1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password Protecting Admin CP with ModRewrite?

Discussion in 'XenForo Questions and Support' started by Jaxel, Nov 14, 2010.

  1. Jaxel

    Jaxel Well-Known Member

    this is the htaccess ModRewrite that comes with Xenforo:
    Code:
    <IfModule mod_rewrite.c>
    	RewriteEngine On
    
    	RewriteCond %{REQUEST_FILENAME} -f [OR]
    	RewriteCond %{REQUEST_FILENAME} -l [OR]
    	RewriteCond %{REQUEST_FILENAME} -d
    	RewriteRule ^.*$ - [NC,L]
    	RewriteRule ^(data|js|styles|install) - [NC,L]
    	RewriteRule ^.*$ index.php [NC,L]
    </IfModule>
    this rewrite code is incompatible with basic http auth methods:
    Code:
    <Files admin.php>
    	AuthUserFile ../.htpasswd
    	AuthType Basic
    	AuthName "Admin Control Panel"
    	Require valid-user
    </Files>
    instead of passwording the admin cp, it will kill the admincp completely. If you remove the modrewrite section it works fine... but the two dont seem to work together.
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    I have password protection on my admin.php and it works fine

    Are you placing it before the rewrite rules?

    Code:
    <Files admin.php>
    AuthType Basic
    AuthName "ACP"
    AuthUserFile "<path to file>"
    Require valid-user
    </Files>
     
  3. Jaxel

    Jaxel Well-Known Member

    I've tried it both before and after... this is my htaccess:
    Code:
    ## Expires
    <IfModule mod_expires.c>
    	ExpiresActive On
    	ExpiresDefault "access plus 1 seconds"
    	ExpiresByType text/html "access plus 1 seconds"
    	ExpiresByType image/gif "access plus 3456000 seconds"
    	ExpiresByType image/jpeg "access plus 3456000 seconds"
    	ExpiresByType image/png "access plus 3456000 seconds"
    	ExpiresByType text/css "access plus 3456000 seconds"
    	ExpiresByType text/javascript "access plus 3456000 seconds"
    	ExpiresByType application/javascript "access plus 3456000 seconds"
    	ExpiresByType application/x-javascript "access plus 3456000 seconds"
    </IfModule>
    
    ## Compression
    <IfModule mod_headers.c>
    	<IfModule mod_deflate.c>
    		AddOutputFilterByType DEFLATE text/html text/css text/xml application/x-javascript
    		BrowserMatch ^Mozilla/4 gzip-only-text/html
    		BrowserMatch ^Mozilla/4\.0[678] no-gzip
    		BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    	</IfModule>
    </IfModule>
    
    ## Rewrites
    <IfModule mod_rewrite.c>
    	RewriteEngine On
    
    	RewriteCond %{REQUEST_FILENAME} -f [OR]
    	RewriteCond %{REQUEST_FILENAME} -l [OR]
    	RewriteCond %{REQUEST_FILENAME} -d
    	RewriteRule ^.*$ - [NC,L]
    	RewriteRule ^(data|js|styles|install) - [NC,L]
    	RewriteRule ^.*$ index.php [NC,L]
    </IfModule>
    
    ## Authorization
    <Files admin.php>
    	AuthUserFile <path>
    	AuthType Basic
    	AuthName "8WayRun Admin Control Panel"
    	Require valid-user
    </Files>
    The odd part is, if I change it to <Files index.php>, it does properly password the index.php file. It just doesn't password protect the admin file.
     
  4. Jaxel

    Jaxel Well-Known Member

    Keeps popping up the error:
    Code:
    8WayRun.Com - Error
    The requested page could not be found.
     
  5. Jaxel

    Jaxel Well-Known Member

    Still have yet to solve this problem...

    It appears to be a login problem with XenForo itself. If I have the htpasswd protection on, I can't access admin.php. But if I disable the password protection, then login to the admin.php, then re-enable the password protection, then it works fine. I just doesnt work if I'm not already logged in.
     
  6. Jaxel

    Jaxel Well-Known Member

    I am still unable to get this working...
     
  7. Brogan

    Brogan XenForo Moderator Staff Member

    I'm not sure why it isn't working.
    I have IP and password protection and it works fine.
    This is my .htaccess, with some details changed for privacy reasons:

    Code:
    Order Deny,Allow
    Deny from all
    Allow from 75.45.123.45
    
    RewriteEngine on
    
    <Files admin.php>
    AuthType Basic
    AuthName "ACP"
    AuthUserFile "/home/mydomain/passwd"
    Require valid-user
    </Files>
    
    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>
    
    <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data|js|styles|install) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
    </IfModule>
     

Share This Page