shell bypass 403
<?xml version="1.0" encoding="utf-8"?>
<!--~
~ @package admintools
~ @copyright Copyright (c)2010-2025 Nicholas K. Dionysopoulos / Akeeba Ltd
~ @license GNU General Public License version 3, or later
-->
<form
addfieldprefix="Akeeba\Component\AdminTools\Administrator\Field"
addruleprefix="Akeeba\Component\AdminTools\Administrator\Rule"
>
<config>
<inlinehelp button="show"/>
</config>
<fieldset name="basic_security"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_BASICSEC"
>
<field
name="nodirlists"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NODIRLISTS"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="fileinj"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FILEINJ"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="leftovers"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_LEFTOVERS"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="clickjacking"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_CLICKJACKING"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="reducemimetyperisks"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_REDUCEMIMETYPERISKS"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="reflectedxss"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFLECTEDXSS"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="svgneutralise"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_SVGNEUTRALISE"
default="0"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="noserversignature"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NOSERVERSIGNATURE"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="notransform"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NOTRANSFORM"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="nohoggers"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NOHOGGERS"
default="0"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="hoggeragents"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HOGGERAGENTS"
layout="akeeba.admintools.form.field.list-fancy-select"
multiple="true"
showon="nohoggers:1"
default="acapbot, acoonbot, acunetix, ahrefs, alexibot, archiver, asterias, attackbot, awario, backdor, base64_decode, becomebot, bin/bash, binlar, blackwidow, blekkobot, blex, blowfish, bolt 0, bot for jce, bot mailto:[email protected], bullseye, bunnys, butterfly, c99shell, careerbot, casper, casper, cazoodlebot, checkpriv, checkprivacy, cheesebot, cherrypick, chinaclaw, chinaclaw, choppy, clshttp, clshttp, cmsworld, cmsworldmap, comodo, copernic, copyrightcheck, cosmos, crescent, custo, datacha, default browser 0, demon, diavol, diibot, disco, discobot, disconnect, dittospyder, dotbot, dotnetdotcom, download demon, dumbot, ecatch, econtext, ecxi, eirgrabber, emailcollector, emailsiphon, emailwolf, eolasbot, eval, eventures, express webpictures, extract, extractorpro, eyenetie, feedfinder, fhscan, flaming, flashget, flicky, foobot, fuck, g00g1e, getright, getweb!, gigabot, go!zilla, go-ahead-got, go-ahead-got-it, gozilla, grab, grabnet, grafula, gt::www, harvest, heritrix, hmview, http::lite, httrack, httracks, ia_archiver, icarus6j, id-search, id-search.org, idbot, image stripper, image sucker, indy library, interget, internet ninja, internetseer.com, irlbot, isc systems irc search 2.1, jakarta, java, jetbot, jetcar, jikespider, joc web spider, kmccrew, larbin, leechftp, libweb, libwww, libwww-perl, liebaofast, linkscan, linksmanager.com_bot, linkwalker, loader, lwp-download, lwp-trivial, majestic, mass downloader, masscan, maxthon$, mechanize, mfc_tear_sample, microsoft url control, microsoft.url, midown tool, miner, missigua locator, mister pix, mj12bot, morfeus, moveoverbot, msfrontpage, navroad, nearsite, net vampire, netants, netmechanic, netspider, netzip, newt, nicerspro, nikto, ninja, nominet, nutch, octopus, offline explorer, offline navigator, pagegrabber, panscient.com, papa foto, pavuk, pcbrowser, pecl::http, peoplepal, petalbot, phpcrawl, phpshell, planetwork, pleasecrawl, postrank, proximic, psbot, purebot, queryn, queryseeker, radian6, radiation, realdownload, reget, remoteview, rippers 0, rogerbot, sbider, scan, scooter, seamonkey$, seekerspid, semalt, siclab, sindice, sistrix, sitebot, sitecheck.internetseer.com, sitecopier, siteexplorer, sitesnagger, skygrid, smartdownload, snoopy, sosospider, spankbot, spbot, sqlmap, stackrambler, steeler, stripper, sucker, superbot, superhttp, surfbot, surftbot, sux0r, suzukacz, suzuran, takeout, teleport, teleport pro, telesoft, toata dragostea mea pentru diavola, true_robots, turingos, turnit, turnitinbot, unserializ, uri::fetch, urllib, vampire, vikspider, voideye, web image collector, web sucker, webalta, webauto, webbandit, webcollage, webcopier, webfetch, webgo is, webleacher, webreaper, websauger, webshell, website extractor, website quester, webstripper, webvac, webviewer, webwhacker, webzip, wells search ii, wep search, widow, winhttp, woxbot, www-mechanize, wwwoffle, xaldon, xaldon webspider, xxxyy, yamanalab, yioopbot, youda, zermelo, zeus, zmeu, zune, zyborg"
/>
<field
name="restrictip"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_RESTRICTIP"
default="none"
validate="options"
>
<option value="none">COM_ADMINTOOLS_HTACCESSMAKER_LBL_RESTRICTIP_OPT_NONE</option>
<option value="custom">COM_ADMINTOOLS_HTACCESSMAKER_LBL_RESTRICTIP_OPT_CUSTOM</option>
<option value="internal">COM_ADMINTOOLS_HTACCESSMAKER_LBL_RESTRICTIP_OPT_INTERNAL</option>
<option value="cloudflare">COM_ADMINTOOLS_HTACCESSMAKER_LBL_RESTRICTIP_OPT_CLOUDFLARE</option>
<option value="sucuri">COM_ADMINTOOLS_HTACCESSMAKER_LBL_RESTRICTIP_OPT_SUCURI</option>
<option value="bunnycdn">COM_ADMINTOOLS_HTACCESSMAKER_LBL_RESTRICTIP_OPT_BUNNYCDN</option>
</field>
<field
name="restrictip_custom"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_RESTRICTIP_CUSTOM"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="restrictip:custom"
>
<form>
<form>
<field
name="item"
type="text"
label="COM_ADMINTOOLS_CONFIGUREWAF_LBL_COMMON_IP"
required="true"
recursive="true"
/>
<field
name="description"
type="text"
label="COM_ADMINTOOLS_CONFIGUREWAF_LBL_COMMON_DESCRIPTION"
required="false"
recursive="true"
/>
</form>
</form>
</field>
</fieldset>
<fieldset name="server_protection"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_SERVERPROT">
<field
name="backendprot"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_BACKENDPROT"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="bepexdirs"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_BEPEXDIRS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="backendprot:1"
default="components, modules, templates"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_DIRECTORY"
required="true"
recursive="true"
addonBefore="administrator/"
/>
</form>
</field>
<field
name="bepextypes"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_BEPEXTYPES"
layout="akeeba.admintools.form.field.list-fancy-select"
multiple="true"
showon="backendprot:1"
default="jpe, jpg, jpeg, jp2, jpe2, png, gif, bmp, css, js, swf, html, mpg, mp3, mpeg, mp4, avi, wav, ogg, ogv, xls, xlsx, doc, docx, ppt, pptx, zip, rar, pdf, xps, txt, 7z, svg, odt, ods, odp, flv, mov, htm, ttf, woff, woff2, eot, webp, ico, JPG, JPEG, PNG, GIF, CSS, JS, TTF, WOFF, WOFF2, EOT, WEBP, ICO, xsl"
/>
<field
name="frontendprot"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FRONTENDPROT"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="fepexdirs"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FEPEXDIRS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="frontendprot:1"
default="components, modules, templates, files, images, plugins, media, libraries"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_DIRECTORY"
required="true"
addonBefore="/"
/>
</form>
</field>
<field
name="fepextypes"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FEPEXTYPES"
layout="akeeba.admintools.form.field.list-fancy-select"
multiple="true"
showon="frontendprot:1"
default="jpe, jpg, jpeg, jp2, jpe2, png, gif, bmp, css, js, swf, html, mpg, mp3, mpeg, mp4, avi, wav, ogg, ogv, xls, xlsx, doc, docx, ppt, pptx, zip, rar, pdf, xps, txt, 7z, svg, odt, ods, odp, flv, mov, htm, ttf, woff, woff2, eot, webp, ico, JPG, JPEG, PNG, GIF, CSS, JS, TTF, WOFF, WOFF2, EOT, WEBP, ICO, xsl"
/>
<field name="serverprot_exception_header"
type="note"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_SERVERPROT_EXCEPTIONS"
heading="h3"
class="border-bottom w-100"
showon="backendprot:1[OR]frontendprot:1"
/>
<field
name="exceptionfiles"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXCEPTIONFILES"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="backendprot:1[OR]frontendprot:1"
default="administrator/components/com_akeeba/restore.php, administrator/components/com_akeebabackup/restore.php, administrator/components/com_joomlaupdate/restore.php, administrator/components/com_joomlaupdate/extract.php"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_FILE"
required="true"
addonBefore="/"
/>
</form>
</field>
<field
name="exceptiondirs"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXCEPTIONDIRS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="backendprot:1[OR]frontendprot:1"
default=".well-known"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_DIRECTORY"
required="true"
addonBefore="/"
/>
</form>
</field>
<field
name="fullaccessdirs"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FULLACCESSDIRS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
showon="backendprot:1[OR]frontendprot:1"
default="installation"
>
<form>
<!--
DO NOT VALIDATE FOLDERS.
We need to allow currently non-existent folders which might be created at a later time.
-->
<field
name="item"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_DIRECTORY"
required="true"
addonBefore="/"
/>
</form>
</field>
</fieldset>
<fieldset name="optutil"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_OPTUTIL">
<field
name="fileorder"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_FILEORDER"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="exptime"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXPTIME"
default="0"
validate="options"
>
<option value="0">COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXPTIME_NO</option>
<option value="1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXPTIME_VARIES</option>
<option value="2">COM_ADMINTOOLS_HTACCESSMAKER_LBL_EXPTIME_YEAR</option>
</field>
<field
name="autocompress"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_AUTOCOMPRESS"
default="0"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="autoroot"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_AUTOROOT"
default="1"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="wwwredir"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_WWWREDIR"
default="0"
validate="options"
>
<option value="0">COM_ADMINTOOLS_HTACCESSMAKER_LBL_WWWREDIR_NO</option>
<option value="1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_WWWREDIR_WWW</option>
<option value="2">COM_ADMINTOOLS_HTACCESSMAKER_LBL_WWWREDIR_NONWWW</option>
</field>
<field
name="olddomain"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_OLDDOMAIN"
default=""
/>
<field
name="httpsurls"
type="subform"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HTTPSURLS"
layout="joomla.form.field.subform.repeatable-table"
multiple="true"
min="0"
buttons="add,remove,move"
groupByFieldset="false"
validate="subform"
default=""
>
<form>
<field
name="item"
type="url"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_COMMON_URL_PATH"
relative="true"
class="w-100"
/>
</form>
</field>
<field
name="hstsheader"
type="list"
layout="joomla.form.field.radio.buttons"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HSTSHEADER"
class="btn-group"
default="0"
validate="options"
>
<option value="0" class="btn btn-outline-danger">COM_ADMINTOOLS_HTACCESSMAKER_LBL_HSTSHEADER_OPT_NONE</option>
<option value="1" class="btn btn-outline-secondary">COM_ADMINTOOLS_HTACCESSMAKER_LBL_HSTSHEADER_OPT_BASIC</option>
<option value="2" class="btn btn-outline-primary">COM_ADMINTOOLS_HTACCESSMAKER_LBL_HSTSHEADER_OPT_PRELOAD</option>
</field>
<field
name="notracetrack"
type="list"
layout="joomla.form.field.radio.switcher"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_NOTRACETRACK"
default="0"
validate="options"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="cors"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_CORS"
default="0"
validate="options"
>
<option value="-1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_CORS_OPT_SAMEORIGIN</option>
<option value="0">COM_ADMINTOOLS_HTACCESSMAKER_LBL_CORS_OPT_UNSET</option>
<option value="1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_CORS_OPT_ENABLE</option>
</field>
<field
name="etagtype"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_ETAGTYPE"
default="default"
validate="options"
>
<option value="default">COM_ADMINTOOLS_HTACCESSMAKER_LBL_ETAGTYPE_DEFAULT</option>
<option value="none">COM_ADMINTOOLS_HTACCESSMAKER_LBL_ETAGTYPE_NONE</option>
</field>
<field
name="referrerpolicy"
type="list"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY"
default="unsafe-url"
validate="options"
>
<option value="-1">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_DISABLED</option>
<option value="">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_EMPTY</option>
<option value="no-referrer">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_NOREF</option>
<option value="no-referrer-when-downgrade">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_NOREF_DOWNGRADE
</option>
<option value="same-origin">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_SAMEORIGIN</option>
<option value="origin">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_ORIGIN</option>
<option value="strict-origin">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_STRICTORIGIN</option>
<option value="origin-when-cross-origin">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_ORIGINCROSS</option>
<option value="strict-origin-when-cross-origin">
COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_STRICTORIGINGCROSS
</option>
<option value="unsafe-url">COM_ADMINTOOLS_HTACCESSMAKER_LBL_REFERERPOLICY_UNSAFE</option>
</field>
</fieldset>
<fieldset name="sysconfig"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_SYSCONF">
<field
name="httpshost"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HTTPSHOST"
required="true"
addonBefore="https://"
/>
<field
name="httphost"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_HTTPHOST"
required="true"
addonBefore="http://"
/>
<field
name="rewritebase"
type="text"
label="COM_ADMINTOOLS_HTACCESSMAKER_LBL_REWRITEBASE"
required="true"
default="/"
/>
</fieldset>
</form>