Yes. That is correct. I have a rule in place to block access to the admin fold from all but one IP address. But it seems to not workAny ideas why?
Yes. That is correct. I have a rule in place to block access to the admin fold from all but one IP address. But it seems to not workAny ideas why?
Offhand, I can't see why it shouldn't work, but personally I think that there is a better solution anyway.
Log onto your sites Cpanel, and click on the option to "Password Protect Directories", then navigate your way to your admin directory and click on it. This will bring up a page where you van enter a password. Create a new password (different from your store admin password) and save the settings.
Now when people attempt to access you admin folder (from anywhere) they've be greeted with an 'enter password' popup box before they can go any further, and if by some sheer fluke they happen to get passed this password protection they'll still need to kniw the username/password for the admin of your store.
The downside of this is when *you* want to log into the admin of the store you'll need to enter two different passwords.
Just a suggestion.
Cheers
RodG
ps. You could also use
Order Allow,Deny
Allow from xxx.xxx.xxx.xxx
It's more efficient than the Deny,Allow. Anything not specifically allowed is denied.
http://httpd.apache.org/docs/2.2/mod...ost.html#order
Last edited by RodG; 8 Sep 2014 at 06:24 PM.
Many thanks RodG. I have added the password "Password Protect Directories" via the cPanel. I also believe I have solved the IP problem, by adding the following in green. It may seem overkill, but it brings me more peace of mind after the constant and direct probing we were suffering.
# but now allow just *certain* necessary files:
<FilesMatch "(^$|^favicon.ico$|.*\.(php|js|css|jpg|gif|png)$)">
Order deny,allow
Deny from all
Allow from ***.***.***.***
</FilesMatch>
Ah yes, I will change to
Order Allow,Deny
Allow from xxx.xxx.xxx.xxx
![]()