Protect 2 files?

Discussion in 'ISPConfig 3 Priority Support' started by ledoktre, May 6, 2014.

  1. ledoktre

    ledoktre Member HowtoForge Supporter

    Hey,

    I was importing one server that I had just for wordpress into my little ISPConfig cluster, and part of what we had always done for customers was to protect wp-login.php and xmlrpc.php in lieu of just the wp-admin folder as that has been reported to break some public functionality.

    So below is the block I was previously using to protect those files, how does a person achieve this in ISPC?

    location ~* /(wp-login.php|xmlrpc.php) {
    auth_basic "Restricted";
    auth_basic_user_file /path/to/some/.htpasswd;
    include /etc/nginx/config/php-core.config;
    }

    The include listed there just includes some core config to be able to process PHP scripts. I had tried this before with the protected folder option, but it does not seem to allow regex or anything. It seemed a little bit cumbersome to try and setup two protected paths individually and try to match up the right protection.

    Looking for your best options.

    Thanks,

    Doc
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You can add your custom nginx directives in the nginx directives field of the website in ispconfig.
     
  3. ledoktre

    ledoktre Member HowtoForge Supporter

    Till,

    I did see that. I was just trying to keep the manual interaction to a minimum. I dont even mind creating a code snippet -- but I am unsure how you would create the php block, the right paths, etc.

    Is there any documentation anywhere on the variables we can use in the snippets?

    Thanks,
     
  4. ledoktre

    ledoktre Member HowtoForge Supporter

    I did try using snippets, tried using this code :

    location ~* /(wp-login.php|xmlrpc.php) { ##merge##
    auth_basic "Members Only";
    auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;

    location ~ \.php$ {
    try_files <tmpl_var name='rnd_php_dummy_file'> @php;
    }
    }

    The snippets evidently don't process <tmpl_var name='htpasswd_path'> or <tmpl_var name='rnd_php_dummy_file'> ...?

    I thought if I used the above, then the user would only have to create a user.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    These are server side variables. You can not use these variables in snippets in the interface.
     
  6. ledoktre

    ledoktre Member HowtoForge Supporter

    So I thought i had it wrapped out. A snippet that creates everything needed.

    Protects the two files referenced, the same random html file for the php snippet but probably not a huge deal. Where I got stuck now is that going in to use the protected users feature, you have to first assign it to a folder. That be the problem -- there is no folder defined as I was doing it through a snippet.

    Thoughts?
     
  7. ledoktre

    ledoktre Member HowtoForge Supporter

    Ive got a snippet sort of worked out. It puts in some custom stuff for Wordpress, rewrites, protect wp-login.php and xmlrpc.php, etc. But another problem surfaced.

    In order to protect a php file, apparently the code block must be executed earlier in the code (above the location ~ \.php$ block).

    With just using the ISPConfig, it puts it at the bottom and does not work. When I move it manually above, it works fine. So how do we do this with ISPConfig? I imagine the next time the config is synced or they make a change my changes will be overwritten.

    Please advise...
     
  8. ledoktre

    ledoktre Member HowtoForge Supporter

    Any ideas guys?
     
  9. falko

    falko Super Moderator ISPConfig Developer

    You could try this:

    Code:
    location ~ \.php$ { ##merge##
      location ~* /(wp-login.php|xmlrpc.php) {
        auth_basic "Restricted";
        auth_basic_user_file /path/to/some/.htpasswd;
        include /etc/nginx/config/php-core.config;
      }
    }
     
  10. ledoktre

    ledoktre Member HowtoForge Supporter

    Thanks, that got me going down the right path.
     

Share This Page