Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HELP SSL ADMIN PROTECTION


esurge

Recommended Posts

Posted

Help please

 

I have set up alot of info on my website. The main problem I have now is that every one can access the admin page. I need to make it SSL and Password Secure. I have read another thread concerning SSL but I have tried it and it does not work. I do have SSL as the check out works and in SSL mode

 

Please help. I am woried the longer i leave it then there might be a chance that someone will access the asmin area and screw up my hard work :o :o :o :o :o

Posted

I am pretty new at this and I opened the .htaccess file in an edditor but could not figure out where or how to add a password

# $Id: .htaccess,v 1.1 2003/06/20 00:18:30 hpdl Exp $
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
#   AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)

# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers

<IfModule mod_setenvif.c>
 <IfDefine SSL>
   SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
 </IfDefine>
</IfModule>

# Fix certain PHP values

#<IfModule mod_php4.c>
#  php_value session.use_trans_sid 0
#  php_value register_globals 1
#</IfModule>

This is the contents hope someone can help.

Posted

You do need to secure your admin, but until you get .htaccess figured out, a simple, only semi-secure, but better than nothing way to keep people out of your admin area is to change the name of your admin directory. Instead of having it named admin, rename it to something like t3gic902acq -- something like that would be diverse enough to keep people out.

 

In your newly renamed admin directory you'll have to edit configure.php is it knows about the new name.

Posted

hello,

 

Thank you for your replys. I have htaccess. (sorry I did not say before) however I would like the admin are to run under SSL. When I try to access the admin area via my SSL Link it works BUT on on the first page. When I click on another link then I go back to normal HTTP.

 

 

Jazz

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...