Secure sql and admin login ? Use (.htaccess)

  • Dear all,

    Ik like to secure the admin login and sql login
    I did try to secure the gui with .htaccess

    Where must i put this file at the server ?
    So gui has extra password also the pma and other gui

    Who can help ? :huh:

  • Put the file .htpasswd under

    1. /var/www/imscp/gui

    and the .htaccess under

    1. /var/www/imscp/gui/public

    Content of the .htaccess shows like this

    1. AuthType Basic
    2. AuthName "i-MSCP - Restricted Area"
    3. AuthUserFile /var/www/imscp/gui/.htpasswd
    4. require valid-user

  • This will not be possible 'AS THIS' with Git Master and coming release because I've disabed .htaccess in vhost file for master.



    Edited once, last by Nuxwin ().

  • Ok. I did not look at the latest Commits. Since some Commits before this works, because i did use it on one server.

    I can re-enable it if you want. Was to prevent any possible .htaccess injection since i-MSCP itself doesn't need that feature.


    Edited once, last by Nuxwin ().

  • Maybe a option in the admin section to enable it. But default is disabled. Only an idea!

    Service templates editor feature will be part of 1.2.0 (or 2.0.0). I cannot add such feature now. I'll simply re-enable it as long the feature is not ready. ;)


  • badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • i don't understand why someone will secure login page.

    In this case i like to protect Access to Sql (pma)
    Why ? If you have a lot of databases and for some reason passwords have been compromised or other reason
    a "Master pasword" to protect the Sql (pma) is a option. (.htaccess)
    Firewall with IP tables not because others need access to.
    Thats why. :-) Will test this today. Or what other options would i have in such a case :-) Am open for all concepts :-)

    In my case i administrator a I-mscp box. My customer did had a programmer who left the company. And yes he has all the
    passwords of sql databases. So how to prevent this person to get access with out changing all databases password.

    Then a master login protection is needed. IP tables is not a option.

    Edited once, last by ictdude ().