How do I rename the /admin/ directory?
I tried simply renaming the directory via FTP, but that did not work. Presumably I need to amend the htaccess to rewrite my custom directory name to /admin/. I think this should be explained in the online manual:
http://docs.opencart.com/display/openca ... +practices
OK I found the answer by chance in the comments of another post.
To change the /admin/ dir you have to change the directory name by FTP and then also update the /admin/config.php to use the new directory name. This info should be put in the documentation.
To change the /admin/ dir you have to change the directory name by FTP and then also update the /admin/config.php to use the new directory name. This info should be put in the documentation.
Whats the difference between using for the catalog and images directory the recommended .htaccess from the
1)Opencart documentation:
<FilesMatch "\.(php|tpl|txt)$">
Order Deny,Allow
Deny from all
</FilesMatch>
2)What the OP recommends:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpeg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.png$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.gif$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.css$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.js$
RewriteRule ^(.+)$ /circkel/ [NC]
3)And if I change the RewriteRule to:
RewriteRule ^([^?]*) /index.php?_route_=$1 [L,QSA]
or if I have a 404.html page:
RewriteRule ^(.+)$ /404.html [NC]
What's the difference between ^(.+)$ and ^([^?]*)
And between [NC] and [L,QSA]?
Thanks!
1)Opencart documentation:
<FilesMatch "\.(php|tpl|txt)$">
Order Deny,Allow
Deny from all
</FilesMatch>
2)What the OP recommends:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpeg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.png$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.gif$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.css$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.js$
RewriteRule ^(.+)$ /circkel/ [NC]
3)And if I change the RewriteRule to:
RewriteRule ^([^?]*) /index.php?_route_=$1 [L,QSA]
or if I have a 404.html page:
RewriteRule ^(.+)$ /404.html [NC]
What's the difference between ^(.+)$ and ^([^?]*)
And between [NC] and [L,QSA]?
Thanks!
When I try to access /catalog/controller/account/account.jpg the server actually shows me that account.php exists. Any way to hide it?
Multiple Choices
The document name you requested (/catalog/controller/account/account.jpg) could not be found on this server. However, we found documents with names similar to the one you requested.
Available documents:
/catalog/controller/account/account.php (common basename)
Is it also secure if I added this for 404?
ErrorDocument 404 /index.php?_route_=$1
Multiple Choices
The document name you requested (/catalog/controller/account/account.jpg) could not be found on this server. However, we found documents with names similar to the one you requested.
Available documents:
/catalog/controller/account/account.php (common basename)
Is it also secure if I added this for 404?
ErrorDocument 404 /index.php?_route_=$1
I found topics about the 300 error multiple choice, which is a problem with 1and1. The solution was to add to the root .htaccess file this line:
CheckSpelling off
And then I added also:
ErrorDocument 404 /index.php?_route_=$1
ErrorDocument 403 /index.php?_route_=$1
Do I need the [NC] or [L,QSA]?
With these lines, most of the errors I encounter from wrong or restricted addresses send me to the opencart file not found page.
In the catalog and image folders, I followed the OP's method, but changed the last line to:
RewriteRule ^([^?]*) /index.php?_route_=$1 [NC]
Any security issues with what I've done?
Thanks
CheckSpelling off
And then I added also:
ErrorDocument 404 /index.php?_route_=$1
ErrorDocument 403 /index.php?_route_=$1
Do I need the [NC] or [L,QSA]?
With these lines, most of the errors I encounter from wrong or restricted addresses send me to the opencart file not found page.
In the catalog and image folders, I followed the OP's method, but changed the last line to:
RewriteRule ^([^?]*) /index.php?_route_=$1 [NC]
Any security issues with what I've done?
Thanks
That's pretty much what this thread is. There are different server configurations and not hosts allow users to make changes in a shared environment so trying to publish 1 complete guide would be pretty difficult.spirit wrote:I can't understand why the opencart team, don't public an official/full guide about security improvements.
Thanks.
Running Opencart v3.0.3.9 with multi-stores and the default template from https://www.labeshops.com which has links to all my stores.
Not exactly mate; there are tons of good practices that you can use on any linux server really.labeshops wrote:That's pretty much what this thread is. There are different server configurations and not hosts allow users to make changes in a shared environment so trying to publish 1 complete guide would be pretty difficult.spirit wrote:I can't understand why the opencart team, don't public an official/full guide about security improvements.
Thanks.
This topic is just adding an extra confusion to many people.
Why the team not order all useful information? Like a guide.
Unfortunately i'm not part of the team and i'm not an expert on security too, so i can't do something to help people.
For the same reason of labeshops, I added [NC] tag after each rewritecond in htaccess. In this way .JPG, etc. are not blocked!
M
M
labeshops wrote:Just edit the image htaccess file adding additional lines to include the extension you are trying to upload in place of the xxxx below, including capitalization of them. By default it would let you upload .jpg for example but your images may be .JPG or .JPEG which it would block.al24 wrote:Ok I don't know if this happened to anybody else but when I installed the xml in this post, the .htaccess file blocked me from being able to upload images on file manager. It nearly gave me a heartattack cause I had just installed a million vqmods at once and I didn't know which one was causing the problem. Luckily I found the solution when I simply deleted the .htaccess file in the image folder!
RewriteCond %{REQUEST_FILENAME} !^(.+)\.xxxx$
-----------------------------------------------------------------------
My last mods: Partita IVA e CF | Pro EU VAT Number | Sales Agents | Pricelist Pro
-----------------------------------------------------------------------
I think about whether its conceivable to simply make a module/add-on that will immediately do all these prescribed movements.If its all the same to its a conceivable module, I paying for it, in the event that its not excessively dear.
<a href="http://www.youtube.com/watch?v=74idgO-4MsM">Kindle Ritual 2014 Mega Bundle </a>
If you try to rename a directory via some FTP Clients, it will work out only if no Browser is linked with an 'active' page from this sub, so temporarely preventing the sub from beeing renamed. So try it repeated times, until it's 'free' to accept your command. ACTIVE means a page containing certain 'active' elements.mameha wrote:How do I rename the /admin/ directory? I tried simply renaming the directory via FTP, but that did not work.
I had such occurences, because of this, I know...
Ernie
My Github OC Site: https://github.com/IP-CAM
5'600 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Hi, I followed this advice from this thread when setting up my store:
The folder: admin
Well it starts with the name, which is wrong, take a pretty cryptic name eg "not4you_min"
Then change the admin\config.php and replace "admin" with "the_new_name"
Contrary to claims in another topics, always use a .htpasswd / .htaccess "admin" (mostly done via your CPanel or Flexpanel)
Its unlikely that a hacker knows how to find your admin with the new name, and if found the .htpasswd stops him at a very high level.
The chances are a lot smaller to get past the .htaccess and if they do they still have to get past the second Admin login.
What I did was password protect my admin folder from cPanel. It worked fine...until today when I made my store live. Then I kept getting a 404 error when going to the admin address. I removed the .htaccess file and could then get to the OC default log in page. I can't work out why it's not working now (but worked fine when in maintenance mode). I would really like the extra layer of protection. Can anyone suggest please what should be in the file?
The folder: admin
Well it starts with the name, which is wrong, take a pretty cryptic name eg "not4you_min"
Then change the admin\config.php and replace "admin" with "the_new_name"
Contrary to claims in another topics, always use a .htpasswd / .htaccess "admin" (mostly done via your CPanel or Flexpanel)
Its unlikely that a hacker knows how to find your admin with the new name, and if found the .htpasswd stops him at a very high level.
The chances are a lot smaller to get past the .htaccess and if they do they still have to get past the second Admin login.
What I did was password protect my admin folder from cPanel. It worked fine...until today when I made my store live. Then I kept getting a 404 error when going to the admin address. I removed the .htaccess file and could then get to the OC default log in page. I can't work out why it's not working now (but worked fine when in maintenance mode). I would really like the extra layer of protection. Can anyone suggest please what should be in the file?
Who is online
Users browsing this forum: No registered users and 13 guests
