Menu

Topic-icon Local File Inclusion

  • Dimps1
  • Dimps1's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 weeks 1 day ago #8514 by Dimps1
Local File Inclusion was created by Dimps1
Hi Jose,I am suddenly having problems with my custom.css files in Joomla websites. If I try and edit or even simply save the existing .css file, I’m getting thrown out as a Super Admin and my IP address is banned with “The webmaster has forbidden your access to this site” The rule that comes in on an email says “Local file inclusion”. It’s not as a result of a Joomla update, as the same thing happens on older sites (Joomla 3.9.23) that have not yet been updated. It’s rather awkward having to go and whitelist my IP address before I go into every site. Any idea why this is happening?

Much obliged for any help.
 

Please Log in or Create an account to join the conversation.

More
4 weeks 1 day ago #8515 by Jose
Replied by Jose on topic Local File Inclusion
Hi Dimps1,

Probably is a false positive caused by any reference to a local resource. Just add the component involved as exception into waf configuration -> filter exceptions -> 'LFI' filter tab.
scpdocs.securitycheckextensions.com/conf...ll_config/exceptions

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • Dimps1
  • Dimps1's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 weeks 1 day ago #8516 by Dimps1
Replied by Dimps1 on topic Local File Inclusion
Hi Jose,
OK, I'll try that. But, it's not a component - just a custom.css file, which is kind of standard and part of the Purity iii template. We've been using it for years without an issue.
Thanks for your help, and kind regards.

Please Log in or Create an account to join the conversation.

More
4 weeks 1 day ago #8517 by Jose
Replied by Jose on topic Local File Inclusion
Hi Dimps1,

Yes, it's a css file but you modify it using Joomla, isn't it? This way the firewall checks it and if it sees something suspicious then triggers the alert and blocks you.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • Dimps1
  • Dimps1's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 weeks 1 day ago #8518 by Dimps1
Replied by Dimps1 on topic Local File Inclusion
Hi Jose,
Quite right. But it did not block me before, it's only in the past couple of months that I've noticed it. Maybe some of the CSS is getting a tad old?
OK, so do I just add the custom.css file as an exception, or the whole template (which is the component)?
Thanks for your speedy response.

Please Log in or Create an account to join the conversation.

More
4 weeks 1 day ago #8519 by Jose
Replied by Jose on topic Local File Inclusion
Hi Dimps1,

Maybe some of the CSS is getting a tad old?

I did some changes in code and maybe this is why you're getting the alert now.

OK, so do I just add the custom.css file as an exception, or the whole template (which is the component)?

It's not possible to add only the file as exception, you have to add the component. If you don't want to do this you can also disable the firewall temporary while you do the changes in the css and enabled once finished.

Regards,
Jose
 

Please Log in or Create an account to join the conversation.

Time to create page: 0.101 seconds
Powered by Kunena Forum

Login or Sign In