Today, we received a report from a client that he was blocked from his website. The excellent Web Application Firewall of Akeeba AdminTools had kicked into action and banned the users’ IP address.
I should point out that the settings of this particular site are pretty strict., because the website is an interesting target for wannabe hackers to take down – which, to this day, has never worked. So, maybe the ban is the result of me being overjealous.
The user got banned after WAF registered the usage of “template” in the URL. This is part of a feature to protect you against visitors that want to use an old exploit in the Template viewer / Switcher on the website. WAF bans the usage of “templates” in any and all URLS (I’m sure this can be filtered).
The quick and dirty workaround when you’re facing this sort of problem is simple. Change the aliases of the “offending” components and remove the word “templates” from it, which will affect the URL, and remember for the future to change any aliases when you’re using the word “template” in a template.