AdminTools from akeebabackup.com is a security component.
.htaccess Maker
With the default settings (Frontend protection=Yes) .htaccess Maker in AdminTools is preventing any access to .php from "outside" Joomla, to images files outside specific directories etc.
Fabrik needs access to
list/form/details template_css.php and custom_css.php
Solution:
add in the "Exceptions" section, in the box "Allow direct access, including .php files, to these directories" the paths to the Fabrik templates:
components/com_fabrik/views/form/tmpl
components/com_fabrik/views/list/tmpl
You can add the "details" also if you use them.
if you want to be very strict with security, you can specify the template:
components/com_fabrik/views/form/tmpl/
Bootstrap
or be looser and just give access to all views:
components/com_fabrik/views
image files in cache/com_fabrik/staticmaps
Solution: add directory to
Fine tuning: Front-end directories where file type exceptions are allowed
plugins/fabrik_element/captcha/image.php (at the time of writing: June 2015, Fabrik3.2.1)
Solution: add file to
Exeptions: Allow direct access to these files
Web Application Firewall/Configure WAF
Visual Fingerprinting Protection
If you set "Block tmpl=foo" to YES you must add "
Bootstrap" to the "List of allowed tmpl= keywords"
Warn about self XSS =no (seems to be necessary for running
PDF output; versions Feb 2018)
In any case, after enabling AdminTools, always check the different types of pages with Firebug/Console to spot the 403 errors and make the appropriate corrections in the Exceptions and Fine Tuning