Limiting access to the Admin Interface without SSL
Posted: Mon Jan 29, 2007 1:47 am
If your hosting service does not provide a shared SSL certificate or if your account does not otherwise enable you to configure SSL connections, you can limit connections to the admin part of your site by adding an ".htaccess" file with the following contents in the admin directory:
order deny,allow
deny from all
allow from 127.0.0.1
You will need to replace the "127.0.0.1" with your IP address. If you do not know your IP address go to:
http://www.dslreports.com/whois
You may add an additional "allow from..." line to specify the IP address for every user authorized to access the admin pages.
Because most ISPs assign dynamic IP addresses, you will need to update the ".htaccess" file whenever you find you can no longer access the admin part of your site. You will also need to change it using your FTP client or ISP file manager interface when accessing your site on the road or from a borrowed computer.
While this is handy for small sites with a limited number of administrators and content editors, it obviously does not scale particularly well. Than again, if your site is large enough for this to be really cumbersome, you probably need a hosting account where you can enable SSL and then you need to patch your installation of CMSMS so that the admin interface may only be accessed over SSL.
order deny,allow
deny from all
allow from 127.0.0.1
You will need to replace the "127.0.0.1" with your IP address. If you do not know your IP address go to:
http://www.dslreports.com/whois
You may add an additional "allow from..." line to specify the IP address for every user authorized to access the admin pages.
Because most ISPs assign dynamic IP addresses, you will need to update the ".htaccess" file whenever you find you can no longer access the admin part of your site. You will also need to change it using your FTP client or ISP file manager interface when accessing your site on the road or from a borrowed computer.
While this is handy for small sites with a limited number of administrators and content editors, it obviously does not scale particularly well. Than again, if your site is large enough for this to be really cumbersome, you probably need a hosting account where you can enable SSL and then you need to patch your installation of CMSMS so that the admin interface may only be accessed over SSL.