[Radiant] Securing the Admin page
Aitor Garay-Romero
me at aitor.name
Fri Dec 21 03:56:48 CST 2007
For hidding the /admin "route" in the webserver you have to make the web
server rewrite the incoming URL:
- for Apache, you use the mod_rewrite module:
http://www.google.com/search?q=apache+mod_rewrite
- for lighttpd, you use also it's own mod_rewrite module:
http://trac.lighttpd.net/trac/wiki/Docs%3AModRewrite
- for others, you read the docs
The idea is to do two rewrites (from "external" URLs to "internal" URLs):
- from "/admin" to "/this-does-not-exist"
- from "/my-new-admin" to "/admin"
And you are done! (tm)
/AITOR
On Dec 21, 2007 3:05 AM, Richard Hurt <rnhurt at gmail.com> wrote:
> Ok, but what about changing the /admin route to something else? Like I
> said, it's not much but it might keep the script kiddies away.
>
> Thanx!
> Richard
>
> On Dec 19, 2007 11:08 PM, Sean Cribbs <seancribbs at gmail.com> wrote:
>
> > Richard,
> >
> > I would use your webserver's capabilities to restrict requests to that
> > path to be over SSL. I believe this is fairly easy to do with Apache,
> > and I have a vague idea of how to do it with nginx. Unfortunately, I
> > don't do it that often and so I can't provide you any snippets.
> >
> > Sean
> >
> > Richard Hurt wrote:
> > > Now that I have my Radiant powered site up and running (thank you very
> > > much!) I am getting a bit anxious about the /admin page being exposed
> to
> > the
> > > world. Not that I'm a big target or anything, but I really don't want
> > to
> > > have to depend on my password skills to make sure my site stays the
> way
> > it
> > > is. What I would like to do is two fold.
> > >
> > > First I want to for the /admin page to be SSL only. What's the best
> way
> > to
> > > go about this? I am going to have a self signed certificate for now
> as
> > it's
> > > only me doing the editing, but I would like to keep the editing
> sessions
> > > private. At the very least I have to secure the initial logon page,
> > even if
> > > I don't secure the entire /admin/... route.
> > >
> > > Second I would like to change the admin route from /admin to something
> > else,
> > > maybe /edit, or /blahblah. What's the best|easiest way to do this? I
> > know
> > > security by obscurity is no security at all, but I would like to at
> > least
> > > give the script kiddies something to chew on. :)
> > >
> > > Thanx!
> > > Richard
> > >
> > > P.S. I apologize if this is in the Wiki - I searched but couldn't find
> > > anything on it. I'll update the Wiki if I get it working. How's
> that?
> > :)
> > > _______________________________________________
> > > Radiant mailing list
> > > Post: Radiant at lists.radiantcms.org
> > > Search: http://radiantcms.org/mailing-list/search/
> > > Site: http://lists.radiantcms.org/mailman/listinfo/radiant
> > >
> > >
> >
> > _______________________________________________
> > Radiant mailing list
> > Post: Radiant at lists.radiantcms.org
> > Search: http://radiantcms.org/mailing-list/search/
> > Site: http://lists.radiantcms.org/mailman/listinfo/radiant
> >
> _______________________________________________
> Radiant mailing list
> Post: Radiant at lists.radiantcms.org
> Search: http://radiantcms.org/mailing-list/search/
> Site: http://lists.radiantcms.org/mailman/listinfo/radiant
>
More information about the Radiant
mailing list