Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2008
    Posts
    8
    Plugin Contributions
    0

    Default IIS - Zen - Annonymous Access

    Well, I have ZC installed on an IIS server. Shared. I am in the process of increasing the security of the system. I have a tip and a question...

    Tip - I moved my admin directory. Then, what I did was I went into my hosting control panel and disabled anonymous access over http and ssl. Now, I only access the admin functions over SSL and it requires your IIS admin username / PW. This is somewhat of a help. I think this is probably a good thing. Once you are on, however, the pages go back to http. But, at least you are logging on using https.

    Question - are there any other directories I can deny anonymous access to in the zen file structure?

    Question - can anyone point me to a FAQ that is specifically for securing Zen on an IIS server? I want to lock my shop down as best as possible. I am only doing paypal/checks/MOs as payment options. But, I would still like to make sure that the board is as safe as possible.

    Thanks!

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: IIS - Zen - Annonymous Access

    The "anonymous access" restrictions you talk about are akin to the file-access restrictions in the supplied .htaccess files which apache honors.
    Granted, you don't want to go moving all folders around or you'll end up with trouble.

    The admin area also uses the editors folder, which you could secure similarly as you described.

    The existing security guide can be used with relatively equal application to your situation, making adjustments as appropriate for your server:
    https://www.zen-cart.com/tutorials/index.php?article=73
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. can't access Zen-Cart admin??
    By maxy007 in forum Customization from the Admin
    Replies: 3
    Last Post: 26 Dec 2010, 05:35 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR