If you update to Joomla 3.8.10, please make sure that you either do a full GitHub update of Fabrik, or disable caching for your lists (in the Advanced settings) or turn off Joomla's System Cache setting. A change in Joomla's cache code in 3.8.10 required a fix in Fabrik, which will be rolled in to the next release, but is currently only available in GitHub.Dismiss Notice
We will be performing an update of XenForo (the forum software use on this site) this afternoon, Fri 8/17/2018. The forums will be unavailable for a (hopefully!) short time.Dismiss Notice
AdminTools from akeebabackup.com is a security component.
- .htaccess Maker
- list/form/details template_css.php and custom_css.php
- image files in cache/com_fabrik/staticmaps
- plugins/fabrik_element/captcha/image.php (at the time of writing: June 2015, Fabrik3.2.1)
- Web Application Firewall/Configure WAF
- Visual Fingerprinting Protection
- Joomla! Feature Hardening options
.htaccess Maker(top)With the default settings (Frontend protection=Yes) .htaccess Maker in AdminTools is preventing any access to .php from "outside" Joomla, to images files outside specific directories etc.
Fabrik needs access to
list/form/details template_css.php and custom_css.php(top)Solution:
add in the "Exceptions" section, in the box "Allow direct access, including .php files, to these directories" the paths to the Fabrik templates:
You can add the "details" also if you use them.
if you want to be very strict with security, you can specify the template:
or be looser and just give access to all views:
image files in cache/com_fabrik/staticmaps(top)Solution: add directory to
Fine tuning: Front-end directories where file type exceptions are allowed
plugins/fabrik_element/captcha/image.php (at the time of writing: June 2015, Fabrik3.2.1) (top)Solution: add file to
Exeptions: Allow direct access to these files
Web Application Firewall/Configure WAF(top)
Visual Fingerprinting Protection(top)If you set "Block tmpl=foo" to YES you must add "bootstrap" to the "List of allowed tmpl= keywords"
Joomla! Feature Hardening options(top)Warn about self XSS =no (seems to be necessary for running PDF output; versions Feb 2018)
In any case, after enabling AdminTools, always check the different types of pages with Firebug/Console to spot the 403 errors and make the appropriate corrections in the Exceptions and Fine Tuning
futuron likes this.