XF 2.1 .htaccess lockdown for /install directory.

RallyFan

Well-known member
Is the /install directory only used for installing/upgrading the core software (and if not what other function does it serve?)

I would like to prevent anyone even attempting to hit the /install directory login page, so rather than using htpasswd, wanted to drop an .htaccess "Deny All" in there instead.

In the event I needed to do an upgrade, I'd just rename that file temporarily.

Is this a smart idea?
Are there other directories like /src that contain information that should be locked down or not?

Thanks :)
 
The challenge will be remembering to do it for upgrades through the auto-interface.

There's a tutorial from Brogan about how to secure your folders in the Resources area.
 
The challenge will be remembering to do it for upgrades through the auto-interface.

There's a tutorial from Brogan about how to secure your folders in the Resources area.
Yeah I'm aware of the tutorial (thanks for the link too @Brogan ) but since I'm the only person that will ever be administrating the server/backend of the site, I'm more than happy to make that htaccess change when I need to.

The side benefit of doing a deny all would be that I can send a message to anyone poking around in the backend of the site, that they are being watched, logged and monitored.
 
Back
Top Bottom