- Posts: 7
- Thank you received: 0
- Home
- /
- Forum
- /
- Securitycheck Pro Control Center
- /
- Newbies area
- /
- Security check pro control center 2.0 problems
Local File Inclusion
- Dimps1
-
Topic Author
- Offline
- New Member
-
Less
More
4 weeks 1 day ago #8514
by Dimps1
Local File Inclusion was created by Dimps1
Hi Jose,I am suddenly having problems with my custom.css files in Joomla websites. If I try and edit or even simply save the existing .css file, I’m getting thrown out as a Super Admin and my IP address is banned with “The webmaster has forbidden your access to this site” The rule that comes in on an email says “Local file inclusion”. It’s not as a result of a Joomla update, as the same thing happens on older sites (Joomla 3.9.23) that have not yet been updated. It’s rather awkward having to go and whitelist my IP address before I go into every site. Any idea why this is happening?
Much obliged for any help.
Much obliged for any help.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4168
- Thank you received: 322
4 weeks 1 day ago #8515
by Jose
Replied by Jose on topic Local File Inclusion
Hi Dimps1,
Probably is a false positive caused by any reference to a local resource. Just add the component involved as exception into waf configuration -> filter exceptions -> 'LFI' filter tab.
scpdocs.securitycheckextensions.com/conf...ll_config/exceptions
Regards,
Jose
Probably is a false positive caused by any reference to a local resource. Just add the component involved as exception into waf configuration -> filter exceptions -> 'LFI' filter tab.
scpdocs.securitycheckextensions.com/conf...ll_config/exceptions
Regards,
Jose
Please Log in or Create an account to join the conversation.
- Dimps1
-
Topic Author
- Offline
- New Member
-
Less
More
- Posts: 7
- Thank you received: 0
4 weeks 1 day ago #8516
by Dimps1
Replied by Dimps1 on topic Local File Inclusion
Hi Jose,
OK, I'll try that. But, it's not a component - just a custom.css file, which is kind of standard and part of the Purity iii template. We've been using it for years without an issue.
Thanks for your help, and kind regards.
OK, I'll try that. But, it's not a component - just a custom.css file, which is kind of standard and part of the Purity iii template. We've been using it for years without an issue.
Thanks for your help, and kind regards.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4168
- Thank you received: 322
4 weeks 1 day ago #8517
by Jose
Replied by Jose on topic Local File Inclusion
Hi Dimps1,
Yes, it's a css file but you modify it using Joomla, isn't it? This way the firewall checks it and if it sees something suspicious then triggers the alert and blocks you.
Regards,
Jose
Yes, it's a css file but you modify it using Joomla, isn't it? This way the firewall checks it and if it sees something suspicious then triggers the alert and blocks you.
Regards,
Jose
Please Log in or Create an account to join the conversation.
- Dimps1
-
Topic Author
- Offline
- New Member
-
Less
More
- Posts: 7
- Thank you received: 0
4 weeks 1 day ago #8518
by Dimps1
Replied by Dimps1 on topic Local File Inclusion
Hi Jose,
Quite right. But it did not block me before, it's only in the past couple of months that I've noticed it. Maybe some of the CSS is getting a tad old?
OK, so do I just add the custom.css file as an exception, or the whole template (which is the component)?
Thanks for your speedy response.
Quite right. But it did not block me before, it's only in the past couple of months that I've noticed it. Maybe some of the CSS is getting a tad old?
OK, so do I just add the custom.css file as an exception, or the whole template (which is the component)?
Thanks for your speedy response.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4168
- Thank you received: 322
4 weeks 1 day ago #8519
by Jose
Replied by Jose on topic Local File Inclusion
Hi Dimps1,
Regards,
Jose
I did some changes in code and maybe this is why you're getting the alert now.Maybe some of the CSS is getting a tad old?
It's not possible to add only the file as exception, you have to add the component. If you don't want to do this you can also disable the firewall temporary while you do the changes in the css and enabled once finished.OK, so do I just add the custom.css file as an exception, or the whole template (which is the component)?
Regards,
Jose
Please Log in or Create an account to join the conversation.
Time to create page: 0.101 seconds