Fabrik 3.9 has been released. If you have updated Joomla to 3.9, this is a required update.Dismiss Notice
AdminTools from akeebabackup.com is a security component.
- .htaccess Maker
- list/form/details template_css.php and custom_css.php
- image files in cache/com_fabrik/staticmaps
- plugins/fabrik_element/captcha/image.php (at the time of writing: June 2015, Fabrik3.2.1)
- Web Application Firewall/Configure WAF
- Visual Fingerprinting Protection
- Joomla! Feature Hardening options
.htaccess Maker(top)With the default settings (Frontend protection=Yes) .htaccess Maker in AdminTools is preventing any access to .php from "outside" Joomla, to images files outside specific directories etc.
Fabrik needs access to
list/form/details template_css.php and custom_css.php(top)Solution:
add in the "Exceptions" section, in the box "Allow direct access, including .php files, to these directories" the paths to the Fabrik templates:
You can add the "details" also if you use them.
if you want to be very strict with security, you can specify the template:
or be looser and just give access to all views:
image files in cache/com_fabrik/staticmaps(top)Solution: add directory to
Fine tuning: Front-end directories where file type exceptions are allowed
plugins/fabrik_element/captcha/image.php (at the time of writing: June 2015, Fabrik3.2.1) (top)Solution: add file to
Exeptions: Allow direct access to these files
Web Application Firewall/Configure WAF(top)
Visual Fingerprinting Protection(top)If you set "Block tmpl=foo" to YES you must add "bootstrap" to the "List of allowed tmpl= keywords"
Joomla! Feature Hardening options(top)Warn about self XSS =no (seems to be necessary for running PDF output; versions Feb 2018)
In any case, after enabling AdminTools, always check the different types of pages with Firebug/Console to spot the 403 errors and make the appropriate corrections in the Exceptions and Fine Tuning