Secure sql and admin login ? Use (.htaccess)

  • Dear all,


    Ik like to secure the admin login and sql login
    I did try to secure the gui with .htaccess


    Where must i put this file at the server ?
    So gui has extra password also the pma and other gui


    Who can help ? :huh:

  • Put the file .htpasswd under

    Code
    1. /var/www/imscp/gui


    and the .htaccess under

    Code
    1. /var/www/imscp/gui/public


    Content of the .htaccess shows like this

    Code
    1. AuthType Basic
    2. AuthName "i-MSCP - Restricted Area"
    3. AuthUserFile /var/www/imscp/gui/.htpasswd
    4. require valid-user

  • This will not be possible 'AS THIS' with Git Master and coming release because I've disabed .htaccess in vhost file for master.


    Ref: https://github.com/i-MSCP/imsc…apache/00_master.conf#L24

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().


  • Ok. I did not look at the latest Commits. Since some Commits before this works, because i did use it on one server.


    I can re-enable it if you want. Was to prevent any possible .htaccess injection since i-MSCP itself doesn't need that feature.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().


  • Maybe a option in the admin section to enable it. But default is disabled. Only an idea!


    Service templates editor feature will be part of 1.2.0 (or 2.0.0). I cannot add such feature now. I'll simply re-enable it as long the feature is not ready. ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206


  • i don't understand why someone will secure login page.


    In this case i like to protect Access to Sql (pma)
    Why ? If you have a lot of databases and for some reason passwords have been compromised or other reason
    a "Master pasword" to protect the Sql (pma) is a option. (.htaccess)
    Firewall with IP tables not because others need access to.
    Thats why. :-) Will test this today. Or what other options would i have in such a case :-) Am open for all concepts :-)


    In my case i administrator a I-mscp box. My customer did had a programmer who left the company. And yes he has all the
    passwords of sql databases. So how to prevent this person to get access with out changing all databases password.


    Then a master login protection is needed. IP tables is not a option.

    Edited once, last by ictdude ().