Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > General Articles

Reply
 
Thread Tools
Protecting forum parts by htaccess
HolyKiller
Join Date: Dec 2006
Posts: 172

 

Show Printable Version Email this Page Subscription
HolyKiller HolyKiller is offline 01-05-2010, 10:00 PM

I just found a thread about protecting Admin Panel via htaccess. It is usable and +1 for the author, but... The thing is, it supports only one login which need to be shared, if you have more admins, or, you want to protect Moderator panel too and have more than one moderator. So after every staff change, you need to change your pass and tell everybody, there is a new password. Second thing, you need to edit existing vbulletin files, so, you probably need to edit them over and over again after every vBulletin update. AND the third thing, that password are plain-text stored, which is not good at all.

Once again, i dont want insult that thread author, but, i just want share my way, how to do it more "sophisticated" AND secure

1) Create a files named .htaccess and .htpasswd
(if you using Windows and get error message, create a htaccess.txt and htpasswd.txt files for now)

2) In htaccess add:
Code:
AuthUserFile /*link.to.your.protected.dir*/.htpasswd
AuthType Basic
AuthName "Protected Area"
require valid-user
- You need to set a correct path, so, you can get it easilly like this:
2a) Create a new file and add code:
Code:
<?
 phpinfo();
?>
2b) Name that file like info.php and put it INTO your directory which you want to procect (admincp, cpmod, ... etc...)

2c) Open your browser and type path to your info.php file, so something like:
http://www.yoursite.com/forum/admincp/info.php

2d) You get a full information about your php. You need to find (use browser function) a row named SCRIPT_FILENAME and on the right side you can see absolute path to info.php file. Something like this: /var/www/yoursite.com/forum/admincp/info.php

2e) Copy that path into htaccess file and rewrite info.php to .htpasswd. So you actually got this in .htaccess file:

Code:
AuthUserFile /var/www/yoursite.com/forum/admincp/.htpasswd
AuthType Basic
AuthName "Protected Area"
require valid-user
3) Now you need to set up some usernames nad hashed passwords. I recomanded THIS page. It rly helps you. Just insert your username and password (that name and pass, what you want to use for protecting your files) and click on "Create Password". So for example we use username Anton and passsword whiteglass and we get this:

Code:
Anton:H8hXcFoiSNgtY
and thats exactly what we need, so we just copy&paste this into .htpasswd file. By the way, you can add more users into .htaccess file. Just generate more name/pass and add them, one on each row. So you can use your own name and pass, and your co-admin another username and password. Or if you protecting your modcp directory, you can create specific login for each moderator

4) Save both files and upload them on your server.

5) Now, try to access your admincp. You shoud get a small window popped up. If not, you did something wrong and you need to start over.


BTW: If you used htaccess.txt and htpasswd.txt names, you need to rename them after upload. The correct names are .htaccess and .htpasswd WITH that DOT on start!

Dont forget to delete that info.php file

Hope it helps

Yea, and sorry for my english, i'm from Czech republic

Holy
Reply With Quote
  #2  
Old 01-05-2010, 11:02 PM
HolyKiller HolyKiller is offline
 
Join Date: Dec 2006
Posts: 172
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you already using the second way, make sure you revert your index files back to original vBulletin first
Reply With Quote
  #3  
Old 01-07-2010, 03:35 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks, this way is a little nicer then the current way I am, plus I like how the passwords are not in plain text anymore.
Reply With Quote
  #4  
Old 01-07-2010, 01:18 PM
we_are_borg we_are_borg is offline
 
Join Date: Jul 2004
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

On a small side note never put .htpasswd in a place that is world readable it should go before the directory where you place your webcontent, most systems will allow this or have even a special place for it.

If your lazy like me there is a program called Deadlock that will use a database and normal htaccess and htpasswd files to grant access to it.
Reply With Quote
  #5  
Old 01-08-2010, 02:50 PM
abdobasha2004's Avatar
abdobasha2004 abdobasha2004 is offline
 
Join Date: Aug 2008
Posts: 541
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

nice one for users who have no access to make fire walls
Reply With Quote
  #6  
Old 09-14-2010, 06:29 AM
Shabcool Shabcool is offline
 
Join Date: Jul 2008
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks dir
Reply With Quote
  #7  
Old 11-08-2010, 12:18 PM
rtyagis rtyagis is offline
 
Join Date: Feb 2009
Posts: 87
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Nice simple article for new users like me. Anyway thanks.
Reply With Quote
  #8  
Old 09-17-2011, 04:59 PM
FReeSTER FReeSTER is offline
 
Join Date: Jun 2006
Location: Rome
Posts: 730
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you mate, I will try this
Reply With Quote
  #9  
Old 09-23-2011, 05:07 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've always liked these as well:

.htaccess password protect a single File:
http://webdesign.about.com/od/htacce...ord_1_file.htm

.htaccess password protect a Folder:
http://webdesign.about.com/od/htacce...hthtaccess.htm

.htaccess authentication generator:
http://www.htaccesstools.com/htaccess-authentication/

.htaccess password generator:
http://www.htaccesstools.com/htpasswd-generator/
Reply With Quote
  #10  
Old 10-27-2012, 02:22 AM
Dorgham's Avatar
Dorgham Dorgham is offline
 
Join Date: May 2012
Location: Egypt
Posts: 69
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It is really the best protection for all website owners
Thanks a lot
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:40 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04651 seconds
  • Memory Usage 2,288KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (1)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete