Support

Admin Tools

#40534 Component being blocked

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.4.3
PHP version
n/a
Admin Tools version
7.4.9

Latest post by nicholas on Wednesday, 15 May 2024 01:08 CDT

gmoore

I am using a component called Mailster - to create and manage group mailing lists.  That component runs a CRON job every 15 minutes to send out queued emails.

 

admin tools seems to be blocking those requests...I've added their IP address to the firewall...(photo attached).

 

I've also attached the error message sent to me by the Mailster folks....

 

any advice?

 

thanks

 

 

nicholas
Akeeba Staff
Manager

Right now, the only information we have lets as go only as far as understanding that something is blocked by the Admin Tools Web Application Firewall but we don't know which URL it is, or why it's blocked. What we need to help you is the actual URL that is being called, and what Admin Tools reports in its Blocked Requests Log as the Reason for blocking it.

Thank you in advance for helping us help you!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

gmoore

So from the folks at Mailster....

 

the cron job opens:
https://delawarecoastalflyingclub.com/administrator/index.php?__RANDOM__=rd

Whereas __RANDOM__ is a random generated number (different on each call).

 

The URL parameters are not important, we just need to open the admin login page (without logging in).

 

They suggested that the _RANDOM_ paramenter - could be set to something fixed...

 

any suggestion?

 

-g

nicholas
Akeeba Staff
Manager

Based on these crumbs of circumstantial evidence I am going to make an educated guess.

I believe that you have enabled the administrator secret URL parameter feature. You can find this in your site's administrator, Components, Admin Tools for Joomla!, Web Application Firewall, Configure WAF.

Let's say that the "Administrator secret URL parameter" is set to foobar so I can demonstrate the solution. This means that you have to access your site's administrator as https://delawarecoastalflyingclub.com/administrator/index.php?foobar  Otherwise, the request will get blocked. If the request gets blocked too many times, the IP gets blocked.

If you want to add more URL parameters, you can. I am not sure about your technical level, so ignore me if you already know what I am saying here. The URL would become https://delawarecoastalflyingclub.com/administrator/index.php?foobar&__RANDOM__=rd   That is to say, instead of a second question mark, you get an ampersand to separate the secret URL parameter with the rest of the URL parameters.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

gmoore

THANKS - that's an excellent explanstaion and I appreciate your time - 

nicholas
Akeeba Staff
Manager

You're welcome! Have a wonderful day :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

gmoore

how do i disable the secret URL parameter?  Do I have to run the set up again?

nicholas
Akeeba Staff
Manager

Site's administrator, Components, Admin Tools, Web Application Firewall, Configure WAF. There's the Secret URL Parameter right there. Remove all contents from that box, then click on Save & Close in the toolbar.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!