Admin Tools for Joomla

Emergency Off-Line Mode
Prev	Chapter 2. Using Admin Tools	Next

Emergency Off-Line Mode

	Important
This feature uses .htaccess files which are only compatible with Apache, Litespeed and a very few other web servers. Some servers (such as NginX and IIS) are incompatible with .htaccess files. If we detect a known to be incompatible server type this feature will not be shown at all in Admin Tools' interface. It should be noted that even if you do see it in the interface it doesn't necessarily means that it will work on your server. This depends on your server's capabilities. If you are unsure or believe it doesn't work please consult your host.

Important

This feature uses .htaccess files which are only compatible with Apache, Litespeed and a very few other web servers. Some servers (such as NginX and IIS) are incompatible with .htaccess files. If we detect a known to be incompatible server type this feature will not be shown at all in Admin Tools' interface. It should be noted that even if you do see it in the interface it doesn't necessarily means that it will work on your server. This depends on your server's capabilities. If you are unsure or believe it doesn't work please consult your host.

Joomla!'s off-line feature, the one you can enable in your site's Global Configuration, has a major deficiency. It doesn't actually put the site off-line. All it does is to replace the HTML output with the "off-line" page... after running all plugins, modules and the component which would display on the page. This can have serious security implications, especially when you need to take your site off-line to deal with a security issue (e.g. an extension known to be vulnerable or a hacked site) or to update a key component of your site.

The Emergency Off-Line Mode of Admin Tools enables you to really and securely take your site off-line. More specifically, the Emergency Off-Line Mode does the following actions:

It creates —if it doesn't already exist— a static HTML page named offline.html in your site's root. This page contains the offline message to show to visitors. Feel free to modify it to your liking.
It creates a backup copy of your site's .htaccess file, if there was one, under the name .htaccess.eom.
Finally, it creates a .htaccess file which will temporarily redirect all access attempts to the offline.html page. It will allow only your current IP address to have access to the site.

To put your site in Emergency Off-Line Mode, simply click on the Emergency Off-Line button in Admin Tools' Control Panel page. This will get you to the following page:

The Emergency Off-Line Mode page

Clicking the Set Offline button will attempt to perform the steps outlined above. Should any of those steps fail, for example due to insufficient file permissions, you can still put your site in Emergency Off-Line Mode by taking out the following procedure:

Keep a copy of your site's .htaccess file, e.g. renaming it to htaccess.bak.
Create a new .htaccess file in your site's root with its contents being what displayed in the last part of the Emergency Off-Line Mode page.

If your Internet IP address changes before you disable the Emergency Off-Line Mode —i.e. your connection drops or you switch to another computer which connects to the Internet through a different Internet router— you will be unable to log in to your site. In this case, follow these steps:

Using an FTP application of your liking remove the .htaccess file, or upload a blank .htaccess file overwriting the old one.
Go to your site's administrator back-end and relaunch Admin Tools' Emergency Off-Line mode. Clicking on the Set Offline button will create a new .htaccess file with your current IP address. Your backup .htaccess.eom file will not be overwritten.

If you want to set your site back on-line, just visit the Emergency Off-Line page and click on the Set Online button. This will replace the off-line .htaccess file with the contents of the .htaccess.eom backup file and remove the backup file. If this doesn't work, follow this manual procedure:

Using an FTP application of your liking remove the .htaccess file, or upload a blank .htaccess file overwriting the old one.
Rename the .htaccess.eom backup file back to .htaccess

Will I be able to use FTP or my host's control panel file management when I enable this feature?

Of course! This feature only prevents web (HTTP/HTTPS) access to your Joomla site from IP addresses other than yours. It can't and won't touch FTP access or your hosting control panel's file management.

But I can still access my site after using this?

That's the point. You can access the site but people coming from other IP addresses cannot.

If you need to test this use a different device with a mobile Internet connection, e.g. your phone disconnected from WiFi and connected to mobile data. This will have a different IP address than your current device.

Other people can still access the site or I cannot access the site right after enabling this feature

This means that your site is behind a proxy such as a CDN, third party Web Application Firewall service, load balancer or caching proxy. In these cases the visitor's address appear to be the same for all traffic coming to your site. In this case you cannot use this feature. It's a server limitation.

	Note
In theory, we could change the .htaccess file we generate to use the HTTP X-Forwarded-For header. However, you'd need to know if you are hosted on a server under the configuration described above and tell us in advance. In most cases this happens when you are using a third party CDN (such as CloudFlare) or third party Web Application Firewall service (such as Sucuri). It's easier to go into the control panel of these third party services and block traffic from all IPs except yours than remembering to configure the Emergency Off-Line Mode every time you need to use it.

Note

In theory, we could change the .htaccess file we generate to use the HTTP X-Forwarded-For header. However, you'd need to know if you are hosted on a server under the configuration described above and tell us in advance. In most cases this happens when you are using a third party CDN (such as CloudFlare) or third party Web Application Firewall service (such as Sucuri). It's easier to go into the control panel of these third party services and block traffic from all IPs except yours than remembering to configure the Emergency Off-Line Mode every time you need to use it.

Should I always use the emergency off-line mode instead of Joomla!'s off-line feature?

No. There are many cases where using Joomla!'s off-line feature is more convenient, i.e. when you want to simply make your site's content unavailable to random web visitors and search engines while building a new site. The only cases when you should use the Emergency Off-Line Mode are:

If you believe that your site has been compromised (hacked). The Emergency Off-Line will make it impossible for the hacker to access your site while you are working to restore it.
When updating key components of your site and don't want to risk a user following a direct link which might interfere with the process. This use case is largely irrelevant nowadays since databases will automatically lock the tables they are making structural changes to when an extension update is in progress, making it very unlikely if not impossible that you'll ever see a problem like that.

In all other cases it's more convenient and sufficient to go to your site's Global Configuration and enable the off-line feature of Joomla! itself.

The offline.html page Admin Tools creates is horrid. Can I change it?

Well, you're not wrong. It's a bland, unbranded, boring page. Of course you can change it. Simply upload an offline.html of your liking to your site's root. You can link to JPG, GIF, PNG, BMP, SWF, CSS and JS files —on the same or a different server— from inside the HTML of this file. Do not try to link to other file types, it will not work.

Won't the redirection to offline.html mess with my SEO?

No. The redirection to offline.html is made using the 307 HTTP status code which tells search engines that this redirection is temporary, they should not index the page now, but come back later when the problem will have been restored.

Help! I have been locked out of my site! Fix it!

Delete the .htaccess file from your site's root. Rename the file .htaccess.eom back to .htaccess and that's about it.

Help! As soon as I clicked on "Put Offline" I got a white page or Internal Server Error 500 page.

Don't panic! You have an old version of Apache —1.3 or 2.0— which doesn't support one feature used in the .htaccess file generated by Admin Tools. You can easily work around this issue by editing the .htaccess file in your site's root, using an FTP application. Replace [R=307,L] in the last line with [R,L] (that is, remove the =307 part) and save back the file. That's all.

My Internet connection drops all of the time. Will I get continuously locked out of my site if I use this feature?

It depends. If you have a static IP address, no, you will never get locked out. If you have a dynamic IP address, I don't know. When I used to have a dynamic IP address I observed that my IP address wouldn't change if my connection dropped for less than 1-2 minutes. It all depends on how your ISP assigns IP addresses to its clients. The only way to find out is the hard way: trial and error.

Prev	Up	Next
Fixing the permissions of files and directories	Home	Protect your administrator back-end with a password