Page 1 of 1

Prevent post functions in .httacess

Posted: Mon Jun 29, 2015 7:23 am
by underground1
Recently we had a security issues and were forced to write this to .htaccess file so that the post to index.php was bloced for "hacker".

Code: Select all

RewriteCond %{REQUEST_METHOD} POST

# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1  

# allow POST from trusted users
#RewriteCond %{REMOTE_ADDR} !123.456.789.123   

# send all other post requests to 403 forbidden
RewriteRule ^ / [F] 


The above code worked and there was no post to index.php file anymore, but as we found out, we allso couldnt login to/administrator. Is there any way to prevent post funcionts in joomla 2.5 and be able to login to administrator as well?

Re: Prevent post functions in .httacess

Posted: Mon Jun 29, 2015 8:13 am
by Per Yngve Berg
Create a separate .htaccess in the administrator folder.

Re: Prevent post functions in .httacess

Posted: Mon Jun 29, 2015 10:28 am
by underground1
Thanks, that worked!

Re: Prevent post functions in .httacess

Posted: Tue Sep 01, 2015 2:01 pm
by underground1
Hello,

I have a problem beacause solution that i applied (above) was working but now I cant post on this form - link (http://[no tiny url]/1Fg2o8h). Is there anyway that i could use Post function on this URL?