I rename main, still 404 Help
http://www.tradsf.com/administrator/
http://www.tradsf.com/administrator/
#10121 Panic! Administration 404 after last upgrade... Heeeeeelp!
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by nicholas on Wednesday, 30 November 2011 14:34 CST
Monday, 28 November 2011 14:52 CST
Chacapamac
Monday, 28 November 2011 14:55 CST
Chacapamac
I got a com_admintools.updates.ini in my cache folder?
Monday, 28 November 2011 14:56 CST
Chacapamac
Both in cache admin and root?
Monday, 28 November 2011 14:58 CST
Chacapamac
Delete all cache with those 2 files β Clear cache/history/all browser.
No change this is bad....
I need that to be resolve ASAP
No change this is bad....
I need that to be resolve ASAP
Monday, 28 November 2011 15:13 CST
nicholas
Akeeba Staff
Manager
First, as the Hitchiker's Guide to the Galaxy reads, Don't Panic. You are in such a panic that you don't make sense and you are basically trying random things all over the map which are guaranteed to BREAK your site. Step one: think. Step two: act. If you do them the wrong way, ka-boom ;)
Here's what I see: when I try to visit your administrator URL, your server (NOT the Joomla back-end login page!) asks me for a username and password, a.k.a. this is the administrator password protection. If I don't enter anything or if I enter the (obviously) wrong credentials, I get a 404 page because your server doesn't have a document for the 403 Access Forbidden error message. Maybe that's what you get and it's easy to work around.
Just clear your browser cache, quit your browser, open it again and revisit your administrator area. Make sure you enter the correct credentials.
If that doesn't work, remove the .htaccess file from your administrator directory and retry the previous steps.
Here's what I see: when I try to visit your administrator URL, your server (NOT the Joomla back-end login page!) asks me for a username and password, a.k.a. this is the administrator password protection. If I don't enter anything or if I enter the (obviously) wrong credentials, I get a 404 page because your server doesn't have a document for the 403 Access Forbidden error message. Maybe that's what you get and it's easy to work around.
Just clear your browser cache, quit your browser, open it again and revisit your administrator area. Make sure you enter the correct credentials.
If that doesn't work, remove the .htaccess file from your administrator directory and retry the previous steps.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 28 November 2011 15:17 CST
Chacapamac
Ok I rename htaccess in the administrator
What now?
What now?
Monday, 28 November 2011 15:19 CST
nicholas
Akeeba Staff
Manager
Did you try logging in to your back-end again? Do you get an error? If you do get an error, would you mind sharing a screenshot and telling me all the necessary information (Joomla! version, PHP version, MySQL version) so that I can help?
Remember, I am not in front of your computer. You are my eyes. Describe what you see, otherwise I am blind as a bat and my replies are most likely vague and unhelpful ;)
Remember, I am not in front of your computer. You are my eyes. Describe what you see, otherwise I am blind as a bat and my replies are most likely vague and unhelpful ;)
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 28 November 2011 15:19 CST
Chacapamac
I can go in now...
Something whent strange when I enter a backend password
Something whent strange when I enter a backend password
Monday, 28 November 2011 15:23 CST
nicholas
Akeeba Staff
Manager
OK, now that the panic is over, I can tell you what happened. For some reason, your browser cached the wrong back-end password. At some point it started using it without asking you, causing your server to try to reply with a 403 Forbidden error message. If that happened, your browser would ask you the username/password again. However, your server couldn't find the 403 Forbidden error page and threw a 404 Not Found instead. This tripped your browser who thought that the login (actually: HTTP Basic Authentication to the administrator directory) worked, but a 404 Not Found occurred when trying to fetch the document you were asking (login page).
In those case, the simple workaround is to clear your browser's password cache, page cache and cookies for your site's domain name, quit and restart the browser, then try logging in again. This will cause your browser to ask you the administrator password protection's username and password all over again.
Or, you can remove the .htaccess file from the administrator directory.
Or you can use another browser, or another computer, or even your mobile device (cellphone, tablet, netbook, ...).
All that as long as you don't panic ;)
In those case, the simple workaround is to clear your browser's password cache, page cache and cookies for your site's domain name, quit and restart the browser, then try logging in again. This will cause your browser to ask you the administrator password protection's username and password all over again.
Or, you can remove the .htaccess file from the administrator directory.
Or you can use another browser, or another computer, or even your mobile device (cellphone, tablet, netbook, ...).
All that as long as you don't panic ;)
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 28 November 2011 15:32 CST
Chacapamac
for now I rename the htaccess in the administrator folder
If I remove the htaccess files (.htpasswd and .htaccess)
I will have probably to re-enter my username password?
That bring a question the htaccess maker is for the htaccess in the administrator or root.
Litle scare to play with that as I have a top of the line 301 redirect in my htaccess, donβt want to mess it up even if I have a backup..
If I remove the htaccess files (.htpasswd and .htaccess)
I will have probably to re-enter my username password?
That bring a question the htaccess maker is for the htaccess in the administrator or root.
Litle scare to play with that as I have a top of the line 301 redirect in my htaccess, donβt want to mess it up even if I have a backup..
Monday, 28 November 2011 15:47 CST
Chacapamac
I rename my main-disable.php to main.php
I delete (.htpasswd and .htaccess) in the administrator folder
Check and clear my ip from firewall apps
clear all caches in Joomla
Clear all caches in browser
Because I trow away the (.htpasswd and .htaccess) I go directly to joomla admin (without Firewall user/pass)
Went back to Protect Administration β reenter my user/pass and when I apply I go directly to a 404 error same than before.
But I see in bright red letter on yellow that you can delete the 2 htacces files in the admin to regain your admin but something is definitivly strange.
What should I do?
I delete (.htpasswd and .htaccess) in the administrator folder
Check and clear my ip from firewall apps
clear all caches in Joomla
Clear all caches in browser
Because I trow away the (.htpasswd and .htaccess) I go directly to joomla admin (without Firewall user/pass)
Went back to Protect Administration β reenter my user/pass and when I apply I go directly to a 404 error same than before.
But I see in bright red letter on yellow that you can delete the 2 htacces files in the admin to regain your admin but something is definitivly strange.
What should I do?
Monday, 28 November 2011 15:50 CST
nicholas
Akeeba Staff
Manager
The .htaccess Maker only deals with the .htaccess file in your site's root directory.
The feature you are looking for is called "Password-protect Administrator". First remove the .htaccess and .htpasswd from your administrator directory. Then go to your browser settings. There should be an option to clear stored password. Clear the stored passwords for your site (this is the problem). Then clear your browser's cache and cookies. Close your browser completely (if you're on a Mac use CMD-Q, on other operating system just close all browser windows). Start your browser again. Go to your site's back-end, Components, Admin Tools, Password-protect Administrator. Enter a new username/password and click on "Password-protect". Your browser should now ask you for username and password. Enter the same username/password you entered before clicking the "Password-protect" button.
Everything should now work.
The feature you are looking for is called "Password-protect Administrator". First remove the .htaccess and .htpasswd from your administrator directory. Then go to your browser settings. There should be an option to clear stored password. Clear the stored passwords for your site (this is the problem). Then clear your browser's cache and cookies. Close your browser completely (if you're on a Mac use CMD-Q, on other operating system just close all browser windows). Start your browser again. Go to your site's back-end, Components, Admin Tools, Password-protect Administrator. Enter a new username/password and click on "Password-protect". Your browser should now ask you for username and password. Enter the same username/password you entered before clicking the "Password-protect" button.
Everything should now work.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 28 November 2011 15:54 CST
Chacapamac
I download the 2 files
htaccess β> nothing in it.... empty
htpasswd β> I got myusername:someletternumber.
those letter numember are NOT my password β The username are ok
htaccess β> nothing in it.... empty
htpasswd β> I got myusername:someletternumber.
those letter numember are NOT my password β The username are ok
Monday, 28 November 2011 15:58 CST
nicholas
Akeeba Staff
Manager
The password is encrypted, hence the funny-looking characters and numbers.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 28 November 2011 16:08 CST
Chacapamac
Delete the htaccess files
Delete all password for that site
In Firefox Mac β Pref β> Security β> Saved Password
Curiously one said:
www.tradsf.com (Restricteed follow by my correct username for my backend firewal
Another one ( www.tradsf.com where the username is blank (curious)
Anyway delete all...
Reopen browser and clear all cache history on browser
Went to administration β> Direct to normal Joomla
Went to Admin β Secure Admin Access padlock
Return to 404 β Tiresome
Delete all password for that site
In Firefox Mac β Pref β> Security β> Saved Password
Curiously one said:
www.tradsf.com (Restricteed follow by my correct username for my backend firewal
Another one ( www.tradsf.com where the username is blank (curious)
Anyway delete all...
Reopen browser and clear all cache history on browser
Went to administration β> Direct to normal Joomla
Went to Admin β Secure Admin Access padlock
Return to 404 β Tiresome
Monday, 28 November 2011 16:13 CST
Chacapamac
Ok this time I got in the htaccess
AuthUserFile "/mypath/web/administrator/.htpasswd" AuthName "Restricted Area" AuthType Basic require valid-user RewriteEngine On RewriteRule \.htpasswd$ - [F,L]
Monday, 28 November 2011 16:14 CST
Chacapamac
But stil a 404 when enabling the firewall
Monday, 28 November 2011 16:15 CST
Chacapamac
the 404 adress is
http://www.mysite/administrator/index.php?option=com_admintools
Monday, 28 November 2011 16:27 CST
nicholas
Akeeba Staff
Manager
Can you please post a screenshot of the 404 error? Also, if the 404 error disappears when you remove the .htaccess file from your administrator directory, the problem can not be with Admin Tools, because the error is coming from your server. In this case, you have to contact your host and ask them why a perfectly valid .htaccess/.htpasswd combination which adds password protection to a directory causes this kind of problem. We just can not troubleshoot Apache (we don't have access to its configuration!).
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 28 November 2011 17:07 CST
Chacapamac
i686 ( Linux )
Platform Linux 2.6.32-5-686
#1 SMP Mon Jun 13 04:13:06 UTC 2011
Apache/2.2.16 (Debian)
I have complete access to that server VPS
I just will reinstall, just to be sure β Repeat everything
What you saying make sens. This is a brend new server environment...
If βitβs the case...
I will have to protect the administration manually?
Platform Linux 2.6.32-5-686
#1 SMP Mon Jun 13 04:13:06 UTC 2011
Apache/2.2.16 (Debian)
I have complete access to that server VPS
I just will reinstall, just to be sure β Repeat everything
What you saying make sens. This is a brend new server environment...
If βitβs the case...
I will have to protect the administration manually?
Monday, 28 November 2011 18:57 CST
Chacapamac
I reinstall admin exactly the same thing. The code generated seem to not work on this server.
This is an high performance server Iβm helping to mount for php sites.
I send the 2 AdminPro ht files to the server manager to look at.
I have access to a tool to protect files snd folders on that server, maybe I will have to protect administrator manually by that tool...
I try to generate some ht files with it to see the difference of codes but the ht files generated that way are completly protected (ISPConfig) I will ask the manager to send me an example
Do you see other potential problems using AdminPro in that environment?
This is an high performance server Iβm helping to mount for php sites.
I send the 2 AdminPro ht files to the server manager to look at.
I have access to a tool to protect files snd folders on that server, maybe I will have to protect administrator manually by that tool...
I try to generate some ht files with it to see the difference of codes but the ht files generated that way are completly protected (ISPConfig) I will ask the manager to send me an example
Do you see other potential problems using AdminPro in that environment?
Tuesday, 29 November 2011 01:38 CST
nicholas
Akeeba Staff
Manager
It is possible that Apache doesn't support the simple password encryption (use of the system's crypt() function) in .htpasswd files. This could be done as a means of securing the server, enforcing only higher encryption schemes for .htpasswd- or .htaccess-stored passwords. In that case, the administrator password protection feature of Admin Tools won't work. That said, I don't see any other problems with your server, on the contrary. It looks up-to-date and beefy, which is a very good thing!
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Wednesday, 30 November 2011 11:50 CST
Chacapamac
This is what the server ISPconfig control panel do...
htaccess
.htpasswd
I guess the alogaritm is different.....
htaccess
AuthType Basic AuthName "Members Only" AuthUserFile /var/www/clients/xxxxxxx/foldertoprotect/.htpasswd require valid-user /var/www/websitedomain.ca/web/otherfolders/config/.htaccess deny from all /var/www/websitedomain.ca/web/otherfolder/include/.htaccess deny from all /var/www/websitedomain.ca/web/otherfolders/.htaccess AddDefaultCharset utf-8
.htpasswd
/var/www/websitedomain.ca/web/foldertoprotect/.htpasswd bobo:$1$gxdWWyHK$5IYrCrvNbLLuGXOlftb9O0
I guess the alogaritm is different.....
Wednesday, 30 November 2011 14:34 CST
nicholas
Akeeba Staff
Manager
Yes, this looks like a different algorithm, which would explain why the Admin Tools-generated .htaccess and .htpasswd wouldn't work with your server.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!