Do you control your admin folder with .htcaccess?

Discussion in 'Security and Legal' started by MordyT, Dec 13, 2009.

  1. MordyT

    MordyT Grand Master

    Joined:
    Dec 6, 2009
    Messages:
    529
    Likes Received:
    50
    First Name:
    Mordy
    I recently came along a thread at TAZ about adding a .htcaccess file to the admin folder. It controls what IP addresses can access the forum.
    (You could probably also do it with an extra username password instead or as an addition)

    I was curious to see how many of you guys already do something like that?
     
  2. Michael

    Michael Regular Member

    Joined:
    Jan 18, 2004
    Messages:
    166
    Likes Received:
    35
    We do on all of our forums and add the moderators IP to the modcp htaccess as were all on static IPs. I think its handy but not if they have server level access already.
     
  3. BananaQueen

    BananaQueen Grand Master

    Joined:
    Oct 23, 2009
    Messages:
    554
    Likes Received:
    24
    First Name:
    not telling anyone ;)
    the only problem with that is what if your ip changes? when my internet broke i had to get online through my dads computer, and when i finally did come back, my ip changed
     
  4. Michael

    Michael Regular Member

    Joined:
    Jan 18, 2004
    Messages:
    166
    Likes Received:
    35
    Edit the allowed IP address through cpanel or via the downloaded file using FTP, if your mods IP addresses always change I certainly wouldnt recommend it then.
     
  5. Nick

    Nick Regular Member

    Joined:
    Jul 27, 2008
    Messages:
    7,444
    Likes Received:
    219
    It is one of the basic principles of forum security to protect your AdminCP and ModCP directories with .htaccess (among other directories).

    I don't secure it by limiting it to certain IPs, because I am on-the-go fairly often, so am always using different IPs. I password-protect the directories instead: http://www.adminaddict.net/forum/security-legal-disputes/htaccess-protection-299/

    Thread moved to Security and Legal disputes.
     
  6. M3xital

    M3xital Novice

    Joined:
    Oct 20, 2009
    Messages:
    41
    Likes Received:
    0
    First Name:
    Pedro
    Change the directories name and password-protect them.
     
  7. MordyT

    MordyT Grand Master

    Joined:
    Dec 6, 2009
    Messages:
    529
    Likes Received:
    50
    First Name:
    Mordy
    Sorry for wrong forum, not sure where it belonged....

    Anyways, I was thinking about password protection through htaccess - I have been doing that for files people can download off the server since day one. But I never knew you could do it by IP also.
    I personally don't want to enter a password 3 times just to get to an ACP...
     
  8. Metura

    Metura Newcomer

    Joined:
    Apr 21, 2010
    Messages:
    5
    Likes Received:
    0
    First Name:
    Angel
    have them get a no-ip.com account and make a domain and have that be the IP it has worked wonders for me for a few of my members who's ip's change alot...
     
  9. Tubeget

    Tubeget Novice

    Joined:
    Jul 17, 2009
    Messages:
    27
    Likes Received:
    0
    First Name:
    vamsi4u
    yes, I use .htaccess protection for admin cp.
    also if we have static IP, we can allow only a set of IP's to access the admincp ..
     
  10. cheat-master30

    cheat-master30 Grand Master

    Joined:
    Jul 30, 2009
    Messages:
    789
    Likes Received:
    59
    I did, but I haven't set it up again.
     
  11. Vekseid

    Vekseid Regular Member

    Joined:
    Jun 2, 2009
    Messages:
    393
    Likes Received:
    13
    When I still used Apache I used the virtualhost directives rather than .htaccess, personally.
     
  12. Keylogged

    Keylogged Addict

    Joined:
    May 18, 2011
    Messages:
    51
    Likes Received:
    0
    I use htcacces for our adminCP.
     
  13. k1234

    k1234 Regular Member

    Joined:
    Jul 13, 2012
    Messages:
    60
    Likes Received:
    12
    hey thanks for your input everyone, appreciate the info @ Metura, great way to comabt the issue of changining IP addresses.
     
  14. CubicWebsIntl

    CubicWebsIntl Regular Member

    Joined:
    Aug 31, 2012
    Messages:
    15
    Likes Received:
    0
    Location:
    Warwickshire
    First Name:
    Michael
    Yes I do use a htaccess to protect the admin directory.
     

Share This Page