1 Topic by yurifanboy (edited by yurifanboy 2012-02-05 04:14:24)

Topic: Restricting access to admin through .htaccess

order allow,deny
allow from [IP ADDRESS]
deny from all

Is this possible? Would adding an .htaccess to the admin folder screw anything up? I have done it with Wordpress in the past. Basically only allowing access to the admin panel from my home IP address.

Todo arde si le aplicas la chispa adecuada.
“What can be asserted without proof can be dismissed without proof."-Christopher Hitchens
Es mejor morir de pie que vivir arrodillado.

yurifanboy's Website

  • Connie
  • Connie
  • GetSimple Moderator
  • Offline
  • From: Hamburg + Gribow
  • Registered: 2011-02-28
  • Posts: 2,022
  • Reputation : 22

Re: Restricting access to admin through .htaccess

allow for IP adress is only helpful if you have a fixed IP adress and will never ;)

did you test it with GetSimple? That would be the easiest way to find out if it works
I cannot test it, I have no fix IP to access the net

|--
Die deutsche GetSimple-Webseite: http://www.Get-Simple.de = the german Get-Simple-Website!
Das deutschsprachige GetSimple-(Unter-)Forum:   http://get-simple.info/forum/forum/16/german-deutsch/

3 Reply by yurifanboy (edited by yurifanboy 2012-02-05 18:35:29)

Re: Restricting access to admin through .htaccess

Seems to work, I dropped an .htaccess into the admin directory and added this code:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Example Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from [insert IP Address]
</LIMIT>

I tried accessing it from my iphone and all I got was a "oops page not found" error, whereas, my pc was still able to access the directory. Of course, your IP address must be static and not dynamic. Also, I know I could change the name of the admin folder in the gsconfig.php file, however, this is a much better measure against someone brute forcing the admin login.

Todo arde si le aplicas la chispa adecuada.
“What can be asserted without proof can be dismissed without proof."-Christopher Hitchens
Es mejor morir de pie que vivir arrodillado.

yurifanboy's Website