• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Lack of interest Put Admin In Separate Directory

Jafo

Active member
#1
Please put the admin.php in a directory that can be htaccess protected.. Really surprised that it is not.
 

Hannah_M

Active member
#4
The way xenforo is coded (MVC) it won't make sence. There are ways like htaccess protecting it and such to fix it which will do just the same as separate directory.
 

TNCclubman

Well-known member
#9
Just wanted to request if we can have the admin.php in its own folder? I like to add an extra layer of protection from hackers by password protecting my admin section.

Why is the admin.php in the root of the site? Is there a reason you guys dont have it in its own folder?

example root/admin/admin.php as opposed to root/admin.php
 

TNCclubman

Well-known member
#12
Is there a reason to move it to it's own folder? :) You can very well apply an extra layer of authentication (.htaccess/.htpasswd) to admin.php even if it's not in a separate directory.

Edit: :-|
im only familiar with doing that to a folder.

Please post details on how to do it with htaccess to a file.
 

TNCclubman

Well-known member
#15
does this look correct? Im getting an internal server error when i upload it to root.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data|js|styles|install) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>
Options +FollowSymLinks +SymLinksIfOwnerMatch
<Files admin.php>
AuthType Basic
AuthName "ACP"
AuthUserFile /home/httpd/vhostingsites/.htpasswd
Require valid-user
</Files>
 

mjp

Well-known member
#17
Adding auth doesn't make any sense to me. Two weak passwords are not better than one strong password, and two strong passwords are redundant and unnecessary.
 

Vincent

Well-known member
#18
Adding auth doesn't make any sense to me. Two weak passwords are not better than one strong password, and two strong passwords are redundant and unnecessary.
And than we haven't spoken about how easy .htaccess is hackable...
Matey, if someone wants to be in your site and cracks the xF system, he will for sure crack your .htaccess one...