TT2by2 Posted December 14, 2004 Posted December 14, 2004 I got through my first stumbling stone in a previous thread. Now another issue I am concerned about. How does one secure the admin section? I see no place to set an administrative password or secure it in any way. Anyone can to to the /admin section and poke around freely. What's the best way to do this? I'm running IIS on win2k Advanced Server. Thanks again!
♥Vger Posted December 14, 2004 Posted December 14, 2004 First thing to do is to rename the 'admin' folder to something unique, which no one else can guess. Then go into the admin(newname)/includes/configure.php and you'll find several file pathways to /admin/ and you need to change these to refllect the new name. This will give you some protection. Next, go to your web hosting control panel, and see if they have a 'Password Protect' or 'Protect Directories' feature and if they do then use that to protect the renamed 'admin' folder. Finally, if you have ssl, even a shared ssl, then you can set all file pathways to http:// to https:// in your admin/includes/configure.php file, and this will put all of your 'admin' folder behind ssl encryption. Vger
TT2by2 Posted December 14, 2004 Author Posted December 14, 2004 Thanks for the response. I host my own, and have local access to the server. I don't have a web-based control panel, as I don't offer public hosting, and didn't see the need for it. I have changed the /admin path to a very unique name, and nobody could possibly guess it. I do not have SSL config'd yet. Is there a way I could password protect the admin directory only, leaving the rest of the web open through the IIS settings? I guess I'll have to experiment with that. Any other ideas I missed would be helpful though. Thanks
♥Vger Posted December 14, 2004 Posted December 14, 2004 Place a .htaccess file in the 'admin' folder with code that requires a user name and password. Do a search on the web and you'll come up with plenty of examples. Vger Thanks for the response. I host my own, and have local access to the server. I don't have a web-based control panel, as I don't offer public hosting, and didn't see the need for it. I have changed the /admin path to a very unique name, and nobody could possibly guess it. I do not have SSL config'd yet. Is there a way I could password protect the admin directory only, leaving the rest of the web open through the IIS settings? I guess I'll have to experiment with that. Any other ideas I missed would be helpful though. Thanks <{POST_SNAPBACK}>
portalplanet Posted December 14, 2004 Posted December 14, 2004 I use the "admin access with levels" contribution and also make sure SSL is used for the admin area. Justin
TT2by2 Posted December 14, 2004 Author Posted December 14, 2004 Thannks again for the tip.... I googled a few keywords and found this: http://www.troxo.com/products/iispassword/ It worked like a charm!! It easily secures/password protects folders in IIS using the HTACCESS files. Exactly what I needed. Once again, thanks!
unangst Posted December 14, 2004 Posted December 14, 2004 I don't have a web-based control panel, as I don't offer public hosting, and didn't see the need for it. Neither did I... until I stumbled across Jamie Cameron's Webmin. Webmin is an easy, browser-based Linux administration system - it's simple to use, yet packs quite a punch. I come from an education background and was looking for ways to simplify my life as well as remove some of my newbie server administration frustrations.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.