1

Topic: Admin security

I'm considering moving the admin files from:

http://www.site.com/admin_index.php

to a new admin directory:

http://www.site.com/admin/admin_index.php

This way i can password protect the 'admin' directory via ensim as an extra security measure.

I'm new to punBB - looks excellent buy the way - so my question is what files would i have to alter so that the paths match up?

Thanks.

Re: Admin security

you would need to alter the PUN_ROOT constant in those files i think, and probably edit header.php to make the styles work, you would obviously need to change the admin link at the top, and also the links at the top would then not work when you were in the admin section unless you made them absolute

i think thats it but you might encounter other problems

3 (edited by Elzar 2005-07-17 16:23)

Re: Admin security

Got it half working.

The root path was changed to:

define('PUN_ROOT', './../');

And then edited the urls in header.php and functions.php.

The only problem is that i'm getting the HTTP_REFERER errors when making changes.

4

Re: Admin security

Got it working perfectly now.

If anyone want to know how to do it, let me know. It's an excellent security solution.

Re: Admin security

Elzar: I'm sure people are interested, so go ahead and post your suggested solution smile

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: Admin security

For my forum i'm using an .htaccess file in the punbb directory ... like this :

<Files admin_bans.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>






<Files admin_categories.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_censoring.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_forums.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_groups.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_index.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_loader.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_maintenance.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_options.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_permissions.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_prune.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_ranks.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_reports.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>





<Files admin_users.php>

PerlSetVar AuthFile secret/passlist 
AuthName "Protected area"
AuthType Basic

<LIMIT GET POST>

require valid-user

</LIMIT>

</Files>

wink

7

Re: Admin security

That means requesting a password for every file, which would be a tad annoying in my opinion...

8

Re: Admin security

about /admin/ folder solution
i've changed PUN ROOT,
put some vars in config.php (pathes for style etc) edited header.php to use this vars but some pages shows witout styles (not logged etc)

how can it happen? any advices?

9

Re: Admin security

Elzar wrote:

Got it working perfectly now.

If anyone want to know how to do it, let me know. It's an excellent security solution.

Can you share your solution

Re: Admin security

Elzar wrote:

Got it working perfectly now.

If anyone want to know how to do it, let me know. It's an excellent security solution.

I'm interested in learn more about your solution.  Thanks.