe it's something host-specific.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!