Support

Hello Eric,

if you disable SEF, can you navigate inside your site?
If I remember correctly, you have to perform some changes to your global nginx configuration:
https://docs.joomla.org/Enabling_Search_Engine_Friendly_(SEF)_URLs_on_Nginx

Did you add them?

Regarding being blocked by Admin Tools, what's the reason of the block?

Let's tackle one issue at time. Can you please take a look at the configuration.php file, is there a value inside the $live_site variable? If so, can you please try to remove it?

Yes, Davide asked you about configuration.php since this is the only file we touch on restoration. We want to check whether it's a user error during restoration (most common cause of restoration issues), a bug (rare but we explore it nevertheless) or a server issue (second most common cause of restoration issues).

All Joomla! versions (1.5 to 3.6 inclusive) can work just fine without the $live_site parameter as long as the server is correctly configured. The only case when you need it is when the server is reporting the wrong full URL / path to PHP. Joomla! uses this information to generate relative and absolute URLs for resources (CSS, JS, images, ...) and for parsing SEF routes. You need to address the issues in your NginX configuration. Unfortunately we can't help with that since we're neither your host nor systems administrators.

Now for the Admin Tools issue. You are being blocked because you are trying to access back-end URLs without the Administrator Secret Word you have configured in the Web Application Firewall and without being logged in. This redirects you to the site's root and counts as a security exception. When you trigger quite a few of them over a short period of time you get IP blocked per the Admin Tools settings you have configured on your site.

Looking at the time stamps of the security exceptions they are several seconds apart and they all come from IP addresses in the USA. This tells me that this is not a redirection issue caused by sh404SEF or your server setup. These are genuine attempts that you made. Most likely you have a very short session expiration time in your Global Configuration. Your administrator session expires, you try to click on something (mostly trying to go back to the main Joomla! Control Panel page) and you trigger a security issue since you're now trying to access the administrator backend without being logged in and without providing the secret word. The best way to "fix" that is to actually increase the session timeout in your Global Configuration.

Moreover, we recommend some adjustments in your administration habits to cater for the increased security. Please do close administrator windows when you're not going to be doing something in the backend of your site for a while. Make a habit of always accessing your site's backend using the URL with the secret word e.g. http://www.example.com/administrator/index.php?MY_SECRET_WORD instead of just going to /administrator or directly into the URL of a component (like http://www.example.com/administrator/index.php?option=com+something). This will avoid security exceptions from being raisedwhen your session expires and you try to go back to your site's administrator.