Support

Admin Tools

#9806 cache templates css.files and frontend protection

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 29 March 2011 02:30 CDT

Monday, 28 March 2011 11:34 CDT

ka3media
Hello

i'm using Admin Tools Pro and a template, based on warp5 by yootheme.

Activating the frontend protection of the .htaccess Generator with activated caching of warp5, it disallows using cache-css-files the folder cache/template... ok.

Trying to put the folder into the "allowed-list" for backend and/or frontend and adding css as file-type, i wont see any change. The same files are 403 disallowed.

Now i put the folder into "allow direct acess incl. php-files" it works fine.

But i thing this couldn't be the fix :(

Any ideas??

Monday, 28 March 2011 15:22 CDT

nicholas
The thing is that the CSS files are not delivered as CSS files. Instead, they are PHP files so that they are always delivered compressed with GZip, in order to minimize bandwidth. I remember we had covered that in the first issues of the Joomla! Community Magazine, almost a year ago. As you discovered, the only way to make it work is to actually put the folder in the exceptions list which allows accessing PHP files. It's not a bug in neither the template nor Admin Tools, it's the way the template is designed to work. I've seen that on many templates from other vendors as well.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 28 March 2011 15:27 CDT

ka3media
Thank you for your feedback....

As a professional in security, what do you think:

Switch off compression or buy a little?? less security? I'm not shure, because i think in the cache folder are a lot not unimportant php files... even in the cache/template folder

Thanks for your support!!!!

PS: On this page i get a lot security warnings about bad behavior... changing ip adresses, must USA, some netherlands or belgium.... there was no time to analyse the log exactly, so i can't say what is really going on...

so i think high security can't be the worst thing :))
Edited by ka3media on 2011-03-28 15:32 CDT

Monday, 28 March 2011 15:42 CDT

nicholas
I would suggest turning on compression in the template (if that's an option) and use .htaccess Maker's "Compress all static resources" option instead. It's actually more performant, as the compression is handled transparently by Apache, using very fast native code. The less you have to pass through PHP the better performance you get. And as a bonus, not only you get better security but you also make your site more compatible with CDNs.

Regarding Bad Behaviour, take the warnings with a pinch of salt. The Bad Behavior plugin is very keen on flagging site access. Unless you see repeated Bad Behaviour issues coming form the same IP in a short time there's no need to block access from those IPs.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 28 March 2011 15:51 CDT

ka3media
i think you mean: Turning OFF in the template?!?!? :)

I will try this way, thank you for this.

I'm a little bit nervous, because the warning shows a different IP everytime, always from outside germany... but here is only german content... so i think i better keep my eyes on it :))

Thank you and have yourself a good night

Edit: deflate is not active on this server... it's a managed Server by 1&1, so it does not work this way

Edited by ka3media on 2011-03-28 16:58 CDT

Monday, 28 March 2011 16:16 CDT

ka3media
Short feedback: Using "Compress all static resources" get me a INternal Server Error and an 500 Error fpr the Error Document... but i try to figure it out :))

Tuesday, 29 March 2011 01:29 CDT

nicholas
It is possible that you have Apache 1.3 which doesn't support that feature or that Apache's mod_deflate is not installed on the server. In this case, you have to bite the bullet and use your template's CSS compression using PHP files :(

As a side note, you may not have to add the entire template directory to the exceptions list. Instead, take a look at where the PHP compressed versions of your CSS files are. They're usually in templates/template_name/css so you only need to add that specific directory to the exceptions list.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 29 March 2011 02:14 CDT

ka3media
Yes, that's the point: Apache 1.3.41 and no way to change it on this server

As i wrote before, the problem is the folder "cache/template", so hopefully the various filenames of the compressed css-files are to difficult to guess :))

Tuesday, 29 March 2011 02:20 CDT

nicholas
Uh... This is the kind of CSS compression I strongly dislike as it forces you to open up access to a subdirectory of the cache directory. However, as you said, there's no other workaround :(

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 29 March 2011 02:25 CDT

ka3media
There is another workaround :)

Move to another server in the near future :))) So we will do!!

Again, thank you for your fantastic software and support.

Tuesday, 29 March 2011 02:30 CDT

nicholas
You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!