Support

Admin Tools

#40611 .htaccess Rules

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
5.1.0
PHP version
8.1.28
Admin Tools version
7.5.2

Latest post by nicholas on Sunday, 21 April 2024 10:01 CDT

Friday, 19 April 2024 14:36 CDT

enclavecoa

I've got an issue where some of my extensions have Calls to other modules within my domain and are getting blocked. I'm not sure why this is happening. Could this be my .htaccess file or something else?

In the screenshots that I've attached, one of my vendors, Joomlatools, is getting an error "HTTP method not allowed" in my Firewall reports. The summary report shows that the Blocking Reason is "MET043 - HTTP method not allowed". I've contacted Joomlatools Support and they said "Your firewall should not be blocking these calls, which are made by our scheduler component for maintenance tasks. You should relax this rule so that these can pass through."

Any help is appreciated.

Friday, 19 April 2024 15:16 CDT

enclavecoa

I think I've found the problem. There is a setting inside of my Firewall at GoDaddy which allows the setting of different HTTP methods. OPTIOS had not been allowed. I allowed OPTIONS, CONNECT, DELETE, PUT, and TRACE. I think this will solve the issue.

Sunday, 21 April 2024 10:01 CDT

nicholas

Correct, this has nothing to do with Admin Tools. We do not block requests solely on the HTTP verb (method) being used.

In fact, the error code you get (MET043) is a dead giveaway that it comes from Sucuri: https://labs.sucuri.net/signatures/waf/met043-http-method-not-allowed/ 

Sucuri, used by your host, sits in front of your site, providing a first level of protection. This is a good thing! Security should indeed be in layers. We always recommend having something like Sucuri or CloudFlare in front of the server to kill most malicious requests before they even reache your web server, our .htaccess Maker-generated .htaccess as a second layer of protection to protect against common attacks against the web server and the application, and the Web Application Firewall in Admin Tools to weed off the more sneaky malicious requests. The idea is that you don't create a single point of failure in your defense, and be most efficient by consuming the least resources for malicious requests, having the bulk blocked before they consume your server's resources.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!