2012-11-05, 03:16 AM
(2012-11-05, 02:47 AM)Josh H. Wrote: [ -> ](2012-11-05, 02:35 AM)kamz89 Wrote: [ -> ](2012-11-03, 03:08 AM)pavemen Wrote: [ -> ](2012-10-02, 01:16 AM)kamz89 Wrote: [ -> ](2012-09-30, 06:05 AM)Nathan Malcolm Wrote: [ -> ]There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.
http://www.mybbsecurity.net/topic-protec...-directory
True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.
you are missing the point, just use deny from all and be done with it. no one, not even you on your own site, needs direct HTTP access to anything other the forum root, admin and uploads folders. using deny from all in htaccess does not impact php calling the files, nor (S)FTP access to the folder.
Oh shoot you have a point. I had to read your post three times to understand what you meant lol.
Just to stay on the safe side, I can deny access to all the folders except the forum root, uploads and admin and the forums denied direct access would not impact the way my site currently functions right?
I think you could leave uploads, because it can be useful at times.
So you mean do or don't?