Post by mameha » Fri Jun 21, 2013 12:58 am

How do I rename the /admin/ directory?

I tried simply renaming the directory via FTP, but that did not work. Presumably I need to amend the htaccess to rewrite my custom directory name to /admin/. I think this should be explained in the online manual:
http://docs.opencart.com/display/openca ... +practices

Newbie

Posts

Joined
Wed Jun 19, 2013 5:26 pm

Post by mameha » Fri Jun 21, 2013 2:51 pm

OK I found the answer by chance in the comments of another post.

To change the /admin/ dir you have to change the directory name by FTP and then also update the /admin/config.php to use the new directory name. This info should be put in the documentation.

Newbie

Posts

Joined
Wed Jun 19, 2013 5:26 pm

Post by thomash2 » Tue Jul 30, 2013 12:50 am

Whats the difference between using for the catalog and images directory the recommended .htaccess from the

1)Opencart documentation:

<FilesMatch "\.(php|tpl|txt)$">
Order Deny,Allow
Deny from all
</FilesMatch>


2)What the OP recommends:

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpeg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.png$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.gif$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.css$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.js$
RewriteRule ^(.+)$ /circkel/ [NC]

3)And if I change the RewriteRule to:
RewriteRule ^([^?]*) /index.php?_route_=$1 [L,QSA]

or if I have a 404.html page:
RewriteRule ^(.+)$ /404.html [NC]

What's the difference between ^(.+)$ and ^([^?]*)
And between [NC] and [L,QSA]?

Thanks!

New member

Posts

Joined
Tue Jul 30, 2013 12:44 am

Post by thomash2 » Tue Jul 30, 2013 1:17 am

When I try to access /catalog/controller/account/account.jpg the server actually shows me that account.php exists. Any way to hide it?

Multiple Choices
The document name you requested (/catalog/controller/account/account.jpg) could not be found on this server. However, we found documents with names similar to the one you requested.

Available documents:

/catalog/controller/account/account.php (common basename)



Is it also secure if I added this for 404?
ErrorDocument 404 /index.php?_route_=$1

New member

Posts

Joined
Tue Jul 30, 2013 12:44 am

Post by thomash2 » Tue Jul 30, 2013 3:39 pm

I found topics about the 300 error multiple choice, which is a problem with 1and1. The solution was to add to the root .htaccess file this line:
CheckSpelling off

And then I added also:
ErrorDocument 404 /index.php?_route_=$1
ErrorDocument 403 /index.php?_route_=$1


Do I need the [NC] or [L,QSA]?

With these lines, most of the errors I encounter from wrong or restricted addresses send me to the opencart file not found page.

In the catalog and image folders, I followed the OP's method, but changed the last line to:
RewriteRule ^([^?]*) /index.php?_route_=$1 [NC]

Any security issues with what I've done?
Thanks

New member

Posts

Joined
Tue Jul 30, 2013 12:44 am

Post by spirit » Wed Oct 02, 2013 7:20 am

I can't understand why the opencart team, don't public an official/full guide about security improvements.
Thanks.

Active Member

Posts

Joined
Sat Oct 02, 2010 7:40 am

Post by labeshops » Wed Oct 02, 2013 9:24 pm

spirit wrote:I can't understand why the opencart team, don't public an official/full guide about security improvements.
Thanks.
That's pretty much what this thread is. There are different server configurations and not hosts allow users to make changes in a shared environment so trying to publish 1 complete guide would be pretty difficult.

Running Opencart v3.0.3.2 with multi-stores from https://www.labeshops.com which has links to all my stores.

Image


User avatar
Expert Member

Posts

Joined
Thu Aug 04, 2011 4:41 am
Location - Florida, USA

Post by spirit » Thu Oct 03, 2013 12:11 am

labeshops wrote:
spirit wrote:I can't understand why the opencart team, don't public an official/full guide about security improvements.
Thanks.
That's pretty much what this thread is. There are different server configurations and not hosts allow users to make changes in a shared environment so trying to publish 1 complete guide would be pretty difficult.
Not exactly mate; there are tons of good practices that you can use on any linux server really.
This topic is just adding an extra confusion to many people.

Why the team not order all useful information? Like a guide.

Unfortunately i'm not part of the team and i'm not an expert on security too, so i can't do something to help people.

Active Member

Posts

Joined
Sat Oct 02, 2010 7:40 am

Post by madimar » Fri Oct 04, 2013 9:27 pm

For the same reason of labeshops, I added [NC] tag after each rewritecond in htaccess. In this way .JPG, etc. are not blocked!

M
labeshops wrote:
al24 wrote:Ok I don't know if this happened to anybody else but when I installed the xml in this post, the .htaccess file blocked me from being able to upload images on file manager. It nearly gave me a heartattack cause I had just installed a million vqmods at once and I didn't know which one was causing the problem. Luckily I found the solution when I simply deleted the .htaccess file in the image folder!
Just edit the image htaccess file adding additional lines to include the extension you are trying to upload in place of the xxxx below, including capitalization of them. By default it would let you upload .jpg for example but your images may be .JPG or .JPEG which it would block.

RewriteCond %{REQUEST_FILENAME} !^(.+)\.xxxx$

-----------------------------------------------------------------------
My last mods: Partita IVA e CF | Pro EU VAT Number | Sales Agents | Pricelist Pro
-----------------------------------------------------------------------


User avatar
Active Member

Posts

Joined
Thu Sep 24, 2009 6:27 pm


Post by evansourav » Wed Jan 22, 2014 10:08 pm

After renaming admin folder all vqmod extensions stops working
what can be done for that?

Newbie

Posts

Joined
Fri Jan 10, 2014 7:02 pm

Post by jekatoxic » Wed Feb 19, 2014 1:30 am

I think about whether its conceivable to simply make a module/add-on that will immediately do all these prescribed movements.If its all the same to its a conceivable module, I paying for it, in the event that its not excessively dear.

<a href="http://www.youtube.com/watch?v=74idgO-4MsM">Kindle Ritual 2014 Mega Bundle </a>


Newbie

Posts

Joined
Wed Feb 19, 2014 1:25 am

Post by Cleo » Wed Feb 26, 2014 9:11 pm

:crazy:
Last edited by Cleo on Thu Mar 27, 2014 12:57 pm, edited 2 times in total.

Opencart v1.5.4.1 fr/en
Theme: Custom
vqmod-2.6.0


User avatar
Active Member

Posts

Joined
Wed Mar 09, 2011 5:19 am

Post by IP_CAM » Sat Apr 26, 2014 4:37 am

mameha wrote:How do I rename the /admin/ directory? I tried simply renaming the directory via FTP, but that did not work.
If you try to rename a directory via some FTP Clients, it will work out only if no Browser is linked with an 'active' page from this sub, so temporarely preventing the sub from beeing renamed. So try it repeated times, until it's 'free' to accept your command. ACTIVE means a page containing certain 'active' elements.

I had such occurences, because of this, I know...
Ernie

Please don't send me OC Forum Personal Messages, just contact: jti@jacob.ch
---
OC 1.5.6.5 LIGHT Test Site: http://www.bigmax.ch/shop/
OC 1.5.6.5 V-PRO Test Site: http://www.openshop.li/shop/
My Github OC Site: https://github.com/IP-CAM
2'600+ FREE OC Extensions on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by Evans » Tue Sep 02, 2014 3:42 am

Hi, I followed this advice from this thread when setting up my store:

The folder: admin
Well it starts with the name, which is wrong, take a pretty cryptic name eg "not4you_min"
Then change the admin\config.php and replace "admin" with "the_new_name"
Contrary to claims in another topics, always use a .htpasswd / .htaccess "admin" (mostly done via your CPanel or Flexpanel)
Its unlikely that a hacker knows how to find your admin with the new name, and if found the .htpasswd stops him at a very high level.
The chances are a lot smaller to get past the .htaccess and if they do they still have to get past the second Admin login.


What I did was password protect my admin folder from cPanel. It worked fine...until today when I made my store live. Then I kept getting a 404 error when going to the admin address. I removed the .htaccess file and could then get to the OC default log in page. I can't work out why it's not working now (but worked fine when in maintenance mode). I would really like the extra layer of protection. Can anyone suggest please what should be in the file?

New member

Posts

Joined
Sat Jun 19, 2010 4:14 am

Post by Evans » Tue Sep 02, 2014 10:09 pm

I found out what to add it's:

ErrorDocument 401 default

at the top of the .htaccess file. Just thought I'd add it in case anyone else has the same problem.

New member

Posts

Joined
Sat Jun 19, 2010 4:14 am
Who is online

Users browsing this forum: No registered users and 3 guests