Prevent post functions in .httacess

Moderators: mandville, General Support Moderators

4 posts • Page 1 of 1

underground1: Joomla! Apprentice; Posts: 26; Joined: Fri Jan 06, 2006 7:50 am; Contact:
Contact underground1

Website

Prevent post functions in .httacess

Post by underground1 » Mon Jun 29, 2015 7:23 am

Recently we had a security issues and were forced to write this to .htaccess file so that the post to index.php was bloced for "hacker".

Code: Select all

RewriteCond %{REQUEST_METHOD} POST

# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1  

# allow POST from trusted users
#RewriteCond %{REMOTE_ADDR} !123.456.789.123   

# send all other post requests to 403 forbidden
RewriteRule ^ / [F]

The above code worked and there was no post to index.php file anymore, but as we found out, we allso couldnt login to/administrator. Is there any way to prevent post funcionts in joomla 2.5 and be able to login to administrator as well?

Per Yngve Berg: Joomla! Master; Posts: 30899; Joined: Mon Oct 27, 2008 9:27 pm; Location: Romerike, Norway

Re: Prevent post functions in .httacess

Post by Per Yngve Berg » Mon Jun 29, 2015 8:13 am

Create a separate .htaccess in the administrator folder.

underground1: Joomla! Apprentice; Posts: 26; Joined: Fri Jan 06, 2006 7:50 am; Contact:
Contact underground1

Website

Re: Prevent post functions in .httacess

Post by underground1 » Mon Jun 29, 2015 10:28 am

Thanks, that worked!

underground1: Joomla! Apprentice; Posts: 26; Joined: Fri Jan 06, 2006 7:50 am; Contact:
Contact underground1

Website

Re: Prevent post functions in .httacess

Post by underground1 » Tue Sep 01, 2015 2:01 pm

Hello,

I have a problem beacause solution that i applied (above) was working but now I cant post on this form - link (http://[no tiny url]/1Fg2o8h). Is there anyway that i could use Post function on this URL?

Locked

4 posts • Page 1 of 1

Return to “Access Control List (ACL) in Joomla! 2.5”