Matt
Owner
These are a couple of tips I thought I'd share on how I secure my own XenForo installations with .htaccess
I'm lucky enough to have static IP addresses at work and home, so I lock down the admin.php and /install/ directory to access only from my own IP addresses
First, securing admin.php
The order is important, as it will first Deny all request, unless they are from the allowed list. We then deny all requests, and only allow from the listed addresses
My own .htaccess file has the 403 set to simply redirect back to the root URL
The same is done in the /install/ directory
So when anyone other than myself tries to reach the admin.php file or the /install/ directory, they are bounced back to the forum home.
I'm lucky enough to have static IP addresses at work and home, so I lock down the admin.php and /install/ directory to access only from my own IP addresses
First, securing admin.php
Code:
#Limit Access to ACP
<Files "admin.php">
Order Deny,Allow
Deny from all
allow from xxx.xxx.xxx.xxx
allow from yyy.yyy.yyy.yyy
</Files>The order is important, as it will first Deny all request, unless they are from the allowed list. We then deny all requests, and only allow from the listed addresses
My own .htaccess file has the 403 set to simply redirect back to the root URL
Code:
ErrorDocument 401 default
ErrorDocument 403 https://z22se.co.uk/
ErrorDocument 404 default
ErrorDocument 500 defaultThe same is done in the /install/ directory
Code:
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
allow from yyy.yyy.yyy.yyy
ErrorDocument 404 https://z22se.co.uk/
ErrorDocument 403 https://z22se.co.uk/So when anyone other than myself tries to reach the admin.php file or the /install/ directory, they are bounced back to the forum home.
