How best to secure admin directory?

Morning guys!

Can anyone help with best practice to secure an /portal/admin
directory? A link to documentation will do just fine.

Our website has and /admin directory which don’t want to be accessible
via www.domain.com/portal/admin. Instead, we want hackoff.domain.com
to point to /portal/admin directory. If we could add authentication to
hackoff.domain.com would be great too.

The point is some files on www.domain.com/* include (php include)
files on /portal/admin, so this has to work internally.

I searched the wiki and this website Nginx Secure SSL Web Server @ Calomel.org
(which is great too) but I couldn’t figure out a way to do this.

Any ideas are very welcomed.

Cheers!

On 09/04/2010 03:47, Leonardo C. wrote:

Morning guys!

Can anyone help with best practice to secure an /portal/admin
directory? A link to documentation will do just fine.

Our website has and /admin directory which don’t want to be accessible
via www.domain.com/portal/admin. Instead, we want hackoff.domain.com
to point to /portal/admin directory. If we could add authentication to
hackoff.domain.com would be great too.

I’m not sure it’s a “great security”. There is a lot of spywares in
browsers (the Google Toolbar for example) which will inform about the
used address.

The point is some files on www.domain.com/* include (php include)
files on /portal/admin, so this has to work internally.

Outch. I hope your “php includes” doesn’t use HTTP to load files…

I’m not sure it’s a “great security”. There is a lot of spywares in browsers
(the Google Toolbar for example) which will inform about the used address.

That’s true… would you recommend just having authentication on that
location instead?

Outch. I hope your “php includes” doesn’t use HTTP to load files…

It doesn’t, they’re all include(); directives.

Cheers Oliver!

Leo