Akeeba Admin Tools made password-protected frontend pages based on ZH Googlemap

  • oldflint
  • Topic Author
  • Offline
  • New Member
  • New Member
More
6 years 7 months ago - 6 years 7 months ago #11592 by oldflint
Hi there,

I have Akeeba admin tools installed and on the front end I'm not supposed to have any password-protected pages.
Only backend is supposed to be password-protected.

Nevertheless these frontend pages:
www.earthmaster.ca/projects/featured-projects
www.earthmaster.ca/contact-us
became password protected.
If you click a few times on [Cancel] button on login form, it will finally show the map itself but not placemarks.

How could I make those pages freely available without admin login.

Thank you so much in advance!
==================================================================

This is exactly what I wrote to Akeeba people.

Here is their 1st reply:
==================================================================
Something on those pages - the map plugin, maybe - is calling something from within the /administrator folder. It is a bug in that extension. A public facing page should never call an asset from within the /administrator tree - for just this reason. I'm guessing about the map plugin! I know that is a third party extension and it shows up on both pages.

I see this in the debug console:

The resource at “http://www.google-analytics.com/analytics.js” was blocked because tracking protection is enabled.[Learn More]
featured-projects
Loading failed for the <script> with source “http://www.google-analytics.com/analytics.js”.
featured-projects:1
Google Maps API warning: NoApiKeys developers.google.com/maps/documentation...messages#no-api-keys

The tracking protection would be a setting within Admin Tools .htaccess Maker. But I'm not 100% sure that these three messages relate to the three prompts for the password. I know something is being called out of /administrator and this doesn't really match up.
============================================================

Then I wrote:
============================================================
You have mentioned 2 Google related URLs to scripts

Where exactly in Admin Tools .htaccess Maker could I make an entry to create an exception for Admin Tools to ignore them?

If it doesn't work where else in Admin Tools could I make exception entries for my ZH GoogleMap pages
to be ignored by Admin Tools security?
============================================================

This is their 2nd reply:
============================================================
For the Google messages, try setting "Disable HTTP methods TRACE and TRACK (protect against XST)" to Yes. Then regenerate your .htaccess file.

There is no work around if an extension is calling something from within /administrator, all you can do is turn off the /administrator password. Only the author of the extension can fix it.
============================================================

I tried the first suggestion, it didn't help.
And I'm still hoping that you might have a better idea rather than completely disabling ADMIN PASSWORD PROTECTION as they suggest (the last their sentence).

Thank you so much in advance!
Last edit: 6 years 7 months ago by oldflint.

Please Log in or Create an account to join the conversation.

More
6 years 7 months ago #11594 by Dima
Hi.
As I understand right, you set password protection to administrator folder on site.
By default, all icons located there.
I think you should to
wiki.zhuk.cc/index.php/Zh_GoogleMap_Trou...en_map_is_displaying
details
wiki.zhuk.cc/index.php/Zh_GoogleMap_Desc...ibilityModeRSFAnchor
Ie copy icons into site icon folder and set compatibility mode for resource files

Don't forget support my developments: post review in JED , donate , help with translation ;)

Please Log in or Create an account to join the conversation.

Time to create page: 0.173 seconds
Powered by Kunena Forum