I have installed admin tools and generated the .htaccess file.
Backend protection is set to yes (further 'default')
Frontend protection is set to yes (further 'default')
Exceptions from server protection is the standard
Everything works if I go to the [url]/administrator/ from my browser.
In my hosting environment I have also the Plesk Joomla-Toolkit installed (https://www.plesk.com/joomla-toolkit/)
Installing/activating/deactivating is working
In this environment there is also a link "Administrator Login" (see attachment).
When I click this link (that seems to be https://[my hosting url not domainname of site]:8443/modules/joomla-toolkit/index.php/detail/redirect?instance_id=9 and seems to results in header('Location: ../administrator/index.php') what seems to cause the 403 error.
I have added the IP (2) of [my hosting url not domainname] in the WAF "configure WAF" "Exceptions" as never block these IPs (is the same IP as my [site url]
Is this now caused by the .htaccess or by the WAF? is there a way to configure this in the correct way so I could use this link again (because I maintain multiple Joomla sites from there and is it easier to click login admin from there than go to every side manually)
When I click this go to "administrator Login" link I do get an "email super user logged into the administrator" only not logging in just showing this 403