TT2by2 Posted December 14, 2004 Share Posted December 14, 2004 I got through my first stumbling stone in a previous thread. Now another issue I am concerned about. How does one secure the admin section? I see no place to set an administrative password or secure it in any way. Anyone can to to the /admin section and poke around freely. What's the best way to do this? I'm running IIS on win2k Advanced Server. Thanks again! Link to comment Share on other sites More sharing options...
♥Vger Posted December 14, 2004 Share Posted December 14, 2004 First thing to do is to rename the 'admin' folder to something unique, which no one else can guess. Then go into the admin(newname)/includes/configure.php and you'll find several file pathways to /admin/ and you need to change these to refllect the new name. This will give you some protection. Next, go to your web hosting control panel, and see if they have a 'Password Protect' or 'Protect Directories' feature and if they do then use that to protect the renamed 'admin' folder. Finally, if you have ssl, even a shared ssl, then you can set all file pathways to http:// to https:// in your admin/includes/configure.php file, and this will put all of your 'admin' folder behind ssl encryption. Vger Link to comment Share on other sites More sharing options...
TT2by2 Posted December 14, 2004 Author Share Posted December 14, 2004 Thanks for the response. I host my own, and have local access to the server. I don't have a web-based control panel, as I don't offer public hosting, and didn't see the need for it. I have changed the /admin path to a very unique name, and nobody could possibly guess it. I do not have SSL config'd yet. Is there a way I could password protect the admin directory only, leaving the rest of the web open through the IIS settings? I guess I'll have to experiment with that. Any other ideas I missed would be helpful though. Thanks Link to comment Share on other sites More sharing options...
♥Vger Posted December 14, 2004 Share Posted December 14, 2004 Place a .htaccess file in the 'admin' folder with code that requires a user name and password. Do a search on the web and you'll come up with plenty of examples. Vger Thanks for the response. I host my own, and have local access to the server. I don't have a web-based control panel, as I don't offer public hosting, and didn't see the need for it. I have changed the /admin path to a very unique name, and nobody could possibly guess it. I do not have SSL config'd yet. Is there a way I could password protect the admin directory only, leaving the rest of the web open through the IIS settings? I guess I'll have to experiment with that. Any other ideas I missed would be helpful though. Thanks <{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
portalplanet Posted December 14, 2004 Share Posted December 14, 2004 I use the "admin access with levels" contribution and also make sure SSL is used for the admin area. Justin Link to comment Share on other sites More sharing options...
TT2by2 Posted December 14, 2004 Author Share Posted December 14, 2004 Thannks again for the tip.... I googled a few keywords and found this: http://www.troxo.com/products/iispassword/ It worked like a charm!! It easily secures/password protects folders in IIS using the HTACCESS files. Exactly what I needed. Once again, thanks! Link to comment Share on other sites More sharing options...
unangst Posted December 14, 2004 Share Posted December 14, 2004 I don't have a web-based control panel, as I don't offer public hosting, and didn't see the need for it. Neither did I... until I stumbled across Jamie Cameron's Webmin. Webmin is an easy, browser-based Linux administration system - it's simple to use, yet packs quite a punch. I come from an education background and was looking for ways to simplify my life as well as remove some of my newbie server administration frustrations. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.