XenForo Protecting Admin.php, The /install Directory, And Test & Development Installations Using .htaccess

hifitechindia

hifitechindia

Administrator
Staff member
Downloaded
0 bytes
Uploaded
0 bytes
Ratio
-
Seedbonus
0
Upload Count
1 (0)
Credits
0
Offline
If you want to provide an extra layer of protection to admin.php, the /install directory, and test & development installations, you can do so with .htaccess authentication.


Protecting admin.php
To protect admin.php, edit the .htaccess file which is in your forum root directory (e.g. /community) and add the following to it:
Code:
<Files admin.php>AuthType BasicAuthName "ACP"AuthUserFile "path/to/passwd/file"Require valid-user</Files>

The "path/to/passwd/file" will look something like "/home/my-domain/.htpasswds/public_html/community/passwd".

Then create a corresponding passwdfile. This is how to do it using cPanel.
  1. Log in to cPanel
  2. Click on Password Protect Directories
  3. Select Web Root
  4. Click on the forum root folder
  5. Check Password protect this directory
  6. Name it as "ACP"
  7. Click Save
  8. Create User
  9. Enter Username
  10. Enter Password
  11. Click on Add/modify authorised user
A passwdfile will be created in /.htpasswds/public_html/<name_of_your_forum_root_folder> .


Protecting the /install directory
To protect the /install directory, create a new .htaccess file in /install and add the following to it:
Code:
AuthType BasicAuthName "Upgrade System"AuthUserFile "path/to/passwd/file"Require valid-user
In this case it is using the same passwdfile as for the ACP so just repeat the steps above to create a different one.


Protecting test and development installations
The
Link hidden for visitors, to see Log in or register now.
state that any test and development installations "must be limited to You and Your website staff".
Again, just place the following at the top of the existing .htaccess file in the directory where XF is installed.
Code:
AuthType BasicAuthName "Test Installation"AuthUserFile "path/to/passwd/file"Require valid-user
Set the user and password as explained above.
With it set at the root, it isn't necessary to set it for admin.php and the /install directory.


Using IP address based protection instead of passwd
You can also use IP address protection instead of a passwdfile. In which case you would just have this in the .htaccess file for admin.php:
Code:
<Files admin.php>Order Deny,AllowDeny from allAllow from 127.0.0.1</Files>

And this for the /install directory:
Code:Order Deny,AllowDeny from allAllow from 127.0.0.1

Replace 127.0.0.1 with your actual IP address. You can find out your IP address
Link hidden for visitors, to see Log in or register now.
.
Additional allowed IP addresses can be added on a new line.

If you have a static IP address then this approach is fine. If it's dynamic however, you will need to constantly update the file every time it changes.

This is also, work. But, it's very strictly on IP

HTML: 
<Files admin.php>
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^xxx\.xx\.x\.x
RewriteCond %{REMOTE_HOST} !^x\.x\.x\.x
RewriteCond %{REMOTE_HOST} !^x\.x\.x\.x
RewriteCond %{REQUEST_URI} !/index\.php$
RewriteRule .* /index.php [R=302,L]
</Files>
 

Attachments

  • 353.png
    353.png
    4.7 KB · Views: 19
You must log in or register to reply here.

Similar threads

hifitechindia
    • Remove The Copyright - Remove The Xenforo 2 Footer Copyright
    XF version 2.0 2.1 2.2 When you install XenForo on Hosting or VPS, your forum always displays the copyright line in the footer. This will be more annoying when this copyright line is added with information from the addons developer when you accidentally install an additional one. certain...
    Replies
    2
    Views
    120
    Dcerkew
    D
    hifitechindia
    • Locked
    • Xenforo Xfrm_updates To Chang Log
    xfrm_updates find search replace Chang Logs
    Replies
    0
    Views
    102
    hifitechindia
    hifitechindia
    hifitechindia
    • XenForo An Unexpected Error Occurred. Please Try Again Later.
    This happens after i've installed addon from archive in admin panel.... Anything to resolve this? error_log file located in forum's root is empty. An error occurred while the page was being generated. Please try again later. FIX: GO TO FILEMANAGER src/config.php add code...
    Replies
    0
    Views
    258
    hifitechindia
    hifitechindia
    mani5grockers
    • XenForo Uploaded File Is Too Large
    Confirmed that src/config.php contains: $config['maxImageResizePixelCount'] = 60000000; Options > Resource Manager > Maximum resource file size (KB) My server allows 500MB and this is confirmed on the admin dashboard and also on the attachment size page.
    Replies
    0
    Views
    383
    mani5grockers
    mani5grockers
    hifitechindia
    • XenForo How To Create Custom User Group Icons For XenForo
    Hello everyone, Since many users have reached out to try and receive explanations of various customizations around our community, I've deciced to write up a quick tutorial on how to enable custom user group icons in front of your group names. This modification is pretty simple since there is no...
    Replies
    0
    Views
    258
    hifitechindia
    hifitechindia
    hifitechindia
    • XenForo XENFORO Remove Copyright Footer Completely [No CSS] And Css
    TYPE 1 Please try placing this code into your extra.less template /* Remove footer copyright information */ .p-footer-copyright { display: none; } # = ID element. = Class element You can use your browser element inspector to figure out what the name of the div/ID/span of the element containing...
    Replies
    0
    Views
    345
    hifitechindia
    hifitechindia
    hifitechindia
    • XenForo Change URL Main Navigation
    XenForo has many addons, and the official are XFRM and XFMG We can change the name "Resource" to "Download" in Phrase, but the URL still "yourdomain.com/resources" Go to "Setup > Route Filters" Find route : resources/ Replace with : download/ Now, you have, "yourdomain.com/download" You can...
    Replies
    0
    Views
    266
    hifitechindia
    hifitechindia
    hifitechindia
    • XenForo Background Color For Category And Forum Nodes
    Sometimes, we want different color for each category forum. So here simple css which you want to try. Add to extra.less in your template. /* Coloring Category and Node */ .block.block--category.block--categoryXX .block-header { background: -webkit-linear-gradient(335deg, #28356c 44%, #074946...
    Replies
    0
    Views
    296
    hifitechindia
    hifitechindia
    hifitechindia
    • XenForo How To Limit The Size Of Google AdSense Ads
    How to limit the size of Google AdSense ads This code is directly from Google support. Please note that this will not work for AutoAds. How to modify your responsive ad code - Google AdSense Help If you find that our responsive ad code doesn't do everything you need, you may modify your ad code...
    Replies
    0
    Views
    277
    hifitechindia
    hifitechindia

    Users who are viewing this thread

    Total: 1 (members: 0, guests: 1)
    Back
    Top