Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by iorbita on Thursday, 17 June 2021 10:23 CDT
Hello,
I need to add Metaman plugin (Stackideas) as specific items which should not be protected by the web application firewall.
Is it in “WAF Exceptions” section that it should be added?
What should I insert in “Component”, “View”, “Query Parameter” fields ?
Thanks for your help,
Lorenzo
Plugins do not have URLs of their own. They handle system events server-side. What are the URLs you want to exempt from the protection?
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Hi,
the plugin comes in front-end as meta tags editor, so it's active on every page.
The problem is that when Admin Tools is enabled, changes in Metaman are not taken into account and I'm banned every time, the reason -> DFIShield
Once again, plugins DO NOT have their own URL. The plugins does something which probably posts something to some URL. You need to tell me which is the URL it posts to and which is the query parameter which causes the DFIShield security exception. This is because plugins themselves DO NOT have a URL so I cannot tell you how to exclude something which does not exist. I can and will tell you how to exclude something that does exist as long as you tell me what that is.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
...sorry I didn't understand the answer correctly, here is the URL:
https://www.cafebeguin.be/index.php?lang=
The target URL doesn't tell us what the plugin is doing. It's obviously POSTing something to your site but any other information is lost in the POST request parameters. Since you don't know how to use the browser dev tools to find out what this is you can send me the detailed Admin Tools log file so I can help you. Here's how.
Admin Tools, Web Application Firewall, Configure WAF, Logging & Reporting. Set “Keep a debug log file” to Yes.
Reproduce your issue. This is important! Turning on the log file obviously doesn't act on the past blocked requests. We need a new blocked request to happen so it gets logged.
Find the file admintools_breaches.php in your site's logs folder (by default: administrator/logs/admintools_breaches.php)
Download it to your computer.
Change its extension from .php to .txt
Put it in a ZIP file.
Attach the ZIP file to your next reply.
Admin Tools, Web Application Firewall, Configure WAF, Logging & Reporting. Set “Keep a debug log file” to No.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Hi,
Thanks Nicholas for your help and your explanations, I use the browser dev tools but rather for web pages layout, anyway I looked a little further and I located the POST line when the error occurs ... I get a 403 error and it seems that there is an access issue with jQuery?
You are probably better informed than me on how to read this information...
I also followed your instructions and I attach the file that you asked to send you.
Thanks again,
Lorenzo
.... I tried to give access to this folder -> plugins/system/metaman via htaccess file but I don't have any changes ...
Go to Components, Admin Tools, Web Application Firewall, WAF Exceptions.
Click on the green New button at the top of the page.
In the new page enter Query Parameter url
Click on Save & Close
Click on the green New button at the top of the page again.
In the new page enter Query Parameter canonical
Click on Save & Close
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
... fixed, thanks again :)
You're welcome! When I have the information I need (the log file in this case) I can help you very efficiently :)
Have a great day!
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
...it's good to know and it will be useful for the next time, have a great day too!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!