XF 2.1 Protecting admin.php

O

Onlyme

Active member
Password Authentication with Apache is enabled with the following in default.conf

Code: 
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>

And ive added the whats needed to the .htaccess file.

All is working, but today ive noticed its possible to list directory/files on my server. From reading on the net its possible to stop this by adding Options -Indexes -FollowSymLinks, but when i do this the whole forum shows 403.

So how do i disable file/folder listing and enable password authentication with Apache?
 
Sort by date Sort by votes
All i had to do was remove Indexes?


<Directory /var/www/>
Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>

Seems to be working.

Edit this also works

<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
 
Last edited:
Upvote 0 Downvote
The correct format for disallowing browsing directories is Options All -Indexes: Note the minus sign before Indexes. Your original version said anyone could view ALL your files and directories instead of none.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

F
Any problem with these methods of protecting admin.php? (Cloudflare and cookie)
Replies
10
Views
2K
digitalpoint
digitalpoint
sainthedev
  • Question Question
Admin.php protection
Replies
9
Views
1K
sainthedev
sainthedev
Senpai
  • Question Question
XF 1.5 Password Protection with htaccess
Replies
4
Views
3K
Mendalla
Mendalla
Mouth
Password protecting admin.php with nginx ?
2
Replies
36
Views
10K
maszd
maszd
vbuser
  • Locked
  • Question Question
XF 1.4 password protect admin.php question
Replies
1
Views
1K
Martok
Martok
Top Bottom