Security on admin section

[shirley]

http://wiki.oscdox.com/setting_up_se...r_admin_folder

From setting security in the .htaccess file

If you want to allow access from multiple IP address or domain names then add

allow from 999.999.999.999
allow from 000.000.000.000

Obviously you need to replace the above with your IP addresses. To specify a domain name use
allow from .yourdomainname.com
------------------------------------------------

How does one use the last statement in the .htaccess file? Is the "." real?
(allow from .yourdomainname.com).
How does this work?
I can use the first three digits of my ip address okay.
Does adding the above lines to .htaccess obviate the need to rename my admin folder?
I added captcha to my contact us page and it works fine (thanks).
Seems the safest way is to "get ip address" wherever you are, add it to the .htaccess file, use admin and then reset the file?

Thanks for any suggestions.

[ridexbuilder]

I'm not an advocate of ip address limits - a lot of us in UK have constantly rotating IP addresses. Fine if you are always in the one location, with a fixed IP.
If using a service like dyndns, then yourdomainname becomes possible.
Your client machine likely has a FQDN like localhost.yourdomainname.com, hence the leading dot.
Rename the admin directory as a matter of course.
Constantly messing with .htaccess is a recipe for disaster.

[shirley]

Got it...thanks

[ridexbuilder]

I thought that might be the case but
what does the .glendacasongallery.com do for me?
Does it negate the need for ip addresses?
What do most people do to allow more than one person in different locales with dynamic ip's to use admin?

Also, I had to make my configure.php file writeable ( I had forgot that neat change).

Allows:
server1.glendacasongallery.com, sever2.glendacasongallery.com, client1.glendacasongallery.com, client2.glendacasongallery.com, mypc.glendacasongallery.com and localhost.glendacasongallery.com to have access to admin, and all other devices in the same domain.

[shirley]

again, thanks

Just changed my admin name and logged in under the new name. folks, don't forget to chmod to write the changes...and back again.

[shirley]

I also changed the includes/configure.php file as requested. Everything worked until I did a backup from adminxxxx and got this error:

Error: Backup directory does not exist. Please set this in configure.php.

Backup Directory: /mnt/wxxxx/d46/s24/b026add5/www/store/catalog/adminxxxxbackups/ (no"/")

I assume that these two lines contain the answer:

define('DIR_FS_ADMIN', '/mnt/wxxxx/d46/s24/b026add5/www/store/catalog/adminxxxx/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

The working backups go to adminbackups.
Do I need another line here? The "/" seems to be okay
Any suggestions?

[pgmarshall]

shirley,

Not quite sure how this has not worked for you ... can you post the contents of your admin/includes/configure.php file and I will have a look for you?

Please make sure you remove the server and password information from the bottom of the file before you post ...

Regards,

[shirley]

Here is the file, I can rename the admin again if needed.
http://wiki.oscdox.com/setting_up_se...r_admin_folder

http://wiki.oscdox.com/setting_up_security
I suspect I need another line of code.

define('HTTP_SERVER', 'http://xxxxx');
define('HTTP_CATALOG_SERVER', 'http://xxx');
define('HTTPS_CATALOG_SERVER', 'https://xxxx');
define('ENABLE_SSL_CATALOG', 'FALSE');
define('DIR_FS_DOCUMENT_ROOT', '/mnt/w0209/d46/s24/b026add5/www/store/catalog');
define('DIR_WS_ADMIN', '/store/catalog/adminxxxx/');
define('DIR_FS_ADMIN', '/mnt/w0209/d46/s24/b026add5/www/store/catalog/adminxxxx/');
define('DIR_WS_CATALOG', '/store/catalog/');
define('DIR_FS_CATALOG', '/mnt/w0209/d46/s24/b026add5/www/store/catalog/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
define('DIR_FCKEDITOR', DIR_FS_CATALOG . 'FCKeditor/');
define('DIR_WS_FCKEDITOR', DIR_WS_CATALOG . 'FCKeditor/');

define(
login stuff..

?>

[shirley]

Okay, I finally got it right, I had to keep adjusting the configure.php files until it clicked.
I think I may have had some bad code changes from way back that had not caused me any problem to date - my bad.
thanks,