shell bypass 403
<?xml version="1.0" encoding="utf-8"?>
<!--~
~ @package admintools
~ @copyright Copyright (c)2010-2024 Nicholas K. Dionysopoulos / Akeeba Ltd
~ @license GNU General Public License version 3, or later
-->
<form
addfieldprefix="Akeeba\Component\AdminTools\Administrator\Field"
addruleprefix="Akeeba\Component\AdminTools\Administrator\Rule"
>
<fieldset name="basic_security"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_BASICSEC"
>
<field
name="nodirlists"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NODIRLISTS"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="fileinj"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FILEINJ"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="leftovers"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_LEFTOVERS"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="clickjacking"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_CLICKJACKING"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="reducemimetyperisks"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_REDUCEMIMETYPERISKS"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="reflectedxss"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFLECTEDXSS"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="svgneutralise"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_SVGNEUTRALISE"
default="0"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="noserversignature"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NOSERVERSIGNATURE"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="notransform"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NOTRANSFORM"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="nohoggers"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NOHOGGERS"
default="0"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="hoggeragents"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HOGGERAGENTS"
layout="akeeba.admintools.form.field.list-fancy-select"
multiple="true"
showon="nohoggers:1"
default="WebBandit, webbandit, Acunetix, binlar, BlackWidow, Bolt 0, Bot mailto:[email protected], BOT for JCE, casper, checkprivacy, ChinaClaw, clshttp, cmsworldmap, comodo, Custo, Default Browser 0, diavol, DIIbot, DISCo, dotbot, Download Demon, eCatch, EirGrabber, EmailCollector, EmailSiphon, EmailWolf, Express WebPictures, extract, ExtractorPro, EyeNetIE, feedfinder, FHscan, FlashGet, flicky, GetRight, GetWeb!, Go-Ahead-Got-It, Go!Zilla, grab, GrabNet, Grafula, harvest, HMView, ia_archiver, Image Stripper, Image Sucker, InterGET, Internet Ninja, InternetSeer.com, jakarta, Java, JetCar, JOC Web Spider, kmccrew, larbin, LeechFTP, libwww, Mass Downloader, Maxthon$, microsoft.url, MIDown tool, miner, Mister PiX, NEWT, MSFrontPage, Navroad, NearSite, Net Vampire, NetAnts, NetSpider, NetZIP, nutch, Octopus, Offline Explorer, Offline Navigator, PageGrabber, Papa Foto, pavuk, pcBrowser, PeoplePal, planetwork, psbot, purebot, pycurl, RealDownload, ReGet, Rippers 0, SeaMonkey$, sitecheck.internetseer.com, SiteSnagger, skygrid, SmartDownload, sucker, SuperBot, SuperHTTP, Surfbot, tAkeOut, Teleport Pro, Toata dragostea mea pentru diavola, turnit, vikspider, VoidEYE, Web Image Collector, Web Sucker, WebAuto, WebCopier, WebFetch, WebGo IS, WebLeacher, WebReaper, WebSauger, Website eXtractor, Website Quester, WebStripper, WebWhacker, WebZIP, Wget, Widow, WWW-Mechanize, WWWOFFLE, Xaldon WebSpider, Yandex, Zeus, zmeu, CazoodleBot, discobot, ecxi, GT::WWW, heritrix, HTTP::Lite, HTTrack, ia_archiver, id-search, id-search.org, IDBot, Indy Library, IRLbot, ISC Systems iRc Search 2.1, LinksManager.com_bot, linkwalker, lwp-trivial, MFC_Tear_Sample, Microsoft URL Control, Missigua Locator, panscient.com, PECL::HTTP, PHPCrawl, PleaseCrawl, SBIder, Snoopy, Steeler, URI::Fetch, urllib, Web Sucker, webalta, WebCollage, Wells Search II, WEP Search, zermelo, ZyBorg, Indy Library, libwww-perl, Go!Zilla, TurnitinBot, sqlmap"
/>
</fieldset>
<fieldset name="server_protection"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_SERVERPROT">
<field
name="backendprot"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_BACKENDPROT"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="bepexdirs"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_BEPEXDIRS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="backendprot:1"
default="components, modules, templates"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_DIRECTORY"
required="true"
recursive="true"
addonBefore="administrator/"
/>
</form>
</field>
<field
name="bepextypes"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_BEPEXTYPES"
layout="akeeba.admintools.form.field.list-fancy-select"
multiple="true"
showon="backendprot:1"
default="jpe, jpg, jpeg, jp2, jpe2, png, gif, bmp, css, js, swf, html, mpg, mp3, mpeg, mp4, avi, wav, ogg, ogv, xls, xlsx, doc, docx, ppt, pptx, zip, rar, pdf, xps, txt, 7z, svg, odt, ods, odp, flv, mov, htm, ttf, woff, woff2, eot, webp, ico, JPG, JPEG, PNG, GIF, CSS, JS, TTF, WOFF, WOFF2, EOT, WEBP, ICO, xsl"
/>
<field
name="frontendprot"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FRONTENDPROT"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="fepexdirs"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FEPEXDIRS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="frontendprot:1"
default="components, modules, templates, images, plugins, media, libraries"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_DIRECTORY"
required="true"
addonBefore="/"
/>
</form>
</field>
<field
name="fepextypes"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FEPEXTYPES"
layout="akeeba.admintools.form.field.list-fancy-select"
multiple="true"
showon="frontendprot:1"
default="jpe, jpg, jpeg, jp2, jpe2, png, gif, bmp, css, js, swf, html, mpg, mp3, mpeg, mp4, avi, wav, ogg, ogv, xls, xlsx, doc, docx, ppt, pptx, zip, rar, pdf, xps, txt, 7z, svg, odt, ods, odp, flv, mov, htm, ttf, woff, woff2, eot, webp, ico, JPG, JPEG, PNG, GIF, CSS, JS, TTF, WOFF, WOFF2, EOT, WEBP, ICO, xsl"
/>
<field name="serverprot_exception_header"
type="note"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_SERVERPROT_EXCEPTIONS"
heading="h3"
class="border-bottom w-100"
showon="backendprot:1[OR]frontendprot:1"
/>
<field
name="exceptionfiles"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXCEPTIONFILES"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="backendprot:1[OR]frontendprot:1"
default="administrator/components/com_akeeba/restore.php, administrator/components/com_akeebabackup/restore.php, administrator/components/com_joomlaupdate/restore.php, administrator/components/com_joomlaupdate/extract.php"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_FILE"
required="true"
addonBefore="/"
/>
</form>
</field>
<field
name="exceptiondirs"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXCEPTIONDIRS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="backendprot:1[OR]frontendprot:1"
default=".well-known"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_DIRECTORY"
required="true"
addonBefore="/"
/>
</form>
</field>
<field
name="fullaccessdirs"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FULLACCESSDIRS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="backendprot:1[OR]frontendprot:1"
default="installation"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_DIRECTORY"
required="true"
addonBefore="/"
/>
</form>
</field>
</fieldset>
<fieldset name="optutil"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_OPTUTIL">
<field
name="fileorder"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FILEORDER"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="exptime"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXPTIME"
default="0"
validate="options"
>
<option value="0">COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXPTIME_NO</option>
<option value="1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXPTIME_VARIES</option>
<option value="2">COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXPTIME_YEAR</option>
</field>
<field
name="autocompress"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_AUTOCOMPRESS"
default="0"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="autoroot"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_AUTOROOT"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="wwwredir"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_WWWREDIR"
default="0"
validate="options"
>
<option value="0">COM_ADMINTOOLS_HTACCESSMAKER_LBL_WWWREDIR_NO</option>
<option value="1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_WWWREDIR_WWW</option>
<option value="2">COM_ADMINTOOLS_HTACCESSMAKER_LBL_WWWREDIR_NONWWW</option>
</field>
<field
name="olddomain"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_OLDDOMAIN"
default=""
/>
<field
name="httpsurls"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HTTPSURLS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
default=""
>
<form>
<field
name="item"
type="url"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_URL_PATH"
relative="true"
class="w-100"
/>
</form>
</field>
<field
name="hstsheader"
type="list"
layout="joomla.form.field.radio.buttons"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HSTSHEADER"
class="btn-group"
default="0"
validate="options"
>
<option value="0" class="btn btn-outline-danger">COM_ADMINTOOLS_HTACCESSMAKER_LBL_HSTSHEADER_OPT_NONE</option>
<option value="1" class="btn btn-outline-secondary">COM_ADMINTOOLS_HTACCESSMAKER_LBL_HSTSHEADER_OPT_BASIC</option>
<option value="2" class="btn btn-outline-primary">COM_ADMINTOOLS_HTACCESSMAKER_LBL_HSTSHEADER_OPT_PRELOAD</option>
</field>
<field
name="notracetrack"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NOTRACETRACK"
default="0"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="cors"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_CORS"
default="0"
validate="options"
>
<option value="-1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_CORS_OPT_SAMEORIGIN</option>
<option value="0">COM_ADMINTOOLS_HTACCESSMAKER_LBL_CORS_OPT_UNSET</option>
<option value="1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_CORS_OPT_ENABLE</option>
</field>
<field
name="etagtype"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_ETAGTYPE"
default="default"
validate="options"
>
<option value="default">COM_ADMINTOOLS_HTACCESSMAKER_LBL_ETAGTYPE_DEFAULT</option>
<option value="none">COM_ADMINTOOLS_HTACCESSMAKER_LBL_ETAGTYPE_NONE</option>
</field>
<field
name="referrerpolicy"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY"
default="unsafe-url"
validate="options"
>
<option value="-1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_DISABLED</option>
<option value="">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_EMPTY</option>
<option value="no-referrer">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_NOREF</option>
<option value="no-referrer-when-downgrade">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_NOREF_DOWNGRADE
</option>
<option value="same-origin">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_SAMEORIGIN</option>
<option value="origin">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_ORIGIN</option>
<option value="strict-origin">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_STRICTORIGIN</option>
<option value="origin-when-cross-origin">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_ORIGINCROSS</option>
<option value="strict-origin-when-cross-origin">
COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_STRICTORIGINGCROSS
</option>
<option value="unsafe-url">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_UNSAFE</option>
</field>
</fieldset>
<fieldset name="sysconfig"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_SYSCONF">
<field
name="httpshost"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HTTPSHOST"
required="true"
addonBefore="https://"
/>
<field
name="httphost"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HTTPHOST"
required="true"
addonBefore="http://"
/>
<field
name="rewritebase"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_REWRITEBASE"
required="true"
default="/"
/>
</fieldset>
</form>