n3m Posted March 5, 2004 Posted March 5, 2004 Here's another way in protecting your /admin directory but with SSL (HTTPS). As with Linux/UNIX systems, there are several methods to do this, but this sample worked for me, so I thought I would share it. The following sample is from my "httpd.conf" file, which will password protect your admin directory and force your browser to use HTTPS on your /admin directory. This does work, as I have it working on my Apache-SSL server, and is easy to do! Assuming of course your running SSL. And is case your wondering, this will not affect /path_to/catalog directory whatsoever. In Three Steps! Step 1. add the following to your httpd.conf file: # insert this code after your default DocumentRoot section # <Directory "/path_to/www/htdocs"> # <truncated> # </Directory> RewriteEngine on RewriteCond %{REQUEST_URI} ^/yourdir.*$ RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R] <Directory "/path_to/www/htdocs/admin"> SSLRequireSSL AuthType Basic AuthName "Restricted Access Only" AuthUserFile /path_to/www/htdocs/admin/.htpasswd Require user test </Directory>[/ Step 2. Create ".htpasswd" file to store username and password shell> touch /path_to/www/htdocs/admin/.htpasswd shell> vi /path_to/www/htdocs/admin/.htpasswd In the file type in a username and a password: yourname:EnCrYPtedP@$$w0RD Note: to do this you will need to use the "handy dandy" tool in order to encrypt your password Just enter a username you want to use and put in a password, click "calculate" and it will convert your password for you ...cut in paste it into your .htpasswd file. Step 3. Restart Apache: shell> /path_to/apache/bin/apachectl restart Viola! Try it out! n3m, __ | w Digital information lasts forever, or five years | - whichever comes first. |___________________________________________
n3m Posted March 17, 2004 Author Posted March 17, 2004 Okay! DISREGARD my previous instructions!!! I APOLOGIZE! I'm a doofus, I admit ...I should have tested this further. So, like I said, this configuration will not affect your /catalog directory ...and it doesn't. However, I just come to find out that it does affect you /ADMIN directory! It breaks it ...DOH! So here's the CORRECTED configuration ...this time TESTED! Once again ...assume the following: :lol: OS=*nix, Web=Apache :rolleyes: your /ADMIN has been renamed to a secret name (as HIGHLY recommended) :blink: /ADMIN will be used for this example :P SSL is installed, configured and running Step 1 Edit your configure.php file: /path_to/admin/includes/configure.php Edit Line # 16 define('HTTP_SERVER', 'http://www.yourdomain.com'); -change it to- define('HTTP_SERVER', 'https://www.yourdomain.com'); This will link all pages in your /ADMIN directory to use SSL (HTTPS) Step 2 Create a ".htaccess" file inside your ADMIN directory, and enter the following lines: SSLRequireSSL //this forces SSL only to directory AuthType Basic AuthName "Restricted Access Only" AuthUserFile /path_to/htdocs/admin/.htpasswd Require user username The trick is to use SSLRequireSSL, this forces SSL only to the directory and not regular HTTP. So, if you try to enter http only, you should get a "Unauthorized" page ...which is a good thing! Step 3 Create /path_to/admin/.htpasswd (or name it what you want), and create a username and password inside the file. You can use this handy dandy tool to encrypt your password entry. Just enter a username you want to use and put in a password, click "calculate" and it will convert your password for you ...cut in paste it into your .htpasswd file. Example of ".htpasswd" file: username:3NCrYP+P@$$w0Rd! Step 4 Restart Apache: shell> /path_to/apache/bin/apachectl restart Viola! n3m, __ | w Digital information lasts forever, or five years | - whichever comes first. |___________________________________________
Nick1 Posted March 18, 2004 Posted March 18, 2004 :rolleyes: your /ADMIN has been renamed to a secret name (as HIGHLY recommended):blink: /ADMIN will be used for this example How would I rename the admin folder? Can I just go to any ftp client and rename it? would it not make some functions work properly? Thanks
n3m Posted March 19, 2004 Author Posted March 19, 2004 you could rename the folder using a ftp client i suppose? but normally you would do it locally ...BUT keep in mine, the only reason you are renaming the admin folder is for security reasons, you don't want to leave the default name (that everyone knows) ...anyway, after you rename it, you would also have to manually edit the path and new name in the configure.php file. hope that helps n3m, __ | w Digital information lasts forever, or five years | - whichever comes first. |___________________________________________
Gold! Posted March 27, 2004 Posted March 27, 2004 I just password protected the folder through my web space control pannel. ;)
Guest Posted July 17, 2004 Posted July 17, 2004 Hi I use this trick for password request in ADMIN area, but now I cannot enter, I do not why. I use http://......./admin/.htaccess But I get "Unauthorized" page What can I do? Thanks
Guest Posted July 22, 2004 Posted July 22, 2004 How can i restart apache. i dont know how to do that. it?s a url? explain me please
norcalgrom Posted July 23, 2004 Posted July 23, 2004 Yeyas wouldn't you need to use https://..../admin/.htaccess ?
n3m Posted July 23, 2004 Author Posted July 23, 2004 Yeyas, norcalgrom is correct ...if you convert to SSL (HTTPS), you need to change your url from http:// to https:// - hope that helps! n3m, __ | w Digital information lasts forever, or five years | - whichever comes first. |___________________________________________
Recommended Posts
Archived
This topic is now archived and is closed to further replies.