Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by on Tuesday, 10 June 2025 15:17 CDT
Hello, I have a site which is working OK but I have requested an SSL certificate to be applied for this domain. Do I have to do anything to admin tools as a result? I thought it would be a good idea to create a new .htaccess file but if I do I get a server 500 error on front and back end.
Thanks Dennis
There is really nothing special you need to do. You may want to check that the .htaccess Maker's configuration page has the correct domain for both HTTP and HTTPS (scroll all the way down on that page to check that).
Beyond that, a 500 internal server error page when using the .htaccess Maker is possible in case you're using a feature not supported by your server. Check the instructions we have in https://www.akeeba.com/documentation/admin-tools-joomla/athtaccess500.html
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
All resolved now and SSL installed by the host, the item causing the 500 error was Disable directory listings (recommended) which has to be set to NO for some reason.
Thanks
That's because the host can use AllowOverride Options in their server configuration, disallowing you from changing directory list options in your .htaccess file. That's why we tell you to try one option at a time, and why Joomla's htaccess.txt tells you that the part of the file with the Options directive may have to be removed on some hosts.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Thanks for that, one other thing, I need to add another user to the site and went to Configure WAF, Hardening options to enable me to do this but it will not let me save this or in fact save any other changes in the Configure WAF area. I just get a white screen and a message "Forbidden You don't have permission to access this resource." I am logged in as a super user and I receive an email saying that the configuration options have been modified.
Any suggestions?
Thanks
Something does not add up. The Forbidden message means that your host is blocking the form submission, presumably because they have some kind of server protection (typically based on Apache's mod_security2 – that's a web server protection, NOT a Joomla extension). However, the email you say you receive would mean that the page was submitted. These are mutually exclusive.
Do you see any of the changes you applied when you log out, log back in, and go to the Configure WAF page again?
What exactly is the content of the email you receive?
Do you receive the email when you click on Save & Close at the Configure WAF page, or at some other point in time?
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
I have discovered that my hosting company names.co.uk made some changes a couple of weeks ago and moved everyone with Cpanel hosting to something called Wepanel hosting which looks very similar but is presumably on different servers which could explain why my original .htaccess needed to change. Presumably no one should have been affected by this move..
In answer to your questions I get the "Forbidden You don't have permission to access this resource" if I try to save the Configure WAF page whether I have made a change to anything or not and on reconnecting to the form any changes that I have attempted have not been made.
The failed save message does not generate an email, my apologies, I was confusing that with emails about my previous .htaccess problem.
If it's any help I have attached some system information.
Thanks for your help.
OK, that makes sense, and everything you said in your latest post tracks and meshes together.
You need to contact your host and tell them that this happens. They have some sort of protection on their server which blocks you from submitting the backend form to save the WAF configuration. They will be able to see what is going on in their logs and disable the relevant rules on your hosting account.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Hello, this issue has now been resolved. I contacted the hosting provider and this is their response. All OK now. Thanks Dennis
Thank you for coming back to me with those detailed steps, this helped in confirming the cause of the issue you have reported.
The issue preventing changes to the Web Application Firewall settings in Akeeba AdminTools was caused by ModSecurity, which is part of our server-level security setup. When enabled, ModSecurity can sometimes block certain actions within Joomla’s admin area, in this case, saving changes to AdminTools’ configuration.
Disabling ModSecurity temporarily allowed the changes to be saved successfully. Please note that ModSecurity is enabled by default across all hosting accounts for security purposes, and we’re unable to modify these settings on a per-user basis.
If you need to make further changes to AdminTools in the future, we recommend temporarily disabling ModSecurity while performing those updates, then re-enabling it afterwards to maintain site protection.
They should also be able to see which rule ID was being triggered and give you code to add to your .htaccess to disable that one specific rule instead of asking you to disable mod_security2 entirely every time you need to make a change on that page :) This is standard practice, really. The standard OWASP rules for Joomla include some outdated rules which will block things that have not been a vulnerability in nearly two decades, and do block useful functionality. For example, the default rules block editing a Contacts entry with ID=1; God forbid we had to reconfigure the server before and after every change to that contact!
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
This ticket has been automatically closed.
All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!