Support

Admin Tools

#9938 Plain .com Personal website address blocked by security settings.

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 11 July 2011 07:45 CDT

Thursday, 07 July 2011 12:59 CDT

user40075
Hi Nicholas!

This is related to the previous solutions you provided in the topic:
https://www.akeebabackup.com/support/forum/topic/28336-unexpected-cache-nowrite-message-and-other-error-messages-incl-public-display/49039.html#p49039

In implementing all the security features in Admin Tools Pro,
I ran into one blockage I haven't been able to bypass.

I have my website at Rochen and I have two old personal websites sitting inside my root folder, right beside all the Joomla folders. For reasons beyond me, I can no longer reach one of them without adding /home.html to the .com that was sufficient in the past. Now I get this message:

"Forbidden
You don't have permission to access / on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."

No one else can reach it with the naked .com either, so it's not just me.
I am pretty sure this is a result of creating the new .htaccess file in Admin Tools. I ought to know where to stick the exception for www.mypersonalsite.com but I don't, and I am not sure what the problem might be in any event.
I would say I don't know how to grant access to or whitelist my own personal website residing in the root folder alongside Joomla.

Any suggestions much appreciate.

Thanks again,

Lowtech

Thursday, 07 July 2011 13:06 CDT

nicholas
Admin Tools' .htaccess Maker is way too strict by default. It doesn't allow accessing the contents of subdirectories unless they are in the exceptions list. Assuming that your directories are named foo and bar and you used to access them as www.example.com/foo and www.example.com/bar, here's what you have to do.

Go to the .htaccess Maker and expand the Server Protection tab. In the "Allow direct access, including .php files, to these directories" text area append: 
foo
bar
Click on Save and Create .htaccess and you should be back in business.

Note: you may also have to turn off the "Disable directory listings (recommended)" from the "Basic security" pane and "Force index.php parsing before index.html" from the "Optimisation and utility" pane of the same page.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 07 July 2011 18:00 CDT

user40075
Hi Nicholas,

Tried all suggestions but nothing worked!
My problem URL is at this file level:
/home/public_html/mypersonalsite.com

It is not a subdomain such as mypersonalsite.mainsite.com but a full .com domain located in the public_html directory, along side all the Joomla folders such as components/ and plugins/ and templates/ etc. It is at the same level as firestats.e.g.:

public_html/
administrator/components/com_admintools
components/com_admintools
...
plugins/system/admintools
...
mypersonalsite.com
templates/
myotherpersonalsitethatworksok.com

Please note that the last named above works fine and never had any problems as a result of strict admin tools settings.
Perhaps I am looking in the wrong place and it is unrelated to Admin Tools?

It is a minor problem as things go, but returning to my original mystery: why should mypersonalsite.com cease to function unless I add /home.html to the home page address?

Totally confused and appreciative of your help!

Best,

Lowtech

Friday, 08 July 2011 05:32 CDT

nicholas
Normally the .htaccess should not have anything to do with the subdomain. Please try renaming the .htaccess file on your main site to htaccess.txt and retry accessing the child site. If that doesn't work, the problem is in the sub-site setup, not the .htaccess. If that works, let me know and I'll try to think of a way to work around this limitation.

Important: Remember to rename htaccess.txt back to .htaccess for your main site to work properly.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 10 July 2011 15:02 CDT

user40075
Well Nicholas,

I finally followed your suggestion and shut down .htaccess for a minute while I tried to load myproblemsite subdomain using only the .com name and omitting the home.html.

Myproblemsite loaded perfectly with .htaccess turned off. I turned .htaccess back on and it immediately stopped working. I have copied the parts of .htaccess that might be of interest (omitting the opening boilerplate and the closing list of IP denials. I attached same, hoping the solution will be immediately obvious to you. I remind you and myself that I have another parallel subdomain, myperfectlyworkingsite.com, that has never been a problem and has never been entered as an exception in Admin Tools.

Best,

Lowtech

PS
I also tried a number of file name variations,"../" etc., in Exceptions (in .htaccess Maker), all to no avail :(

Sunday, 10 July 2011 15:38 CDT

nicholas
OK, now I know that it is what I thought but found rather impossible to be happening. The good thing is that I think I have a workaround.

Create a new .htaccess file inside the extra domain's directory (not your main site!) with the following contents:

RewriteEngine Off
DirectoryIndex index.html home.html


Normally, this should override all the rewrite rules and make index.html and home.html your default index files.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 10 July 2011 17:54 CDT

user40075
YES!

Nicholas,it worked!

There already was an .htaccess file in the problem domain folder. It probably came over when I consolidated my websites at Rochen. Strange. It was empty except that it contained all the access-denied IPs currently listed (several hundred) in the main site .htaccess file, but I never put them in this subdomain file.

Are you going to let us know what you figured out, or is it going to remain your special secret? : )

Thanks much! I've learned plenty, too!

Best,

Lowtech

Monday, 11 July 2011 07:45 CDT

nicholas
You're welcome! I am glad it's working now!

Here's the secret: add-on domains are stored in subdirectories of your main site. Apache (the web server running on your server) uses a simple inheritance scheme for .htaccess files. It starts from the document root and goes upwards, parsing all .htaccess files. Since your document root is the main site's web root, it starts by parsing the .htaccess file of the main site. This caused the problem, as it contained rewrite code to block exploits and -guess what- block the index files. By adding a .htaccess in the add-on domain's web root which turns off rewrite rules we told Apache "you know what, we previously told you to run some rewrite rules, now forget all about them and consider home.html as the web site's default file". Ta-da! Like all things web, it's all about the right amount of smoke and mirrors ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!