Is there any code I can add to the .htaccess file on my development site to only allow access to the admin IP address? i.e only allow access to the store to the admin when logged into the admin area?
Is there any code I can add to the .htaccess file on my development site to only allow access to the admin IP address? i.e only allow access to the store to the admin when logged into the admin area?
Phil Rogers
A problem shared is a problem solved.
I was test with my site http://trihung.comCode:Order Deny,Allow Deny from all Allow from adminip
nope.. that doesnt work
im assuming you are meaning to hard code in my ip.. my ip changes, I want it to allow based on the current admin ip.
anyone else know how to achieve this?
Phil Rogers
A problem shared is a problem solved.
You could try putting the site into "maintenance" mode. This will by default only allow the IP Addresses you add in the admin area to browse the store. Although if I remember correctly some features such as downloadable products do not always work in "maintenance" mode. You could also just go in via SFTP / FTPS and edit the allowed IP address each time.
If you just don't want search engines to crawl / index the site you can add a robots.txt to request they ignore all URLs on your site / folder.
If you do not want the world to access your development site:
- Site on a PUBLIC facing webserver, use static IPs on the clients and configure to allow only those IPs.
- Site on a PUBLIC facing webserver, use a authentication method (Apache or another method).
- Move the development site to a NON-PUBLIC facing webserver, use VPN / SSH Tunnel / etc to access network remotely. This lets multiple team members work on the website at the same time. In conjunction with version control (such as GIT / SVN) and project management software this works well.
- Move the development site to your local computer, block external requests. Good for local testing of websites + email generation.
I do a combination of the last two... I test my changes locally and when done: commit to VCS (in my setup this goes to a shared development server for regression + unit testing) and log my changes to the PM software. In a few cases I have had a business need for a PUBLIC facing webserver for testing, but it is rare.
The glass is not half full. The glass is not half empty. The glass is simply too big!
Where are the Zen Cart Debug Logs? Where are the HTTP 500 / Server Error Logs?
Zen Cart related projects maintained by lhûngîl : Plugin / Module Tracker
Set up to use a 'Dynamic DNS' and use hostname instead of IP address in the 'Allow From'
Alternatively, ask your ISP the range of IP addresses from the pool they assign to you and allow only those IP's. (keeping in mind that this will still allow anyone using the same ISP as you 'unrestricted' access.
If you prefer to keep things simpler, just restrict the admin folder(s) via a .htaccess password. It's just as secure, with little chance of locking yourself out.
Cheers
Rod
How does the store front look in maintainance mode? Is there just access to a single holding page unless you are admin? Where are the ip addresses set?
Thanks
Phil Rogers
A problem shared is a problem solved.
just tried it, down for maintenance is perfect, does exactly what I need :o)
Phil Rogers
A problem shared is a problem solved.
Yes (as you have discovered).
What you may not realise is that this page can be customised. Darnit. I forget the name of the file.
This is set by ZenCart based on the IP address of the admin user currently logged in (I think).
I don't know when this gets reset, but I'd assume that if you happened to lose connection to your ISP whilst in maintainance mode and get assigned a new IP address you could find yourself locked out of the system (Don't panic, this would be rare, and there are ways to recover)
Cheers
Rod