Forums / Setup & design / How to disable the "admin" siteaccess
william blanc dit jolicoeur
Wednesday 14 May 2008 6:02:17 am
Hi ,
I wonder how to disable admin siteaccess.
On my project, I created a special backoffice siteaccess that uses the admin design.In the settings/override/site.ini.append.php , at the section [SiteSettings] I defined the SiteList[] with the front and back siteaccess I need.
But the siteaccess "admin" is still reachable. Is there anyway to prevent this ?
Thanks a lot
William
Maxime Thomas
Wednesday 14 May 2008 11:16:20 pm
You can put an IP restriction on the Apache configuration for this URL. It means than only people with the right IP will access the login form and the others will be redirected (or Apache will show an error page).Else, your website admin login will always be available.
Maxime Thomas maxime.thomas@wascou.org | www.wascou.org | http://twitter.com/wascou Company Blog : http://www.wascou.org/eng/Company/Blog Technical Blog : http://share.ez.no/blogs/maxime-thomas
Piotrek KaraĆ
Wednesday 14 May 2008 11:25:06 pm
William,
It will be good to keep the database connection details in the siteaccess-dedicated site.ini files and not in the global override. This way, the admin siteaccess which you don't use will not be able to connect and become useless.
Good luck,Piotrek
-- Company: mediaSELF Sp. z o.o., http://www.mediaself.pl eZ references: http://ez.no/partners/worldwide_partners/mediaself eZ certified developer: http://ez.no/certification/verify/272585 eZ blog: http://ez.ryba.eu
Thursday 15 May 2008 1:47:31 am
Thanks for your advices!
Shall I understand that the "admin" siteaccess is part of the ez Kernel and can't be "hidden" from people without any apache rules ?
Thursday 15 May 2008 2:06:16 am
Sorry, I just realized that the admin siteaccess was loaded because it was in the AvailableSiteAccessList[] in the original site.ini.
I thought it was overrided by the site.ini.append.php in settings/override but there was no initial AvailableSiteAccessList[] in order to empty that array.