• Views Views: 6,591
  • Last updated Last updated:
  • AdminTools from is a security component.

    .htaccess Maker​

    With the default settings (Frontend protection=Yes) .htaccess Maker in AdminTools is preventing any access to .php from "outside" Joomla, to images files outside specific directories etc.

    Fabrik needs access to
    list/form/details template_css.php and custom_css.php​
    add in the "Exceptions" section, in the box "Allow direct access, including .php files, to these directories" the paths to the Fabrik templates:


    You can add the "details" also if you use them.
    if you want to be very strict with security, you can specify the template:


    or be looser and just give access to all views:

    image files in cache/com_fabrik/staticmaps​
    Solution: add directory to
    Fine tuning: Front-end directories where file type exceptions are allowed
    plugins/fabrik_element/captcha/image.php (at the time of writing: June 2015, Fabrik3.2.1)​
    Solution: add file to
    Exeptions: Allow direct access to these files

    Web Application Firewall/Configure WAF​

    Visual Fingerprinting Protection​
    If you set "Block tmpl=foo" to YES you must add "Bootstrap" to the "List of allowed tmpl= keywords"

    Joomla! Feature Hardening Options
    Warn about self XSS =no (seems to be necessary for running PDF output; versions Feb 2018)

    In any case, after enabling AdminTools, always check the different types of pages with Firebug/Console to spot the 403 errors and make the appropriate corrections in the Exceptions and Fine Tuning