Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to secure /admin folder with .htaccess?
#1
Hi,

first of all, the new GetSimple version rocks!
But I'm concerned about security and I would love to secure the /admin folder with a simple .htaccess file, so that users cannot access the backend login form without first typing in a username and password

when I place my .htaccess file in the root folder of getsimple , that works, but of course that's blocking off any access to the website. When placing the file only in the /admin folder, it's not working anymore, it just gives a "cannot find this page" error.

I guess the reason for this is quite obvious: all URL's are routed through the /index.php file and the backend is not accessed directely by going to the /admin folder.

Is that correct? Is there a way to solve this and still only secure the /admin folder with .htaccess (AuthUserFile)

Thanks a lot!
Reply
#2
.htaccess and .htpasswd file combinations work just fine in any folder.

Try this
http://tools.dynamicdrive.com/password/
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
Reply
#3
Yep, they work fine in www.site.com/ but not when I secure www.site.com/admin

When I do so and surf to www.site.com/admin getsimple throws a "cannot find page" error.
It all works fine without the .htaccess files though...


Have you tried this in the /admin folder?
Reply
#4
Are you putting the passworded htaccess file in the admin directory and not the root directory?
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
Reply
#5
I'm using my hosting panel (directadmin) to protect the folder. It's putting the htpasswd file outside of the admin folder, where it stored all htpasswd files.

Again, they work fine on any other directory I've tried so far, just not on the /admin dir of getsimple
Reply
#6
I use DirectAdmin...

- Click files at the top.
- Goto your main folder.
- Next to the folder admin click protect.
- Type in the name of the area, the username, and password.
- Click the Enable Protection box and click save.

That works every time.
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
Reply
#7
internet54 Wrote:I use DirectAdmin...

- Click files at the top.
- Goto your main folder.
- Next to the folder admin click protect.
- Type in the name of the area, the username, and password.
- Click the Enable Protection box and click save.

That works every time.


Yup, it does. Have you tried it on the /admin folder as well?
If it works with you, I'll have to look for another solution
Reply




Users browsing this thread: 1 Guest(s)