Prevent post functions in .httacess

Moderators: mandville, PhilD, General Support Moderators

Post Reply
underground1
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Fri Jan 06, 2006 7:50 am
Contact:

Prevent post functions in .httacess

Post by underground1 » Mon Jun 29, 2015 7:23 am

Recently we had a security issues and were forced to write this to .htaccess file so that the post to index.php was bloced for "hacker".

Code: Select all

RewriteCond %{REQUEST_METHOD} POST

# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1  

# allow POST from trusted users
#RewriteCond %{REMOTE_ADDR} !123.456.789.123   

# send all other post requests to 403 forbidden
RewriteRule ^ / [F] 


The above code worked and there was no post to index.php file anymore, but as we found out, we allso couldnt login to/administrator. Is there any way to prevent post funcionts in joomla 2.5 and be able to login to administrator as well?

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 24613
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Prevent post functions in .httacess

Post by Per Yngve Berg » Mon Jun 29, 2015 8:13 am

Create a separate .htaccess in the administrator folder.

underground1
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Fri Jan 06, 2006 7:50 am
Contact:

Re: Prevent post functions in .httacess

Post by underground1 » Mon Jun 29, 2015 10:28 am

Thanks, that worked!

underground1
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Fri Jan 06, 2006 7:50 am
Contact:

Re: Prevent post functions in .httacess

Post by underground1 » Tue Sep 01, 2015 2:01 pm

Hello,

I have a problem beacause solution that i applied (above) was working but now I cant post on this form - link (http://[no tiny url]/1Fg2o8h). Is there anyway that i could use Post function on this URL?


Post Reply

Return to “Access Control List (ACL) in Joomla! 2.5”