Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Password Protect All Directories?
#11
This user has been denied support. This user has been denied support.
(2012-11-05, 02:47 AM)Josh H. Wrote:
(2012-11-05, 02:35 AM)kamz89 Wrote:
(2012-11-03, 03:08 AM)pavemen Wrote:
(2012-10-02, 01:16 AM)kamz89 Wrote:
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote: There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.

you are missing the point, just use deny from all and be done with it. no one, not even you on your own site, needs direct HTTP access to anything other the forum root, admin and uploads folders. using deny from all in htaccess does not impact php calling the files, nor (S)FTP access to the folder.

Oh shoot you have a point. I had to read your post three times to understand what you meant lol.

Just to stay on the safe side, I can deny access to all the folders except the forum root, uploads and admin and the forums denied direct access would not impact the way my site currently functions right?

I think you could leave uploads, because it can be useful at times.

So you mean do or don't?
#12
Don't
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
#13
only leave the <forum_root>, <forum_root>/uploads, and <forum_root>/<admin_dir> open. in fact, you can use htpasswd on <forum_root>/<admin_dir> instead for extra security.
Lost interest, sold my sites, will browse here once in a while. It's been fun.
#14
This user has been denied support. This user has been denied support.
I'm a bit confused. I added "deny from all" text into notepad and saved it as htaccess.txt and uploaded it to my /inc/ dir but it didn't seem to work.
#15
you need to then rename it to .htaccess
Lost interest, sold my sites, will browse here once in a while. It's been fun.
#16
This user has been denied support. This user has been denied support.
(2012-11-10, 04:35 AM)pavemen Wrote: you need to then rename it to .htaccess

Thanks and in the file I'm uploading I just need to put this, nothing else right?

deny from all
#17
yes, that is it

but if you want more details/better understanding, read this http://www.kavoir.com/2009/01/htaccess-d...ccess.html
Lost interest, sold my sites, will browse here once in a while. It's been fun.
#18
This user has been denied support. This user has been denied support.
I denied access for the inc folder, should I do the same any other folder especially the images?
#19
never for images, those are required by the browser.

basically file you see in the source of the page, whether images, css, js, video, icon, pdf, etc) must not be blocked, including the page in the address bar
Lost interest, sold my sites, will browse here once in a while. It's been fun.


Forum Jump:


Users browsing this thread: 1 Guest(s)