Secure admin [MOD]

[carefree2]

I was thinking the best way to secure your admin panel. It was really simple in the end.

Ill update this later to include an array of ips and wildcard ips

Add to top of main.php

Code:

$ip = $_SERVER['REMOTE_ADDR']; //get ip
$allow_ip = "165.45.54.765"; //your allowed ip - 165.45.54.765 is a fake ip for testing

if ($allow_ip != $ip){
//boot them off to the index page
redirect( $config['baseurl'] );
}

[bigoboy]

I was thinking the best way to secure your admin panel. It was really simple in the end.

Ill update this later to include an array of ips and wildcard ips

Add to top of main.php

Code:

$ip = $_SERVER['REMOTE_ADDR']; //get ip
$allow_ip = "165.45.54.765"; //your allowed ip - 165.45.54.765 is a fake ip for testing

if ($allow_ip != $ip){
//boot them off to the index page
redirect( $config['baseurl'] );
}

You still have to manually put in the IP

[carefree2]

Its worth it BIGboy

[bigoboy]

ill stick with the code i posted way back that uses .htacess

But all in all this will work as well. people will still complain you have to change the IP around

[carefree2]

hackers can still read htaccess on a shared host, youll need to hard code it into the page itself for maximum protection.

Last time i checked you have to still manually edit htaccess, wasnt that your point.

Anyway to all the normal ppl here this is the way to do it

[bigoboy]

hackers can still read htaccess on a shared host, youll need to hard code it into the page itself for maximum protection.

Last time i checked you have to still manually edit htaccess, wasnt that your point.

Anyway to all the normal ppl here this is the way to do it

i think you are little bit confused oh which method is more secure my friend.

If you honestly think putting that code into a .php file is more secure than the code used in the htaccess file then your are absolutely wrong my friend.

So normal people ..................

[bplex]

To be honest, neither one is going to be better than the other from a security standpoint. From a server load standpoint, it is actually more work for the server if you do this using php than using htaccess.

Personally, I would do it using htaccess, mainly because I can tie it into my firewall. This way, I can block, ban, and restrict people from the firewall level, which is ultimately the best way to prevent people from doing things.