Routes .htaccess

[Michael]

I was just wondering guys if there's a way to do a .htaccess to block access to a route in .htaccess?

[PauloV]

I was just wondering guys if there's a way to do a .htaccess to block access to a route in .htaccess?

 

yes there is

 

Just create a file called .htaccess and put that file on the directory you whant to block with the text inside:

Deny from  all

or you can create a .htaccess and put on your main Blesta folder with something like this

RewriteEngine On
# change client/login/ path for any outher path you want to blobk
RewriteRule ^client/login/$ [F]

Hope that helps

[Michael]

yes there is

 

Just create a file called .htaccess and put that file on the directory you whant to block with the text inside:

Deny from  all

or you can create a .htaccess and put on your main Blesta folder with something like this

RewriteEngine On
# change client/login/ path for any outher path you want to blobk
RewriteRule ^client/login/$ [F]

Hope that helps

 

 

Didn't work mate as I'm trying to see if we can only allow certain IPs.

 

Tried:

RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{REMOTE_ADDR} ^125\.255\.125\.255
RewriteRule ^admin/login/(.*)$ ./index.php

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^125\.255\.125\.255
# change client/login/ path for any outher path you want to blobk
RewriteRule ^admin/login/$ [F,L]
RewriteCond %{REQUEST_URI} ^admin/login/$
RewriteRule ^(.*)$ index.php [R=301,L]

[Tyson]

Not sure exactly what you're trying to do, but I use

# Only let the IP 123.123.123.123 view the site. Redirect everyone else to /my/page.php
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_URI} !/my/page.php$
RewriteCond %{REMOTE_HOST} !^123\.123\.123\.123
RewriteRule $ /my/page.php [R=302,L]

[Michael]

 

Not sure exactly what you're trying to do, but I use

# Only let the IP 123.123.123.123 view the site. Redirect everyone else to /my/page.php
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_URI} !/my/page.php$
RewriteCond %{REMOTE_HOST} !^123\.123\.123\.123
RewriteRule $ /my/page.php [R=302,L]

 

Thanks mate didn't work I'm trying to restrict access to the admin routes. So if someone tries to be clever they'd just get sent back to the billing portal and not the admin login page if you get me?

[Blesta Addons]

i use

 

you can use

<Files routes.php>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Files>

[Michael]

 

i use

 

you can use

<Files routes.php>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Files>

 

Thanks mate but that just allowed me to get on. I think if more people would like to be able to limit the routes for admin I will open a feature request because I believe to get it limited will need edits to the routes.php

[PauloV]

Thanks mate didn't work I'm trying to restrict access to the admin routes. So if someone tries to be clever they'd just get sent back to the billing portal and not the admin login page if you get me?

 

 

Very strange that dosent work for you. We use them without any problems

 

Do you have any restriction on using .htaccess and/or Rewrite Engine on Apache?

 

Its better and more secure to restrict in .htaccess then in any outher Blesta Core File because in this way there is no direct access to any Blesta File in that rule.

 

A great sugestion is for exemple make Admin Routes Random in the blesta cron every day and send the new route to staff members by email and/or by any sms gateway

[Michael]

Very strange that dosent work for you. We use them without any problems

 

Do you have any restriction on using .htaccess and/or Rewrite Engine on Apache?

 

Its better and more secure to restrict in .htaccess then in any outher Blesta Core File because in this way there is no direct access to any Blesta File in that rule.

 

A great sugestion is for exemple make Admin Routes Random in the blesta cron every day and send the new route to staff members by email and/or by any sms gateway

 

I don't have any restrictions that I know of mate.

[interfasys]

Thanks mate didn't work I'm trying to restrict access to the admin routes. So if someone tries to be clever they'd just get sent back to the billing portal and not the admin login page if you get me?

Here you go, mate.

RewriteCond %{REMOTE_HOST} !^192\.168\.1\.
RewriteRule ^admin https://myblesta.panel [L]

[Michael]

 

Here you go, mate.

RewriteCond %{REMOTE_HOST} !^192\.168\.1\.
RewriteRule ^admin https://myblesta.panel [L]

 

Still shows me the admin area mate without my ip :s.

[interfasys]

Still shows me the admin area mate without my ip :s.

Ah, but that's because you didn't put this rule first