MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Password Protect All Directories?
Full Version: Password Protect All Directories?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

Adobe

2012-11-05, 03:16 AM
(2012-11-05, 02:47 AM)Josh H. Wrote: [ -> ]
(2012-11-05, 02:35 AM)kamz89 Wrote: [ -> ]
(2012-11-03, 03:08 AM)pavemen Wrote: [ -> ]
(2012-10-02, 01:16 AM)kamz89 Wrote: [ -> ]
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote: [ -> ]There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.

you are missing the point, just use deny from all and be done with it. no one, not even you on your own site, needs direct HTTP access to anything other the forum root, admin and uploads folders. using deny from all in htaccess does not impact php calling the files, nor (S)FTP access to the folder.

Oh shoot you have a point. I had to read your post three times to understand what you meant lol.

Just to stay on the safe side, I can deny access to all the folders except the forum root, uploads and admin and the forums denied direct access would not impact the way my site currently functions right?

I think you could leave uploads, because it can be useful at times.

So you mean do or don't?

Josh H.

2012-11-05, 03:49 AM
Don't

pavemen

2012-11-05, 04:44 AM
only leave the <forum_root>, <forum_root>/uploads, and <forum_root>/<admin_dir> open. in fact, you can use htpasswd on <forum_root>/<admin_dir> instead for extra security.

Adobe

2012-11-10, 04:11 AM
I'm a bit confused. I added "deny from all" text into notepad and saved it as htaccess.txt and uploaded it to my /inc/ dir but it didn't seem to work.

pavemen

2012-11-10, 04:35 AM
you need to then rename it to .htaccess

Adobe

2012-11-10, 06:01 AM
(2012-11-10, 04:35 AM)pavemen Wrote: [ -> ]you need to then rename it to .htaccess

Thanks and in the file I'm uploading I just need to put this, nothing else right?

deny from all

pavemen

2012-11-10, 03:54 PM
yes, that is it

but if you want more details/better understanding, read this http://www.kavoir.com/2009/01/htaccess-d...ccess.html

Adobe

2012-11-11, 12:58 AM
I denied access for the inc folder, should I do the same any other folder especially the images?

pavemen

2012-11-11, 03:12 PM
never for images, those are required by the browser.

basically file you see in the source of the page, whether images, css, js, video, icon, pdf, etc) must not be blocked, including the page in the address bar
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Password Protect All Directories?