Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Restricting Admin Access via .htaccess


Mort-lemur

Recommended Posts

Hi,

 

In an ideal world we would all be operating on fixed IP addresses from our ISP and so would be able to ban all but that IP from our OSC site admin using the admin/.htaccess file.

 

Most of us though are on dynamic IPs which change with each login to the ISP which makes life a little more difficult.

 

I have added the following to my admin/.htaccess file to prevent admin folder access to everyone apart from the IPs allocated by my own ISP.

 

order deny,allow
deny from all
allow from 88.101
allow from 88.102
allow from 88.103

 

Whilst I agree that this will not stop 100% of admin attacks - it must go a long way to help, especially when coupled with mods like OSC SEC etc.

 

To find your ISPs range of IP addresses paste your current IP address into the seach bar on sites like : http://wq.apnic.net/apnic-bin/whois.pl

 

This was discussed in the .htaccess hardening thread by Taipo who should take all credit.

 

Any feedback or comments would be appreciated.

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

that is almost useless. i would rather starting the day by checking "what is my IP" and update htaccess. i know this is a pain so why not just pay a few pounds to get a dedicated ip. just pick up the phone and talk to them. if they say they cant give you one then tell them you are to jump ship to the isp that would give you a dedicated ip if you pay. surely there are those isps in the uk i know it because i have my own dedicated ip which i use to keep out eveyone including search engines when i am testing clients site on testing server so that it wont cause 'duplicate' contents - a stupid thing from the too clever google.

ken

commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile).

over 20 years of computer programming experience.

Link to comment
Share on other sites

Hi Ken,

 

Thanks for your feedback.

 

The reason I dont want to change ISP's is that I have had the same personal emails for many many years and dont fancy (too lazy?) changing them.

 

I know that a fixed IP address is the way to go for complete peace of mind as would be a dedicated server, but what Im suggesting above is a solution for those who cant / don't want to go to the extra expense right away of a fixed IP address.

 

Personally I don't think it is "Almost Useless" as for in my case it will stop access to admin for all but users of one ISP in the UK.

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...