Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Securing the catalog/admin with .htaccess


osgodaddy

Recommended Posts

I'm not sure why the catalog/admin is not secured as that is obvious to secure the admin. Most host have the .htaccess setup or should setup so no work in the server side should be needed if you hosting the site on a shared server on a linus isp.

 

.htaccess and .htpasswd is for linux shared servers.

 

I installed in www.godaddy.com

 

http://help.godaddy.com/article.php?articl...c_id=&&

 

http://en.wikipedia.org/wiki/Htaccess

 

http://www.htaccesstools.com/htaccess-faq/

 

These two sites can encrypt password for .htpasswd file

 

you need two files. that are saved in directory you want secured.

 

 

.htaccess and .htpasswd

 

created by notepad

save them as all files

 

:o NOTE: Due to server caching, new .htaccess files may take up to one hour to be recognized. Changes to existing .htaccess files are picked up immediately.

 

It takes two hours or more for server to activate .htaccess to work. so be patient and don't upload again

 

 

Using .htpasswd With Your Linux Shared Hosting Account

Last Updated: October 12, 2006 5:35 PM Print This Article To protect a directory in your hosting account with a password, in that directory, create an .htaccess file that contains the following:

 

AuthUserFile /home/content/l/o/g/login_name/html/.htpasswd

AuthGroupFile /dev/null

AuthName EnterPassword

AuthType Basic

 

require valid-user

Where "l," "o," and "g" are the first three letters of your hosting login and "login_name" is your full hosting login. For example, the hosting login "maynard" would translate to the following path:

 

/home/content/m/a/y/maynard/html/.htpasswd

The AuthUserFile describes where the Web server looks for the .htpasswd file. The .htpasswd file contains a list of users who have access to a protected directory and their hashed passwords. There are a number of tools available online to create .htpasswd files.

 

NOTE: Due to server caching, new .htaccess files may take up to one hour to be recognized. Changes to existing .htaccess files are picked up immediately.

 

NOTE: Our servers are configured to prevent the downloading of both .htaccess and .htpasswd files

Link to comment
Share on other sites

I found this not for .htaccess on oscommerce.

 

In order for .htaccess to work, a file must be in the 'allowoverride configuration' in your server or something but the instructions. Just need to find that file in your server

 

 

 

Id: .htaccess,v 1.4 2001/04/22 20:30:03 dwatkins Exp

 

This is used with Apache WebServers

 

The following blocks direct HTTP requests in this directory recursively

 

For this to work, you must include the parameter 'Limit' to the

 

AllowOverride configuration

 

Example:

 

<Directory "/usr/local/apache/htdocs">

AllowOverride Limit

 

'All' with also work.

 

(This configuration is in your apache/conf/httpd.conf file)

 

This does not affect PHP include/require functions

 

Example: http://server/catalog/includes/application_top.php will not work

 

<Files *.php>

Order Deny,Allow

Deny from all

</Files>

 

 

 

 

 

 

 

 

I'm not sure why the catalog/admin is not secured as that is obvious to secure the admin. Most host have the .htaccess setup or should setup so no work in the server side should be needed if you hosting the site on a shared server on a linus isp.

 

.htaccess and .htpasswd is for linux shared servers.

 

I installed in www.godaddy.com

 

http://help.godaddy.com/article.php?articl...c_id=&&

 

http://en.wikipedia.org/wiki/Htaccess

 

http://www.htaccesstools.com/htaccess-faq/

 

These two sites can encrypt password for .htpasswd file

 

you need two files. that are saved in directory you want secured.

.htaccess and .htpasswd

 

created by notepad

save them as all files

 

:o NOTE: Due to server caching, new .htaccess files may take up to one hour to be recognized. Changes to existing .htaccess files are picked up immediately.

 

It takes two hours or more for server to activate .htaccess to work. so be patient and don't upload again

Using .htpasswd With Your Linux Shared Hosting Account

Last Updated: October 12, 2006 5:35 PM Print This Article To protect a directory in your hosting account with a password, in that directory, create an .htaccess file that contains the following:

 

AuthUserFile /home/content/l/o/g/login_name/html/.htpasswd

AuthGroupFile /dev/null

AuthName EnterPassword

AuthType Basic

 

require valid-user

Where "l," "o," and "g" are the first three letters of your hosting login and "login_name" is your full hosting login. For example, the hosting login "maynard" would translate to the following path:

 

/home/content/m/a/y/maynard/html/.htpasswd

The AuthUserFile describes where the Web server looks for the .htpasswd file. The .htpasswd file contains a list of users who have access to a protected directory and their hashed passwords. There are a number of tools available online to create .htpasswd files.

 

NOTE: Due to server caching, new .htaccess files may take up to one hour to be recognized. Changes to existing .htaccess files are picked up immediately.

 

NOTE: Our servers are configured to prevent the downloading of both .htaccess and .htpasswd files

Link to comment
Share on other sites

I found this not for .htaccess on oscommerce.

 

In order for .htaccess to work, a file must be in the 'allowoverride configuration' in your server or something but the instructions. Just need to find that file in your server

Id: .htaccess,v 1.4 2001/04/22 20:30:03 dwatkins Exp

 

This is used with Apache WebServers

 

The following blocks direct HTTP requests in this directory recursively

 

For this to work, you must include the parameter 'Limit' to the

 

AllowOverride configuration

 

Example:

 

<Directory "/usr/local/apache/htdocs">

AllowOverride Limit

 

'All' with also work.

 

(This configuration is in your apache/conf/httpd.conf file)

 

This does not affect PHP include/require functions

 

Example: http://server/catalog/includes/application_top.php will not work

 

<Files *.php>

Order Deny,Allow

Deny from all

</Files>

 

I just answered this qurstion for another godady user, so, I'll just cut and paste the same answer here;

 

Well, godaddy seems to be one of the few ISPs that people have problems (search on godaddy) with using OsC, but, I know of one lady that managed to get her site running, so, it must be possible.

 

This is a link to a .htaccess/.htpasswd tool (just follow the instructions) to let you generate the encrypted coding to make the combo work. .htpasswd goes in your ROOT directory and .htaccess goes in your ADMIN directory. I've never heard of both files going into the protected directory.

 

http://www.htaccesstools.com/htaccess-authentication/

 

Now, by default, there is an .htaccess file in the admin directory, just let the new file overwrite it, then load your admin page and it should work correctly. I know the first few times I logged in, I had to log in 2 times, but, then, for some reason (that I didn't question) it went away.

 

I THINK it had something to do with trying to put ADMIN under the SSL umbrella, which there is no reason to do.

 

HTH

No Good Deed EVER Goes Unpunished

Link to comment
Share on other sites

{You need to have this line in your .htaccess file . it blocks web request recursively, it should work in godaddy :thumbsup: :D }

 

 

AuthUserFile /home/content/l/o/g/login_name/html/.htpasswd

AuthGroupFile /dev/null

AuthName EnterPassword

AuthType Basic

 

require valid-user

 

 

AllowOverride Limit

 

 

 

 

 

 

 

 

 

 

 

 

I found this not for .htaccess on oscommerce.

 

In order for .htaccess to work, a file must be in the 'allowoverride configuration' in your server or something but the instructions. Just need to find that file in your server

Id: .htaccess,v 1.4 2001/04/22 20:30:03 dwatkins Exp

 

This is used with Apache WebServers

 

The following blocks direct HTTP requests in this directory recursively

 

For this to work, you must include the parameter 'Limit' to the

 

AllowOverride configuration

 

Example:

 

<Directory "/usr/local/apache/htdocs">

AllowOverride Limit

 

'All' with also work.

 

(This configuration is in your apache/conf/httpd.conf file)

 

This does not affect PHP include/require functions

 

Example: http://server/catalog/includes/application_top.php will not work

 

<Files *.php>

Order Deny,Allow

Deny from all

</Files>

Link to comment
Share on other sites

:blush: :angry:

Correction the

 

Allow limit should be set not in .htaccess

 

It should be in another file

 

(This configuration is in your apache/conf/httpd.conf file)

 

This is used with Apache WebServers

 

The following blocks direct HTTP requests in this directory recursively

 

For this to work, you must include the parameter 'Limit' to the

 

AllowOverride configuration

 

Example:

 

<Directory "/usr/local/apache/htdocs">

AllowOverride Limit

 

'All' with also work.

 

(This configuration is in your apache/conf/httpd.conf file)

 

This does not affect PHP include/require functions

 

Example: http://server/catalog/includes/application_top.php will not work

 

<Files *.php>

Order Deny,Allow

Deny from all

</Files>

 

 

 

 

 

 

 

 

 

{You need to have this line in your .htaccess file . it blocks web request recursively, it should work in godaddy :thumbsup: :D }

AuthUserFile /home/content/l/o/g/login_name/html/.htpasswd

AuthGroupFile /dev/null

AuthName EnterPassword

AuthType Basic

 

require valid-user

AllowOverride Limit

Link to comment
Share on other sites

There should be a password protect directory link in your godaddy admin panel. If not, you could install one of the many password contributions. Some are very very simple to install. Just do a search : )

 

I hate trying to figure out the htpassword and htaccess files.

Wendy James

 

Creativity is allowing yourself to make mistakes. Art is knowing which ones to keep.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...