0

I have a folder which contains an admin panel - no password or session management is on the script. The URL is complex to get too. To save time before making an admin login system. Can I restrict a folder and all sub folders and files via .htaccess or should I make a PHP include which checks an Array list of IPs and then just does die() or redirect Header() to external source?

Thanks

TheBlackBenzKid
  • 26,324
  • 41
  • 139
  • 209
  • 2
    I suppose you could do either if it were a page you really weren't that concerned about. If it's an actual critical page put forward the effort to build in some real security. Complex URL's are NOT security. – Rick Calder Oct 20 '12 at 12:27
  • Pretty bad idea but array would be more convenient. – itachi Oct 20 '12 at 12:28
  • http://stackoverflow.com/questions/5042399/htaccess-access-to-file-by-ip-range You should find a solution here. – Dovydas Navickas Oct 20 '12 at 12:28
  • it may create problem when you are out of your personal computer – StaticVariable Oct 20 '12 at 12:30
  • possible duplicate http://stackoverflow.com/questions/5589638/is-it-possible-to-limit-access-to-website-to-specific-computer – NullPoiиteя Oct 20 '12 at 12:31
  • +1 to @RickCalder. A basic password and session system is trivial to implement, and should be considered a bare minimum for this kind of thing. If you're writing something complex enough to need an admin panel, then you're already doing more work than that, so I don't get why you wouldn't implement it. – Spudley Oct 20 '12 at 12:42

1 Answers1

4

Using .htaccess sure will be easier since you don't have to write a wrapper around any non-php file that might exists in your directories.

You will first Deny from all and then use Allow from ip.ip.ip.ip to allow a certain ip to get access, repeat step #2 as many times as neccessary.

Order deny, allow
Deny from all

Allow from 127.0.0.1
Allow from 192.168.1.13

Using PHP you could check whether $_SERVER['REMOTE_ADDR'] is in your array of valid ips, if so grant the user access... otherwise; HALT!

if (in_array ($_SERVER['REMOTE_ADDR'], array ('127.0.0.1', '192.168.1.13')) == false) {
  die ('restricted access');
}

post written and edited using my blackberry, sorry for any minor errors (including formatting)

Filip Roséen - refp
  • 62,493
  • 20
  • 150
  • 196