What changes would be necessary to the admincp (if any) so that it would deny any attempt to access it without first establishing a SSH session with the server? Or could this access be completely setup within Apache??

Ditto MODCP

What does SSH have to do with HTTP?

Do you mean a secure connection (HTTPS?)

Why not just use .htaccess?

Why not just use .htaccess?
well htaccess isn't really comparable to a secure connection.

htaccess blocks access to the page, but any data you send over the web will be just as easily readable by someone else as if there were no htaccess. A secure connection would encrypt the data being sent between your pc and the server.

Ah, HTTPS - sorry about that - tis what I was gunning at (secure http protocol).

Put this in /admincp/global.php and /modcp/global.php somewhere (should work).

if ($_SERVER['SERVER_PORT'] == 80) {
print "You must use HTTPS!";
exit;
}

Hmm.. Wouldn't a standard redirection work better?


if ($_SERVER['SERVER_PORT'] == 80)
{
eval(print_standard_redirect('redirect_secure'));
}


And then define the phrase redirect_secure

Better yet:
if ($_SERVER['SERVER_PORT'] != 443) {
header("Location: https://www.yourforum.com/forum/admincp");
exit;
}