XF 2.1 .htaccess lockdown for /install directory.

[RallyFan]

Is the /install directory only used for installing/upgrading the core software (and if not what other function does it serve?)

I would like to prevent anyone even attempting to hit the /install directory login page, so rather than using htpasswd, wanted to drop an .htaccess "Deny All" in there instead.

In the event I needed to do an upgrade, I'd just rename that file temporarily.

Is this a smart idea?
Are there other directories like /src that contain information that should be locked down or not?

Thanks

 

[briansol]

The challenge will be remembering to do it for upgrades through the auto-interface.

There's a tutorial from Brogan about how to secure your folders in the Resources area.

 

[Paul B]

This is really all that's "needed".

Protecting admin.php, the /install directory, and test & development installations using .htaccess

If you want to provide an extra layer of protection to admin.php, the /install directory, and test & development installations, you can do so with .htaccess authentication. Protecting admin.php To protect admin.php, edit the .htaccess file...

xenforo.com

 

[RallyFan]

The challenge will be remembering to do it for upgrades through the auto-interface.

There's a tutorial from Brogan about how to secure your folders in the Resources area.

Yeah I'm aware of the tutorial (thanks for the link too @Brogan ) but since I'm the only person that will ever be administrating the server/backend of the site, I'm more than happy to make that htaccess change when I need to.

The side benefit of doing a deny all would be that I can send a message to anyone poking around in the backend of the site, that they are being watched, logged and monitored.