Protecting admin.php, the /install directory, and test & development installations using .htaccess

Protecting admin.php, the /install directory, and test & development installations using .htaccess

Overview Updates (1) Reviews (8) Discussion
This still doesn't work for me...
Code: 
<Files admin.php>
AuthType Basic
AuthName "8wayRun Administration"
AuthUserFile "*********"
Require valid-user
</Files>
I get the following error: A controller for the route path admin.php was not found.
 
you could eaven mix it as:
Allow from IP without password prompt, and also allow from any address with password prompt

Code: 
<Files admin.php>
Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthUserFile /your/path/.htpasswd
AuthType Basic
Require valid-user
Allow from 172.17.10.1
Satisfy Any
</Files>
 
Jaxel said:
Thats for ip protect, not password protect.
Click to expand...
ip protection is safer then password! no bruteforce attacks :Pand looks nicer? rather then saying password incorrect, you send them to a different area aswell so if someone on the forum members goes to admin.php it just sends them back to index.php etc etc?
 
I always add this to the end of my htaccess to bounce them back to the main page, rather than showing them an error message:

Code: 
ErrorDocument 404 http://www.z22se.co.uk/
ErrorDocument 403 http://www.z22se.co.uk/
 
@Brogan How do we do for protecting install. is it like following?
<Files /install>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>

i tried this but didn't work
 
Got it now, Thanks Brogan for your assistance, i din't create separate .htaccess in install directory. now all working fine
 
indicator said:
Got it now, Thanks Brogan for your assistance, i din't create separate .htaccess in install directory. now all working fine
Click to expand...
Also remember to remove the file while going to update xenForo (in the case of you getting any 403 Forbidden permission error)!

I had totally forgotten that I had the protection in place and was wondering what was wrong for quite a bit a couple of months back, before I figured out the file was in place. So you'll need to remove the file from the directory, and then re-up it after your update is done! :)
 
Last edited:
Why did you have to remove it?

Mine has been in place for multiple upgrades with no problems.
 
Brogan said:
Why did you have to remove it?

Mine has been in place for multiple upgrades with no problems.
Click to expand...
After the files have been uploaded, when it tells you to go to the install directory to finish the upgrade and if the htaccess file is still there it'll give you a 403 permission error. Sorry, maybe I should have made it more clear that I was speaking about the install directory only!

I also have a dynamic IP, thus requiring me to remove it and re-upload the file.
 
Ah.

I actually use the file method as I too have a dynamic IP address (and I switch my router off every night).
 
For several other forums, you are actually told to delete the install directory, is that not an option here?
 
You must log in or register to reply here.

Similar threads

sainthedev
  • Question Question
Admin.php protection
Replies
9
Views
938
sainthedev
sainthedev
Chris D
  • Article Article
XF 2.3 Miscellaneous changes for XenForo 2.3
4 5 6
Replies
109
Views
9K
digitalpoint
digitalpoint
digitalpoint
Cloudflare optimizations for XenForo
5 6 7
Replies
136
Views
11K
Automotive101
A
Paul B
  • Locked
  • Sticky
  • Question Question
XenForo Cloud FAQ
Replies
0
Views
4K
Paul B
Paul B
XenForo
  • Article Article
XenForo 2.2.12 and Add-On Updates Released
Replies
2
Views
31K
XenForo
XenForo
Top Bottom