Post by MaxZebra » Tue Sep 04, 2018 11:29 am

Using OC 3.0.2.0 on an Apache/cPanel server. No problems in either of two different installations. Note that docs says "Renaming the admin directory to something unrelated to the admin is necessary to prevent unwanted eyes from discovering it's location." Note that renaming is said to be necessary.

When we rename the admin folder, the renaming is satisfactory, as long as we don't need to use the 'System' tab and save any changes. Then the 403 error appears on 'Save'.

We have tried several different names. All other names tried produce the 403 error. Same on both installations. One of these is a fully configured working shop, but the other of these installations has had no extensions added, and carries only demo products. It is a naked default OC 3.0.2.0 installation.

Our workaround (after six days work trying to find/fix the 403 error) is to have a second admin folder with config files set for the folder to be called 'admin', but it sits there renamed something else. Our client uses the main admin folder, renamed (****1313), but cannot save system settings. If we need to change and save anything in the 'System' tab for them, we temporarily rename the second folder back to 'admin', make the changes and save OK. It is the same on both installations.

This issue is NOT related to having two folders with the same 'admin' content. The problem arose first. Having two folders has simply given us a workable solution without having any folder called 'admin' on the published site.

Newbie

Posts

Joined
Sat Aug 25, 2018 8:33 pm

Post by straightlight » Tue Sep 04, 2018 7:54 pm

Better use an extension from the Marketplace to rename your admin folder without crashing the store. Posted in the Bug Reports section. Not a bug.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Tue Sep 04, 2018 10:23 pm

You have also posted in the section of the forums for version 1.5 not version 3.

Somethings to check if you haven't already.
Does save work for other pages of the admin? Do System -> Users, Localisation and Maintenance pages have the same problem or is it just System -> Settings?
Have you inspected the requests and response in your web browsers inspect tools? Did the post URL and post data look correct? Are they any different from when the folder is not renamed?
Do you have anything in your .htaccess that could be preventing a post from working?
Are any there security settings like ModSecurity on your hosting that are preventing the post from working? Have you tried switching them off?
Could it be an extension causing the problem? You could try a clean install to a sub folder and try renaming the admin in that.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by MaxZebra » Wed Sep 05, 2018 8:31 am

Thank you to those who have responded:
  • There are instructions on changing the admin folder name. Why do we need an extension, when following the instructions should suffice? It does in other shopping carts I have used.
  • Our cPanel does not have 'mod-security', and I have checked all through the cPanel security. Nothing seems to apply.
  • It is not an extension issue - same applies to a completely naked default install.
  • htaccess is left as htaccess.txt in the naked store - and both stores (the naked and the full monty) behave the same way. Looks like it's not a htaccess issue.
  • All tabs in 'System' yield the error
  • There are no helps to this issue that we found in six days of working on it, the cart does not behave in the way it says when you follow the instructions, so in my book that's a bug.
  • If you should not rename the 'admin' folder manually, then the instructions should tell you to get the extension, or more appropriately, include it in the package as a security measure.
I'm looking forward to some outcome here, even if it is having to use an extension - but then I'd want the OC instructions to say "you should get the extension and change the name of the admin folder for security - but don't try to do it manually." But having the instructions tell you to do it, and have it fail is no outcome at all. Someone has to 'own' user experience (UX) here!

Newbie

Posts

Joined
Sat Aug 25, 2018 8:33 pm

Post by IP_CAM » Wed Sep 05, 2018 10:31 am

If you should not rename the 'admin' folder manually, then the instructions should tell you ...
Well, just accept, that one just CANNOT change an Admin Directory Name, and expect the Rest of the Code,
to just go along. It has not been planned this way, and it will not work, by just changing one or two things. ::)
Exept, if you buy this rather costly Extensions, wich has been created by one of the top OC Code Professionals.
And it took some work, as it looks, or then, the Mod would have come cheaper.
But don't argue about, why it works this way, nobody around here had/has any influence on designing OC. It's all
in the hand of the OC Chief in Command. But since he's donating OC for free, it would be not respectful, to blame
him for how he's doing things, since he does not force anyone, to use it ... ::)
Good Luck, no offense! ;)
Ernie
---
AdminRename - Rename your OpenCart admin directory
https://www.opencart.com/index.php?rout ... n_id=24118
---
This one comes for free, and it also does a great Job, without changing Direcory Names!
To test it, try to connect to the Admin Page here, I use a similar Solution for this: ;)
http://www.opencart.li/shop/admin/
Simple Login Security (OCMOD for OpenCart 2.x -3.x
https://www.opencart.com/index.php?rout ... n_id=21371
---

For Sale: Top URL's, including an OpenCart V-Pro Shop!
A wide range of matching Designs can be seen here: http://www.opencart.li
For Information on URL's offered, please contact me at: jti@jacob.ch
Hundreds of Mods in 380+ Repositories for OC v.1.5.x - v.2.3.x
to be found on my Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by ADD Creative » Thu Sep 06, 2018 12:09 am

MaxZebra wrote:
Wed Sep 05, 2018 8:31 am
Thank you to those who have responded:
  • There are instructions on changing the admin folder name. Why do we need an extension, when following the instructions should suffice? It does in other shopping carts I have used.
  • Our cPanel does not have 'mod-security', and I have checked all through the cPanel security. Nothing seems to apply.
  • It is not an extension issue - same applies to a completely naked default install.
  • htaccess is left as htaccess.txt in the naked store - and both stores (the naked and the full monty) behave the same way. Looks like it's not a htaccess issue.
  • All tabs in 'System' yield the error
  • There are no helps to this issue that we found in six days of working on it, the cart does not behave in the way it says when you follow the instructions, so in my book that's a bug.
  • If you should not rename the 'admin' folder manually, then the instructions should tell you to get the extension, or more appropriately, include it in the package as a security measure.
I'm looking forward to some outcome here, even if it is having to use an extension - but then I'd want the OC instructions to say "you should get the extension and change the name of the admin folder for security - but don't try to do it manually." But having the instructions tell you to do it, and have it fail is no outcome at all. Someone has to 'own' user experience (UX) here!
You should not need an extension (but they might help compatibility with other extensions).

I did do a test on a clean install of version 3.0.2.0, by renaming the folder and then changing HTTP_SERVER, HTTPS_SERVER and DIR_APPLICATION in admin/config.php to point to the new admin folder. Everything worked as it should.

If you have eliminated the possibility of an extension causing the issue by using a clean install, then I would say the issue is most likely with your hosting. Have you tried installing and renaming the admin folder on a local test server or another hosting server (if you have access to one)?

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by IP_CAM » Thu Sep 06, 2018 2:50 am

Well, it might work, as long as one does not install an Extension, looking for
a hard-coded admin section, as it usually will be the case in VqMod Extensions
at least, and will probably be the same, when it comes to latest Version OcMods. :-\
<file name="admin/view/...
<file path="admin/view/...
But, if so, one might have to rewrite a lot of Mod's, to further do their Job.
Ernie

For Sale: Top URL's, including an OpenCart V-Pro Shop!
A wide range of matching Designs can be seen here: http://www.opencart.li
For Information on URL's offered, please contact me at: jti@jacob.ch
Hundreds of Mods in 380+ Repositories for OC v.1.5.x - v.2.3.x
to be found on my Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by MaxZebra » Fri Sep 07, 2018 2:20 pm

Thank you ADD Creative, there has just been one significant development.

Looking for something else entirely, and for nothing associated with this matter, I fell over a well hidden report on our hosting dashboard (managing several sites) that provided a mod-security report.

There is no reference to any mod-security on the cPanel, and no controls for it, but this mod-security report shows conclusively that the problem referred to here is that access is blocked by mod-security. 403 instances all duly and faithfully reported. Great!

So it is a hosting issue after all, and it's a great hosting company, so we won't change that. We will now look at the extensions to see where we go on renaming the admin folder.

At last we have a definitive answer. It's resolved! Thank you all!
Have a good weekend - or in 'Strine' - "Avagoodweegen".

Newbie

Posts

Joined
Sat Aug 25, 2018 8:33 pm
Who is online

Users browsing this forum: No registered users and 6 guests