Secure admin backend.. Help and/or ideas pleassee

[edgecrush3r]

Hi guys,

I really want to shield my admin backend from the outside world, and was wonderring if anyone can help me with the ideas behind it.

I've setted up SSL and apache correctly, and moved the Admin directory into its own virtual_host definition so I can have my own entry sayin: https://admin.myshop.com.

This all works fine, but I really want to limit the access rights by either secure login and/or certificate based IP restriction. Right now I dont even get an Login page, to get to the Admin backend .

1) Does anyone know how to create SSL-certificates that are only granting certain IP's ?
2) How do I enable the admin login ?


Thanks,
edgecrush3r.

[jpf]

Do you have MS2-MAX installed? It has it's own user login built into it.

as for restricted access look up about using HTACCESS and such (not an OSC thing - but a general web SERVER based access restriction)

Good Luck

[makemethis]

I would change the folder admin to another name also...which means setting up the admin config to match... FYI - I use the HTACCESS, the MS2-MAX login and with the admin area in SSL... works fine

[edgecrush3r]

Thanks guys,

I've been able to set-up the admin directory in an complete different Virtual-Host, with SSL, next to that I use the Apache "Allow from IP-XXXX" and a basic authentication pop-up.

I guess this should block most attacks next to my firewall setup.