I recently upgraded my site from 1.3.7 to 1.5.0 and everything seems to be working well.
One thing I did notice is that I used to restrict access to the admin area to just my IP by a mod in the admin .htaccess
Code:
# Restrict IP for admin logon
<Limit GET POST>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</Limit>
If I add this now, it doesn't work properly, presumably as there have been mods to the standard admin .htaccess (probably at 1.3.9).
In the new file, searching the forums gives a suggestion of changing:
Code:
# but now allow just *certain* necessary files:
<FilesMatch "(^$|^favicon.ico$|.*\.(php|js|css|jpg|gif|png)$)">
Order Allow,Deny
Allow from all
</FilesMatch>
to
Code:
# but now allow just *certain* necessary files:
<FilesMatch "(^$|^favicon.ico$|.*\.(php|js|css|jpg|gif|png)$)">
Order Allow,Deny
Allow from xxx.xxx.xxx.xxx
</FilesMatch>
This does seem to work ok, but is it likely to cause any issues to the normal running of ZC. I am just trying to tighten security, but if it's likely to cause problems, or have no real benefit, then I may be better leaving it standard.
Bookmarks