This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 3

List of public files due to htaccess restrictions

Started 11 years ago by herbertwalcher | 5 posts |


  1. herbertwalcher
    Member

    Hello everybody!

    I would need your help as I'm currently securing the MachForm administration interface against external access. I'm modifying the .htaccess to forbid all access except the ones from certain IP ranges. So far so good, everything works well. But since the MachForm administration interface is reachable via it's root doamin, I have to forbid the access to that, making it nescessary to specificaly allow public access for all non-admin content.

    Could you help me identify all resources, I have to allow public access to so MachForm works correctly?

    So far I included:

    all JS Files
    all CSS Files
    all image files
    view.php
    embed.php
    captcha.php

    Are there any other files I need to include to make the application work properly?

    I would really appreciate your help! Thanks in advance!
    Best regards!

    Posted 11 years ago #

  2. yuniar

    I think you forgot these:

    - confirm.php
    - confirm_embed.php
    - download.php
    - upload.php
    - paypal_ipn.php
    - signature.php

    MachForm Founder

    Posted 11 years ago #

  3. herbertwalcher
    Member

    Thank you very much! I included these files now.

    Best regards!

    Posted 11 years ago #

  4. TFteam
    Member

    If you dont mind, can you please share the .htaccess file as well? i am trying to achieve the same thing. Thanks.

    Posted 11 years ago #

  5. herbertwalcher
    Member

    Here is the content of my htaccess file. It restricts access for all IP addresses except 192.168.1.* (of course I use real IPs for my productive environment) but allows the calls of the defined files. Hope it helps.

    If there are still files missing, please let me know.

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://your-url.com/$1 [R]

    RewriteCond %{REMOTE_ADDR} !^192\.168\.1
    RewriteCond %{REQUEST_URI} !(.*)(view\.php)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(embed\.php)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(captcha\.php)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(confirm\.php)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(confirm_embed\.php)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(download\.php)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(upload\.php)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(paypal_ipn\.php)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(signature\.php)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(\.css)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(\.js)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(\.png)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(\.gif)(.*)
    RewriteCond %{REQUEST_URI} !(.*)(\.jpg)(.*)
    RewriteRule ^.*$ / [R=403,L]

    Posted 11 years ago #

RSS feed for this topic

Reply