Restrict Admin Area Access To Certain Ips

[Gareth-Host Red Dragon]

Is it possible to restrict access to blestas admin area to certain IP addresses via .htaccess?

[Daniel B]

add a .htaccess into the admin directory with the following code:

 

Order Deny,Allow
Deny from all
Allow from 1.1.1.1

of course put the IPs you want in it, multiple IPs can be separated by a single space on the same line (no commas)

[Gareth-Host Red Dragon]

add a .htaccess into the admin directory with the following code:

Order Deny,Allow
Deny from all
Allow from 1.1.1.1

of course put the IPs you want in it, multiple IPs can be separated by a single space on the same line (no commas)

Thanks. Does Blesta have an actual admin directory though? Will have to check when I get home.

[Daniel B]

I didn't even think about that, lol....sorry...just posted a generic fix for htaccess IP blocking

 

I'll let someone else come along and chime in on this one, as I've never really messed with this on a rewrite level and wouldn't want to help you screw it up

[Gareth-Host Red Dragon]

I didn't even think about that, lol....sorry...just posted a generic fix for htaccess IP blocking

I'll let someone else come along and chime in on this one, as I've never really messed with this on a rewrite level and wouldn't want to help you screw it up

No problem, thanks for your help anyway.

[Timothy]

You could try using a location match. Apache 2 or 2.2.<Location /admin>Order Deny,Allow Deny from all Allow from 1.1.1.1</Location>

 

Apache 2.4

<Location /admin>

Require ip 1.1.1.1

</Location>

[Gareth-Host Red Dragon]

You could try using a location match. Apache 2 or 2.2.

<Location /admin>
Order Deny,Allow 
Deny from all 
Allow from 1.1.1.1
</Location>

Apache 2.4

<Location /admin>

Require ip 1.1.1.1

</Location>

Thanks will give that a go later today.

[AllToolKits.com]

oh! i just realized that blesta don't have admin folder, so restriction to admin via ip is impossible?

Isn't it a security issue?

 

How blesta render features to admin and users, by just checking user type?

[Timothy]

You don't need a admin folder to restrict by path. For Apache servers  you can use the location example as stated above to do it. More information can be found at https://httpd.apache.org/docs/current/mod/core.html#location

 

For security you should probably rename your /admin area to something else. Change the following line in the route.php file.

 

Configure::set("Route.admin", "admin"); to something like Configure::set("Route.admin", "ziggyzoo"); to change the path to /ziggyzoo.

Hope that helps.