Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by nicholas on Monday, 08 April 2024 07:49 CDT
Home page is blocked. Message is '403 We detected that your latest request may have been part of suspicious activity and has been blocked....'
In back end unable to disable 'System-Admintools' plugin - message is 'An error has occurred.403 Access Denied'
I welcome your advice.
Components, Admin Tools, Web Application Firewall, Basic Settings, set "Defend against plugin deactivation" to No, Save & Close.
Please see https://www.akeeba.com/documentation/admin-tools-joomla/web-application-firewall.html#waf-configure-basic-protection under "Defend against plugin deactivation".
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Thank you Nicholas. Following your advice, I disabled the System-Admin Tools plug-in and the problem with Home page block disappeared.
After I re-enabled AdminTools the site Home page blocked again with the message '403 We detected that your latest request may have been part of suspicious activity and has been blocked. If you believe you are getting this message in error please let us know through our site's contact form.'
Looks like there is an error in my configuration of Admin Tools - perhaps relating to template? (HelixUltimate) - but have not been able to find it. I welcome your advice.
Reproduce your problem and immediately go to Components, Admin Tools for Joomla!, Web Application Firewall, Blocked Requests Log.
At the top, you should see a record showing your IP address, the Target URL, and the Reason.
First, check that the IP listed is your own. If not, do tell me that.
Then, regardless of the previous point, I will definitely need the Target URL and the Reason to help you further.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Hi Nicholas, Many thanks for your fast reply.
I've made sure there are no other web browser instances running.
In the Admin back end, when I select the website (it is set to offline and with coming soon in template)I get a 403 with the following blocked request log record(have seen same multiple times).
' 2024-04-08 18:22:53 AWST 192.168.0.1 tmpl= in URL https://variety-dynamics.org/index.php?templateStyle=15&tmpl=comingsoon'
Alternatively, when in the Admin back end I make the site online and turn off (or on) 'coming soon' in the template I get completely locked out. Then peculiarly after I use rescue URL and and check same blocked request log, I get message 'No Blocked Requests have been recorded yet.'??
Okay, I see two problems. I had guessed the first one, it's good to know there is a second one. No worries, these are easy to address!
The first problem is that your web server reports a private network IP address (192.168.0.1) as the visitor's URL. Assuming this is a public server and the test took place over the Internet, this would mean that there is an opaque reverse proxy server in front of your site. Luckily, our solution for this kind of problem is now included in Joomla! itself since Joomla! 3.9; we had contributed it a long time ago, since Joomla! 3.4, but it didn't get a control until much later. But I digress. Just go to System, Global Configuration, Server, and set Behind Load Balancer to Yes, then Save & Close.
The second problem is the tmpl=comingsoon is a non-standard value. Go to Components, Admin Tools for Joomla!, Web Application Firewall, Configure WAF, Cloaking tab and find the List of allowed tmpl= keywords option. Click on the empty space at the end of the list and type comingsoon then press ENTER on your keyboard. Finally, click on Save & Close in the toolbar.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Hi, Nicholas, wow, I knew you have contributed a lot to Joomla, but that is something I didn't know about. Actually, the reason for the local URL is he server is actually on the same internal network as the machine I'm logging in with and the URL it is showing (192.168.0.1) is the IP of the firewall/DHCP device.
Made both changes and still getting blocked out, also on
https://variety-dynamics.org/administrator/index.php?option=com_templates - message is 'Site is temporarily suspended....'
https://variety-dynamics.org/administrator/index.php?option=com_ajax&helix=ultimate&id=15 - message is '403 We detected that your latest request may have been part of suspicious activity ...'
Tried using different networks and getting blocked there with 403 suspicious activity...
Recent blocked log is
| 2024-04-08 19:42:26 AWST |
120.16.177.47 |
template= in URL | https://variety-dynamics.org/index.php?templateStyle=15&tmpl=comingsoon |
I have contributed a lot to Joomla!, much of that is under the hood stuff. That's what I really love to work with, the bits you never see directly but definitely notice if they don't work right. If you hadn't guessed already, I am a Mechanical Engineer by education ;)
So, okay, we have a third problem on the site. No problem. Go back to Components, Admin Tools for Joomla!, Web Application Firewall, Configure WAF, Cloaking tab and set Allow site templates to Yes, then click on Save & Close.
But, you may ask, what does this have to do with anything? It does have to do with the templateStyle URL parameter. Back in the olden days you could only use the template URL parameter to tell Joomla! which installed template to display the page with. However, we got template styles in Joomla! which allows us to create differently configured "instances" of each template. Therefore, we got the templateStyle URL parameter which tells Joomla! which template style to use to render a page. Unlike template which was the name of the template's folder, the templateStyle is a number which corresponds to the actual template style used. The setting Block template=foo site template switch blocks both template and templateStyle. Enabling Allow site templates unblocks the use of template and templateStyle as long as the value used is something Joomla! knows about: an installed template for the former, or an existing and enabled template style for the latter.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Hi Nicholas, I've been watching your name appearing in Joomla since the early days after the move from Mambo. I'd sort of guessed the Mechanical Engineer - me also..
Turning on 'Allow Site templates' solved the problem totally. Everything now working well.
Many thanks for your skills and knowledge!
You're welcome! I am glad I could help :)
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!