#39006Admin Tools and EDocman "Forbidden You don't have permission to access this resource."
Posted in ‘Admin Tools for Joomla!’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
4.3.1
PHP version
8.0.2.3
Admin Tools version
7.3.3
Latest post by [emailprotected] on Thursday, 25 May 2023 10:59 CDT
Monday, 22 May 2023 14:00 CDT
[emailprotected]
Hello,
We are working to remediate some security vulnerabilities and have been implementing Admin Tools. I have run into an issue where after installing Admin Tools, it is blocking access to the EDocman files. See attached screenshot. Prior to the installation of Admin Tools, EDocman is configured to use a PDF viewer and display the contents of the PDF.
As a workaround I have used the default Joomla .htacces file as it seems if I use Admin Tools .htaccess file maker this causes the permissions issue.
Currently EDocman stores the files locally on the web server in this location:
[ROOTPARENT]/edocman
Is there a specific configuration setting or .htaccess parameter that is required to allow EDocman access to this file path or run the PDF viewer?
Thanks in advance for any tips you can provide.
Eric
Attachments
Example Doc page.png
working pdf view.png
broken PDF View.png
Tuesday, 23 May 2023 00:47 CDT
nicholas
Akeeba Staff
Manager
The correct approach is tofollow the “How to determine which exceptions are required” troubleshooting documentation page.
If you get lost somewhere, we can do this together. In this case, I will need you to reproduce the problem. On that page with the problem, open your browser's developer tools (on Windows and Linux hit the F12 key). Go to the Network tab and reload the page. You will see a number of resources on your site which are red and when you click on them it tells you that the HTTP status was 403. Tell me their URLs so I can help you create the necessary exceptions.
I believe that you will need to add a few folders into the “Allow direct access, except .php files, to these directories” option in the .htaccess Maker. I believe that you need to add exceptions for both the file where the PDF files are stored, and the folder where the embeddable PDF reader's JavaScript files are stored in (assuming they are not under the media folder).
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native🇬🇧English: excellent🇫🇷French: basic •🕐My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Tuesday, 23 May 2023 06:53 CDT
[emailprotected]
Nicholas,
This is great information and I can get started on trying to fix the permissions. Hopefully with your tips I can find the files/folders that I need exceptions.
I really appreciate the support, patience and guidance as we work through these things.
Thank you,
Eric
Tuesday, 23 May 2023 07:26 CDT
nicholas
Akeeba Staff
Manager
You're welcome! If you get stuck somewhere, give us a holler!
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native🇬🇧English: excellent🇫🇷French: basic •🕐My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Tuesday, 23 May 2023 12:41 CDT
[emailprotected]
Hello,
I tried to follow you instructions but was unsuccessful. On my test page I have attached the screenshots below.
Here is the full path to the file with the 403 error as shown in the browser debug tool:
https://was1.shorecrest.org/plugins/edocman/viewpdf/ospdfjs/web/viewer.php?file=https://was1.shorecrest.org/edocmanviewer/State_of_the_School_2023.02.07.pdf
I tried both "including .php" and "excluding .php" exceptions for the viewer as it appeared to be a .php file.
I appreciate any assistance you can provide.
Thanks,
Eric
Attachments
403_Error.png
htaccess_exceptions.png
Wednesday, 24 May 2023 01:05 CDT
nicholas
Akeeba Staff
Manager
If only this .php file is needed add
plugins/edocman/viewpdf/ospdfjs/web/viewer.php
to the “Allow direct access to these files” option.
However, I suspect that there are more files this reader pulls up. So, if that fails, do add
plugins/edocman/viewpdf/ospdfjs/web
to the “Allow direct access, including .php files, to these directories” option.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native🇬🇧English: excellent🇫🇷French: basic •🕐My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Wednesday, 24 May 2023 13:41 CDT
[emailprotected]
Hello,
I have tried as you have suggested. I have attached the updated exceptions list screenshot. Unfortunately, this is still not resolving the issue.
I contacted the EDocman developer and received this response:
"Please change permission of files in folder: "root -> plugins -> edocman -> viewpdf -> ospdfjs -> web" and "root -> edocmanviewer" to 777
Then, please check the PDF viewer tool again"
After following the instructions, I was still getting the 403 error. I have explained that this error is only present when a security enhanced .htaccess file is employed and asked for more information on additional helper files that may also need exceptions. I am waiting to hear back.
Do you have other tips on determining what additional files may used by the viewer? Reading through the viewer.php file I do see a few .js files called, but they are in the same directory as viewer.php, which was added as an exception. Do I need to add these .js files individually?
Thanks in advance for any additional suggestions or questions that I can ask the EDocman developer.
Eric
Attachments
admintools_exceptions.png
Thursday, 25 May 2023 02:47 CDT
nicholas
Akeeba Staff
Manager
"Please change permission of files in folder: "root -> plugins -> edocman -> viewpdf -> ospdfjs -> web" and "root -> edocmanviewer" to 777
Jesus wept! No, do NOT change the permissions to 0777. For the reasons see the old, but always relevant, article I wrote back in 2010:https://www.dionysopoulos.me/777-the-number-of-the-beast.html.
Using 0777 permissions to address a read permissions issue is never, ever the right solution. If it was a permissions issue the far more sane, and infinitely more secure, 0644 would still do the trick. Having someone recommend 0777 permissions tells me that this someone understands neither how UNIX permissions work, nor the absolute basics of web site security. I am immediately skeptical about this extension given that its developer has failed at Security 101 in his reply to you…
Do you have other tips on determining what additional files may used by the viewer? Reading through the viewer.php file I do see a few .js files called, but they are in the same directory as viewer.php, which was added as an exception. Do I need to add these .js files individually?
No, you do not need to whitelist specific files. As long as you have their containing folder (or any of its parent folders) to the folders where any file access except .php is allowed then they are allowed to be loaded.
Do you see anything else that throws a 403 or 404 in the Network tab of your browser tools when you try loading the PDF viewer?
Moreover, do you see any other messages in the Console tab which indicate that the browser's security settings, or a Content-Security-Policy header, may be blocking the execution of some JavaScript?
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native🇬🇧English: excellent🇫🇷French: basic •🕐My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Thursday, 25 May 2023 10:59 CDT
[emailprotected]
Nicholas,
I agree that the casual response to change the file permissions to 777 violates many "best practices". I am hopeful that the developer can provide more info on the behavior of their plugin and perhaps make changes once we understand what is causing the block.
In the meantime:
Reviewing the page again there are only (2) 403/404 errors:
I have attached screenshots of the console and network output.
As you hinted at, it does seem that the content-security-policy headers look like something that might cause issues.
is there a way to allow these in Admin Tools?
Thanks,
Eric
Attachments
page-console.png
viewer.php-headers.png
404-header.png
FAQs
How do I uninstall Akeeba admin tools? ›
- In the Search box type Admin Tools package. ...
- Select the item's checkbox and click on the Uninstall button in the toolbar.
Akeeba Backup Core is our free of charge edition. You can download it without registering on our site. It contains the necessary features for a complete backup, restoration and site move solution for your Joomla!- powered websites.
How do I disable admin tools? ›Deny access to Administrative Tools menu
Right-click on the Administrative Tools folder and select Properties. Click Security tab. Select Everyone and click on the Edit button. In the Permissions box which opens, again select Everyone and then click on the Remove button.
- Start Explorer.
- Move to %systemroot%\Profiles\All Users\Start Menu\Programs.
- Select "Administrative Tools (Common)" and select Properties from the File menu (or Right click the file and select properties)
- Click the Security tab.
- Click the Permissions button.
- Select "Everyone" and click Remove.
By default, Akeeba Backup automatically includes the whole database of your Joomla! ™ installation as well as all the files under your site's root in the backup set.
What is Akeeba? ›Akeeba Backup is a Joomla extension that helps you to easily create backUPS of your Joomla site. It can backup your content, settings, menus, and more. You can then restore your site to any previous state if something goes wrong. Akeeba Backup is free to use and is available for both Joomla 1.
How do I restore my Akeeba backup? ›If you want to restore your site to a previous version go to manage backups and then select the backup you wish to restore and click on restore.
How do I force uninstall an admin app? ›Go to SETTINGS->Location and Security-> Device Administrator and deselect the admin which you want to uninstall. Now uninstall the application. If it still says you need to deactivate the application before uninstalling, you may need to Force Stop the application before uninstalling.
How do I skip admin access? ›After that, to run any application without administrator privileges, just select “Run as user without UAC privilege elevation” from the Windows File Explorer context menu. You can deploy this menu item to all computers in the domain by importing the registry parameters using GPO.
How to remove an administrator has blocked you from running this app? ›- Unblock the App Executable. ...
- Run the App Using the Command Prompt. ...
- Run the Apps as an Administrator. ...
- Repair or Reset the Microsoft Store Apps. ...
- Disable Microsoft Defender SmartScreen. ...
- Turn Off Your Antivirus Program.
What is administrative tools in Windows? ›
Administrative Tools is a folder in the Windows 10 Control Panel. These folders contain tools for system administrators and advanced users.
How do I uninstall administrative tools in Windows 10? ›On Windows 10, open the Settings app, go to "Manage optional features", select and uninstall the specific RSAT tools you wish to remove.
Where are Akeeba backups stored? ›The backup files are where you told Akeeba Backup to put them, i.e. in the Output directory you specified in the Configuration page. If you haven't touched the Configuration yet, the default backup output directory is under your web site's root: Akeeba Backup for Joomla!: administrator/components/com_akeeba/backup.
How does Akeeba backup work? ›installations. An Akeeba Backup archive contains your entire site, files and database contents. Restoring a backup will overwrite the files and database tables that have the same name as those included in the backup.
How do I remove Akeeba backup from Joomla? ›- In the Search box type Akeeba Backup package. ...
- Select the item's checkbox and click on the Uninstall button in the toolbar. ...
- All of our software, as well as some third party software, installs our FOF framework version 3 or 4.
DataSafe Pro is professional database backup. It generates a snapshot of your full Joomla database, which allows you to quickly revert your content, whenever you want. It's ideal for creating a quick backup before you start any changes to your website. And to restore your Joomla database from a backup it's easy.
How to install Akeeba WordPress? ›Using WordPress' plugin installer
Go to your site's wp-admin section and click on Plugins, Add New. Select Upload from the top of the page. Click on the file selection area and select the ZIP file you downloaded from us. Then click on the Install Now button.
administrator back-end and go to Extensions > Manage > Install. On the Upload Package File tab, drag the compressed (. zip) installation file you downloaded from the Akeeba Backup download page to the upload area. Akeeba Backup is automatically installed after the installation file is uploaded.
How do I get my photos back after restoration backup? ›- On your Android phone or tablet, open the Google Photos app .
- At the bottom, tap Library Trash .
- Touch and hold the photo or video you want to restore.
- At the bottom, tap Restore. The photo or video will be back: In your phone's gallery app. In your Google Photos library. In any albums it was in.
- Connect the external storage device that contains your backup files.
- In the search box on the taskbar, type Control Panel, then select it from the list of results.
- In the search box in Control Panel, type File History. ...
- Follow the instructions to restore your files.
How do I restore a schema from a backup? ›
- Launch the Restore wizard.
- Specify a restore point.
- Fine-tune the restore point.
- Specify target SQL server settings.
- Select database objects.
- Specify names for restored objects.
- Specify directory names for file tables.
- Specify additional restore options.
An uninstaller, also called a deinstaller, is a variety of utility software designed to remove other software or parts of it from a computer. It is the opposite of an installer.
How do I completely uninstall Studio 5000? ›Uninstalling the Software
From Windows Explorer, navigate to Control Panel\Programs\Programs and Features. From this dialog box, double-click Studio 5000 Logix Designer <version>, and follow the prompts to uninstall.
If you want to restore your site to a previous version go to the manage backups and then select the backup you wish to restore and click on restore.
How do I force uninstall a program that won't uninstall? ›- Open the Start Menu.
- Click Settings.
- Click Apps.
- Select Apps & features from the left-hand side menu.
- Select the Program or App that you want to uninstall from the list that appears.
- Click the uninstall button that shows under the selected program or app.
- Step 1: Use Control Panel to Uninstall a Program. ...
- Step 2: Delete the Remaining Files and Folders. ...
- Step 3: Remove App Keys from Windows Registry. ...
- Step 4: Empty Temp Folder.
- Restart the Windows Installer. ...
- End the App's Process in the Task Manager. ...
- Uninstall the App in Safe Mode. ...
- Use the Program's Default Uninstaller. ...
- Remove the Program's Registry Keys.
- Quit Android Studio if it's running.
- Go to your Applications folder and drag Android Studio to the Trash.
- Click on the Finder in the Dock and then select the Go menu and Go to Folder or use the Command-Shift-G shortcut.
- Type '~/Library' in the text box and press Return.
Removes the main installation directory, product information, and most other features installed outside the installation directory, that might also be shared with other Visual Studio installations or other products.
Why can't I uninstall Android Studio? ›At the root folder, copy uninstall.exe to your local Android Studio folder. Go to windows control panel - "Add and remove programs". Uninstall Android Studio there. The error should be gone now.
What is Akeeba backup? ›
Akeeba Backup is the most popular backup extension for Joomla! websites. With one click, you can back up your entire site, including files and database. Backup profiles enable you to create and schedule backups that exclude individual files, folders, and databases.
How do I update my Akeeba backup? ›Go to the backend of your site. Go to the System menu item, find the Update section and click on Update Sites. Click on the update site for our software, e.g. Akeeba Backup Professional, Akeeba Ticket System Professional or Admin Tools Professional depending on which of our software you have.
How do I restore a meta file? ›From the Metadata menu, choose Restore Metadata. In the Restore Metadata Options dialog, choose Custom Restore. Follow steps in the Restore Metadata wizard to specify the replications to restore and their associated source and target connections.
How do I recover deleted data from a website? ›...
Restore a site
- On a computer, open a site in classic Google Sites.
- Click Deleted sites.
- Next to your deleted site, click Restore site.