1. The 3.8 code for Fabrik is now available on github, in the 'master' branch. If you are familiar with updating Fabrik from github, we would appreciate it if you could test this code on J! 3.8 for us. Once we have some feedback, we'll build a 3.8 release.

AdminTools

May 11, 2016
AdminTools
  • AdminTools from akeebabackup.com is a security component.

    .htaccess Maker(top)

    With the default settings (Frontend protection=Yes) .htaccess Maker in AdminTools is preventing any access to .php from "outside" Joomla, to images files outside specific directories etc.

    Fabrik needs access to

    list/form/details template_css.php and custom_css.php(top)

    Solution:
    add in the "Exceptions" section, in the box "Allow direct access, including .php files, to these directories" the paths to the Fabrik templates:

    components/com_fabrik/views/form/tmpl
    components/com_fabrik/views/list/tmpl

    You can add the "details" also if you use them.
    if you want to be very strict with security, you can specify the template:

    components/com_fabrik/views/form/tmpl/bootstrap

    or be looser and just give access to all views:

    components/com_fabrik/views

    image files in cache/com_fabrik/staticmaps(top)

    Solution: add directory to
    Fine tuning: Front-end directories where file type exceptions are allowed

    plugins/fabrik_element/captcha/image.php (at the time of writing: June 2015, Fabrik3.2.1) (top)

    Solution: add file to
    Exeptions: Allow direct access to these files

    Web Application Firewall/Configure WAF(top)

    Visual Fingerprinting Protection(top)

    If you set "Block tmpl=foo" to YES you must add "bootstrap" to the "List of allowed tmpl= keywords"


    In any case, after enabling AdminTools, always check the different types of pages with Firebug/Console to spot the 403 errors and make the appropriate corrections in the Exceptions and Fine Tuning
futuron likes this.