Support

Admin Tools

#22691 custom 403 not showing

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by emeryjay on Thursday, 04 June 2015 10:54 CDT

Wednesday, 27 May 2015 16:05 CDT

emeryjay
 I'm attempting to implement custom 403 errors for security exceptions. I also have implemented the Admin Tools secret word URL

I've set WAF box for a custom message. I've copied the default file from the correct directory to the correct directory. ... you know the bright red warning

I blacklisted my IP to test it using main.php.bak back main.php work around.

Trying to generate a security exception and the site sends me to the home page.

Trying to login into the admin login page without the secret admin word sends me to the home page.

Logging in with the secret admin URL works fine.

The issue is on a development site, so enjoy the time off. Remember it's just work.
Emery

Monday, 01 June 2015 15:36 CDT

nicholas
Based on your description, your problem is that you're generating the wrong kind of security exception.

If you have enabled the Administrator IP Whitelist and put your IP address there OR you have your IP address in the "Never block these IPs" option in the Configure WAF page you cannot raise security exceptions. You are allowed to do anything.

Trying to login into the admin login page without the secret admin word always sends you to the home page WITHOUT showing a message that you're an attacker. This is on purpose and documented. The idea is to not give away the fact that you are monitoring your site against brute force attacks. You want the attacker to retry the attack enough times to get auto-banned.

Or maybe you didn't copy the correct file? You need to copy components/com_admintools/views/blocks/default.php to templates/YOUR_TEMPLATE/html/com_admintools/blocks/default.php Please pay attention that there is no "/views/" between com_admintools and blocks in the second path. I know, sounds strange, that's how Joomla! template overrides work. Sometimes I fall for it even to this day if I'm absent-mindedly trying to do an override. It's easy to get it wrong. Typically it's the result of me thinking "oh, I'll just drag'n'drop this into here".

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 04 June 2015 10:54 CDT

emeryjay
I didn't RTFM closely enough. I didn't understand the failed logins are redirected to the home page. I was hoping failed logins get a 403 as well but it is not 403 error is it? I do get email notifications of failed logins and that's enough.

Thanks!
Emery

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!