Security settings on install .htaccess

Post Reply

9 posts Page 1 of 1

Security settings on install .htaccess

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Post by slapbang » Fri Jan 23, 2015 3:45 pm

Hi,

I have installed version 2 of OpenCart. The documentation states:

.Htaccess

The .htaccess will work to protect these files and the subfolders of System from being accessed by anyone except the designated administrator. To do so, insert the code below into your .htaccess:

<Files *.*>
Order Deny,Allow
Deny from all
Allow from "your ip address"
</Files>

Which .htaccess file are they talking about?

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Re: Security settings on install .htaccess

yuno

Active Member

Posts

113

Joined

Tue Feb 11, 2014 9:24 am

Post by yuno » Fri Jan 23, 2015 6:00 pm

after you unzip the opencart file there are .htaccess.txt file

OpenCart®
PHP Developer.
更多中文教學在 OpenCart香港官方網站 !
QQ: 2039574815

yuno

Active Member

Posts

113

Joined

Tue Feb 11, 2014 9:24 am

Re: Security settings on install .htaccess

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Post by slapbang » Sat Jan 24, 2015 7:06 am

Hi There,
Thank you for your reply.
I opened .htaccess.txt but it already has this in it:

# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Order deny,allow
Deny from all
</FilesMatch>

So should it have both that and this?

<Files *.*>
Order Deny,Allow
Deny from all
Allow from "your ip address"
</Files>

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Re: Security settings on install .htaccess

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Post by slapbang » Sat Jan 24, 2015 7:10 am

HI there,

In regard to my last comment, I also meant to say that I put this in a .htaccess file in my admin directory, but it wouldn't let me access the admin site:

#IP authentication
order allow,deny
deny from all
allow from xxx.xxx.xxx (my ip address only).

So I had to remove this.

Yet my host provider support person was able to access it from their own IP address.

Any idea why this happened?

Thanks in advance.

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Re: Security settings on install .htaccess

fido-x

Expert Member

Posts

2644

Joined

Sat Jun 28, 2008 1:09 am

Location

Tasmania, Australia

Post by fido-x » Sat Jan 24, 2015 8:51 am

I'm guessing here, but you probably used your website's IP address in the .htaccess file. Your host support person is accessing from the same IP address because the hosting service is likely to be operating from the same IP address (you can have multiple domains/sub-domains using the same IP address).

When you connect to the Internet, your Internet Service Provider (ISP) allocates an IP address to your connection. This is the IP address you should you add to your .htaccess file. However, this is usually a "dynamic" address, meaning that you could be given a different IP address each time to you connect.

You should contact your ISP and apply for a "static" IP address. This way, you will get the same IP address every time you connect to the Internet. You should then use this IP address in your .htaccess file.

Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool

If you're not living on the edge ... you're taking up too much space!

fido-x

Expert Member

Posts

2644

Joined

Sat Jun 28, 2008 1:09 am

Location - Tasmania, Australia

Re: Security settings on install .htaccess

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Post by slapbang » Sat Jan 24, 2015 10:38 am

HI Fido,

Thanks for your reply. I checked and I don't have a static IP address. But I am wondering why I need one anyway. Is this just to protect my admin login to OpenCart? If it is, if I put it in the admin directory only, then that makes sense. My admin site is password protected by my password and also by .htpasswd, so do I need a static IP as well for even more protection on my admin directory?

I opened opencart/.htaccess but it already has this in it:

# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Order deny,allow
Deny from all
</FilesMatch>

So should it have both that and this?

<Files *.*>
Order Deny,Allow
Deny from all
Allow from "your ip address"
</Files>

What is the difference.

Thanks in advance.

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Re: Security settings on install .htaccess

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Post by slapbang » Sat Jan 24, 2015 10:39 am

And I meant to say, if you put your IP address in the opencart/.htaccess as the only IP that can access it, isn't this going to stop others from going to your opencart store?

slapbang

Newbie

Posts

Joined

Fri Jan 23, 2015 3:40 pm

Re: Security settings on install .htaccess

fido-x

Expert Member

Posts

2644

Joined

Sat Jun 28, 2008 1:09 am

Location

Tasmania, Australia

Post by fido-x » Sat Jan 24, 2015 11:03 pm

slapbang wrote: And I meant to say, if you put your IP address in the opencart/.htaccess as the only IP that can access it, isn't this going to stop others from going to your opencart store?

Yes, but you didn't state that the .htaccess file was in your store's directory. What you said was:

slapbang wrote: ... I put this in a .htaccess file in my admin directory, but it wouldn't let me access the admin site:

#IP authentication
order allow,deny
deny from all
allow from xxx.xxx.xxx (my ip address only).

Since the .htaccess file was in your admin directory, it should restrict access to the admin (only) to that IP address. If you wish to do this, you will need a static IP address to ensure that you have access to the admin. However,

slapbang wrote: My admin site is password protected by my password and also by .htpasswd, so do I need a static IP as well for even more protection on my admin directory?

With a .htpasswd in place, I shouldn't think it would be necessary to get a static IP address.