Michael Posted August 11, 2014 Report Posted August 11, 2014 I was just wondering guys if there's a way to do a .htaccess to block access to a route in .htaccess? Quote
0 PauloV Posted August 11, 2014 Report Posted August 11, 2014 On 8/11/2014 at 8:24 AM, Licensecart said: I was just wondering guys if there's a way to do a .htaccess to block access to a route in .htaccess? yes there is Just create a file called .htaccess and put that file on the directory you whant to block with the text inside: Deny from all or you can create a .htaccess and put on your main Blesta folder with something like this RewriteEngine On # change client/login/ path for any outher path you want to blobk RewriteRule ^client/login/$ [F] Hope that helps Michael 1 Quote
0 Michael Posted August 11, 2014 Author Report Posted August 11, 2014 On 8/11/2014 at 9:27 AM, PauloV said: yes there is Just create a file called .htaccess and put that file on the directory you whant to block with the text inside: Deny from all or you can create a .htaccess and put on your main Blesta folder with something like this RewriteEngine On # change client/login/ path for any outher path you want to blobk RewriteRule ^client/login/$ [F] Hope that helps Didn't work mate as I'm trying to see if we can only allow certain IPs. Tried: RewriteEngine On RewriteCond %{SCRIPT_FILENAME} !-d RewriteCond %{SCRIPT_FILENAME} !-f RewriteCond %{REMOTE_ADDR} ^125\.255\.125\.255 RewriteRule ^admin/login/(.*)$ ./index.php RewriteEngine On RewriteCond %{REMOTE_ADDR} ^125\.255\.125\.255 # change client/login/ path for any outher path you want to blobk RewriteRule ^admin/login/$ [F,L] RewriteCond %{REQUEST_URI} ^admin/login/$ RewriteRule ^(.*)$ index.php [R=301,L] Quote
0 Tyson Posted August 11, 2014 Report Posted August 11, 2014 Not sure exactly what you're trying to do, but I use # Only let the IP 123.123.123.123 view the site. Redirect everyone else to /my/page.php Options +FollowSymlinks RewriteEngine On RewriteCond %{REQUEST_URI} !/my/page.php$ RewriteCond %{REMOTE_HOST} !^123\.123\.123\.123 RewriteRule $ /my/page.php [R=302,L] PauloV and Michael 2 Quote
0 Michael Posted August 11, 2014 Author Report Posted August 11, 2014 On 8/11/2014 at 5:22 PM, Tyson said: Not sure exactly what you're trying to do, but I use # Only let the IP 123.123.123.123 view the site. Redirect everyone else to /my/page.php Options +FollowSymlinks RewriteEngine On RewriteCond %{REQUEST_URI} !/my/page.php$ RewriteCond %{REMOTE_HOST} !^123\.123\.123\.123 RewriteRule $ /my/page.php [R=302,L] Thanks mate didn't work I'm trying to restrict access to the admin routes. So if someone tries to be clever they'd just get sent back to the billing portal and not the admin login page if you get me? Quote
0 Blesta Addons Posted August 12, 2014 Report Posted August 12, 2014 i use you can use <Files routes.php> Order deny,allow Deny from all Allow from 127.0.0.1 </Files> Michael 1 Quote
0 Michael Posted August 12, 2014 Author Report Posted August 12, 2014 On 8/12/2014 at 1:02 AM, naja7host said: i use you can use <Files routes.php> Order deny,allow Deny from all Allow from 127.0.0.1 </Files> Thanks mate but that just allowed me to get on. I think if more people would like to be able to limit the routes for admin I will open a feature request because I believe to get it limited will need edits to the routes.php Quote
0 PauloV Posted August 12, 2014 Report Posted August 12, 2014 On 8/11/2014 at 8:31 PM, Licensecart said: Thanks mate didn't work I'm trying to restrict access to the admin routes. So if someone tries to be clever they'd just get sent back to the billing portal and not the admin login page if you get me? Very strange that dosent work for you. We use them without any problems Do you have any restriction on using .htaccess and/or Rewrite Engine on Apache? Its better and more secure to restrict in .htaccess then in any outher Blesta Core File because in this way there is no direct access to any Blesta File in that rule. A great sugestion is for exemple make Admin Routes Random in the blesta cron every day and send the new route to staff members by email and/or by any sms gateway Blesta Addons 1 Quote
0 Michael Posted August 12, 2014 Author Report Posted August 12, 2014 On 8/12/2014 at 8:37 AM, PauloV said: Very strange that dosent work for you. We use them without any problems Do you have any restriction on using .htaccess and/or Rewrite Engine on Apache? Its better and more secure to restrict in .htaccess then in any outher Blesta Core File because in this way there is no direct access to any Blesta File in that rule. A great sugestion is for exemple make Admin Routes Random in the blesta cron every day and send the new route to staff members by email and/or by any sms gateway I don't have any restrictions that I know of mate. Quote
0 interfasys Posted August 12, 2014 Report Posted August 12, 2014 On 8/11/2014 at 8:31 PM, Licensecart said: Thanks mate didn't work I'm trying to restrict access to the admin routes. So if someone tries to be clever they'd just get sent back to the billing portal and not the admin login page if you get me? Here you go, mate. RewriteCond %{REMOTE_HOST} !^192\.168\.1\. RewriteRule ^admin https://myblesta.panel [L] Michael 1 Quote
0 Michael Posted August 12, 2014 Author Report Posted August 12, 2014 On 8/12/2014 at 7:15 PM, interfasys said: Here you go, mate. RewriteCond %{REMOTE_HOST} !^192\.168\.1\. RewriteRule ^admin https://myblesta.panel [L] Still shows me the admin area mate without my ip :s. Quote
0 interfasys Posted August 12, 2014 Report Posted August 12, 2014 On 8/12/2014 at 7:30 PM, Licensecart said: Still shows me the admin area mate without my ip :s. Ah, but that's because you didn't put this rule first Quote
Question
Michael
I was just wondering guys if there's a way to do a .htaccess to block access to a route in .htaccess?
11 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.