Hi
I couldn't call up the positions template preview when creating forms - just kept getting a 403 error message.
After experiments, I discovered that the .htaccess generated by AdminTools from Akeeba was causing the problems. I raised this in the forums of Akeeba and eventually discovered that the problem was the section in .htaccess which is to protect against file injection :
##### File injection protection -- BEGIN
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]
##### File injection protection -- END
This specifically stops "GET" as a method, and should apparently not be used as it is one of the most popular hacking method.
The comment from Nicholas at Akeeba is that full URL as a query string parameter should not be used anymore.
The ticket can be read here :
#18457 – .htaccess and seblodI am passing this on to you as input.
Regards
David