Website access restriction

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
DVD2011
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sun Jun 05, 2011 9:31 pm

Website access restriction

Post by DVD2011 » Mon Feb 02, 2015 10:18 pm

We have an intranet running on Joomla 2.5. Right now all internal users can access the website fine.
My concern is if a user enter the web server ip address into the browser, he or she see the XAMPP page and then also able to access the MyPHPAdmin tool too.
I followed the suggested security link to change the password for MySQLAdmin. But after that, users are not able to access the intranet website anymore. When opening the intranet website, they received message saying unable to connect to MySQL.

I was able to revert the change back to the way it was before.

So how do I:
1. restrict access to the XAMMP page and MyPHPAdmin tool
2. restrict access to the intranet website

Thank you.

DD

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4026
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Website access restriction

Post by itoctopus » Mon Feb 02, 2015 10:23 pm

You can always protect access to your website through .htaccess and an .htpasswd file. There are many tutorials explaining how to do that.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11119
Joined: Thu Feb 15, 2007 5:48 am
Location: Oxford, UK

Re: Website access restriction

Post by toivo » Mon Feb 02, 2015 11:01 pm

So how do I:
1. restrict access to the XAMMP page and MyPHPAdmin tool
2. restrict access to the intranet website
If you want to fully utilise the configuration capabilities of Apache, you can configure several virtual hosts, each for a different site, to keep those sites separate. When someone browses to the server using its IP address, the first site in the list of virtual hosts in httpd.conf (or one of the .conf files included in httpd.conf) responds to the request. If your intranet is the first virtual host in that list, it is the default site and your users will see its landing page and no links to phpMyAdmin or other utilities.
Toivo Talikka, Global Moderator
troubleshooting smtp and other articles http://talikka.com/joomla


Locked

Return to “Security in Joomla! 2.5”