1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lack of Interest Put Admin In Separate Directory

Discussion in 'Closed Suggestions' started by Jafo, Oct 5, 2010.

  1. Jafo

    Jafo Active Member

    Please put the admin.php in a directory that can be htaccess protected.. Really surprised that it is not.
  2. MentaL

    MentaL Active Member

    god bless beta.
  3. Shadab

    Shadab Well-Known Member

    adwade likes this.
  4. Hannah_M

    Hannah_M Active Member

    The way xenforo is coded (MVC) it won't make sence. There are ways like htaccess protecting it and such to fix it which will do just the same as separate directory.
  5. Carlos

    Carlos Well-Known Member

    By the power of god, consider it blessed! ;)
  6. najaru

    najaru Active Member

    maybe is possible to rename the admin.php....?
  7. Floris

    Floris Guest

  8. projectego

    projectego Active Member

    It may be possible, but provided you can get the file protected via a .htaccess then you won't really need to bother with renaming the admin.php file.
  9. TNCclubman

    TNCclubman Well-Known Member

    Just wanted to request if we can have the admin.php in its own folder? I like to add an extra layer of protection from hackers by password protecting my admin section.

    Why is the admin.php in the root of the site? Is there a reason you guys dont have it in its own folder?

    example root/admin/admin.php as opposed to root/admin.php
    ankurs likes this.
  10. Brogan

    Brogan XenForo Moderator Staff Member

  11. Shadab

    Shadab Well-Known Member

    Is there a reason to move it to it's own folder? :) You can very well apply an extra layer of authentication (.htaccess/.htpasswd) to admin.php even if it's not in a separate directory.

    Edit: :-|
  12. TNCclubman

    TNCclubman Well-Known Member

    im only familiar with doing that to a folder.

    Please post details on how to do it with htaccess to a file.
  13. Brogan

    Brogan XenForo Moderator Staff Member

  14. TNCclubman

    TNCclubman Well-Known Member

    Thanks Brogan! Going to do that now.
  15. TNCclubman

    TNCclubman Well-Known Member

    does this look correct? Im getting an internal server error when i upload it to root.

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data|js|styles|install) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
    Options +FollowSymLinks +SymLinksIfOwnerMatch
    <Files admin.php>
    AuthType Basic
    AuthName "ACP"
    AuthUserFile /home/httpd/vhostingsites/.htpasswd
    Require valid-user
  16. Vincent

    Vincent Well-Known Member

    Try adding "" to AuthUserFile
  17. mjp

    mjp Well-Known Member

    Adding auth doesn't make any sense to me. Two weak passwords are not better than one strong password, and two strong passwords are redundant and unnecessary.
    Vincent likes this.
  18. Vincent

    Vincent Well-Known Member

    And than we haven't spoken about how easy .htaccess is hackable...
    Matey, if someone wants to be in your site and cracks the xF system, he will for sure crack your .htaccess one...
  19. Jaxel

    Jaxel Well-Known Member

    HTAuth doesn't work for me. It always says "page does not exist" when I go to admin.php.
  20. SneakyDave

    SneakyDave Well-Known Member

    And the mod script, if one exists? Similar to vB's option in the configuration file?

Share This Page