Support

Admin Tools

#22363 security exception on backend-login-site

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 27 March 2015 09:24 CDT

Friday, 27 March 2015 08:08 CDT

victorwooten
 dear support team,

when my admin-backend-login-site is opened in a browser tab, it creates itself security exceptions (admin query string) until my IP will be blocked.
i am using admin tools with security URL parameter.

everytime i am logging out of my site, i will be redirected to the admin-login-site (correct URL: domain.com/administrator/index.php?secretparameter) and when i forget to close the browser-window i will be blocked because of the the exceptions.

the error-message in the admintools-backend ("einstellungen zu sicherheitsregeln") is:
admin query string - domain.com/administrator/index.php
(without secret URL param)

is there a solution for that?

thanks

Friday, 27 March 2015 09:15 CDT

nicholas
There is a keep-alice Javascript sending "pings" to your /administrator/index.php URL from the open tab. Apparently your session expires before the first ping is sent which counts as a security exception. After a while you get blocked.

Solutions:

1. Do not leave open administrator tabs. The best idea security-wise, not the easiest to enforce obviously.

2. Set your site's session timeout higher, e.g. to 90 minutes. Not ideal but at least won't get you blocked.

3. If you have a static IP address put it in the "Never block these IPs" box in the Configure WAF page to prevent your IP from being blocked. Also note that you will be able to access your site's login page as domain.com/administrator/index.php (without the secret word) ONLY from this IP: all security defenses are down for requests coming from an IP in the list of IPs to never block.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 27 March 2015 09:19 CDT

victorwooten
thanks for your quick reply.
i will seed that.

Friday, 27 March 2015 09:24 CDT

nicholas
You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!