1. Fabrik 3.9 has been released. If you have updated Joomla to 3.9, this is a required update.
    Dismiss Notice


Feb 7, 2018
  • AdminTools from akeebabackup.com is a security component.

    .htaccess Maker(top)

    With the default settings (Frontend protection=Yes) .htaccess Maker in AdminTools is preventing any access to .php from "outside" Joomla, to images files outside specific directories etc.

    Fabrik needs access to

    list/form/details template_css.php and custom_css.php(top)

    add in the "Exceptions" section, in the box "Allow direct access, including .php files, to these directories" the paths to the Fabrik templates:


    You can add the "details" also if you use them.
    if you want to be very strict with security, you can specify the template:


    or be looser and just give access to all views:


    image files in cache/com_fabrik/staticmaps(top)

    Solution: add directory to
    Fine tuning: Front-end directories where file type exceptions are allowed

    plugins/fabrik_element/captcha/image.php (at the time of writing: June 2015, Fabrik3.2.1) (top)

    Solution: add file to
    Exeptions: Allow direct access to these files

    Web Application Firewall/Configure WAF(top)

    Visual Fingerprinting Protection(top)

    If you set "Block tmpl=foo" to YES you must add "bootstrap" to the "List of allowed tmpl= keywords"

    Joomla! Feature Hardening options(top)

    Warn about self XSS =no (seems to be necessary for running PDF output; versions Feb 2018)

    In any case, after enabling AdminTools, always check the different types of pages with Firebug/Console to spot the 403 errors and make the appropriate corrections in the Exceptions and Fine Tuning
tagger and futuron like this.