Support

I have few Joomla installs (as demos) and others live support, flash gallery and other apps in folders out of my main site (with AdminPro) how should I protect those?

Thanks for your time Nick.
Really appreciated
My main site (in this case) is in a subfolder other joomla/non-joomla are in the public_html at the same level of the main site.

— What I probably do...
1- Cleanup all non use apps/site or whatever other unused stuff
2— install admin on all joomla sites
3 — Look at the htaccess created by admin and add the most important htaccess rule to the main htaccess in the root public_html.

Now I have to find exactly what are the most important rules...


Good day Akeeba!

Thanks !

For other that are interested...

Joomla discussion on that file:
Joomla.org Discussion Forum about this htaccess...


Link to that file:
Your text to link here...

Just a remark about the optimization part (Expiration controls and Etag)

I just look at the admin pro generated htaccess and I don’t see the Expire Headers and Etag showing in the suggested file...

The Etag in the suggested file are on the top part of the htaccess file (I guess they should be there...) and they are different than what I normally see

FileETag MTime Size

What I normally see:

Header unset Etag
FileETag none

My questions —>
• What is the right Etag settings between the two and should I insert it at the top or bottom spot in the htacces in the Custom .htaccess rules?

•about the Expire Headesrs should I add someting like the example to the AdminPro generated in the Bottom Part in the Custom .htaccess rules?

Cool - Thanks a lot.

I think Admintools do not place these in the htaccess??

########## Begin - ETag Optimization
## This rule will create an ETag for files based only on the modification
## timestamp and their size. This works wonders if you are using rsync'ed
## servers, where the inode number of identical files differs.
## Note: It may cause problems on your server and you may need to remove it
FileETag MTime Size
########## End - ETag Optimization

########## Begin - Optimal default expiration time
## Note: this might cause problems and you might have to comment it out by
## placing a hash in front of this section's lines
## Note: Some people prefer using "now plus 1 month" instead of "now plus 1 year".
## Suit to taste.
<IfModule mod_expires.c>
        # Enable expiration control
        ExpiresActive On

        # Default expiration: 1 hour after request
        ExpiresDefault "now plus 1 hour"
        
        # CSS and JS expiration: 1 week after request
        ExpiresByType text/css "now plus 1 week"
        ExpiresByType application/javascript "now plus 1 week"
        ExpiresByType application/x-javascript "now plus 1 week"
        
        # Image files expiration: 1 month after request
        ExpiresByType image/bmp "now plus 1 month"
        ExpiresByType image/gif "now plus 1 month"
        ExpiresByType image/jpeg "now plus 1 month"
        ExpiresByType image/jp2 "now plus 1 month"
        ExpiresByType image/pipeg "now plus 1 month"
        ExpiresByType image/png "now plus 1 month"
        ExpiresByType image/svg+xml "now plus 1 month"
        ExpiresByType image/tiff "now plus 1 month"
        ExpiresByType image/vnd.microsoft.icon "now plus 1 month"
        ExpiresByType image/x-icon "now plus 1 month"
        ExpiresByType image/ico "now plus 1 month"
        ExpiresByType image/icon "now plus 1 month"
        ExpiresByType text/ico "now plus 1 month"
        ExpiresByType application/ico "now plus 1 month"
        ExpiresByType image/vnd.wap.wbmp "now plus 1 month"
        ExpiresByType application/vnd.wap.wbxml "now plus 1 month"
        ExpiresByType application/smil "now plus 1 month"
        
        # Audio files expiration: 1 month after request
        ExpiresByType audio/basic "now plus 1 month"
        ExpiresByType audio/mid "now plus 1 month"
        ExpiresByType audio/midi "now plus 1 month"
        ExpiresByType audio/mpeg "now plus 1 month"
        ExpiresByType audio/x-aiff "now plus 1 month"
        ExpiresByType audio/x-mpegurl "now plus 1 month"
        ExpiresByType audio/x-pn-realaudio "now plus 1 month"
        ExpiresByType audio/x-wav "now plus 1 month"
        
        # Movie files expiration: 1 month after request
        ExpiresByType application/x-shockwave-flash "now plus 1 month"
        ExpiresByType x-world/x-vrml "now plus 1 month"
        ExpiresByType video/x-msvideo "now plus 1 month"
        ExpiresByType video/mpeg "now plus 1 month"
        ExpiresByType video/mp4 "now plus 1 month"
        ExpiresByType video/quicktime "now plus 1 month"
        ExpiresByType video/x-la-asf "now plus 1 month"
        ExpiresByType video/x-ms-asf "now plus 1 month"
</IfModule>
########## End - Optimal expiration time

Looking at your htaccess master... I should place it not at the bottom but at the top ?

IN —> Custom .htaccess rules at the top of the filein the Htaccess Maker

Other parts that are not inserted by the [b]Htaccess Maker ?[/b]

Understood Chief!
Thanks

I look at your file at Your text to link here...

Thanks for this...

You don’t have to answer this as it is not really an Akeeba problem.

I’m trying to build an htacces for a joomla site in a subfolder (the main site), remark that other programs and demo joomla and non-joomla sites reside in other folders.

This is what I got so far

1— First My working 301 redirect to the subfolder
—> (I’m still in discussion with experts if it is the best way, but it work... so far...)

# Copy and paste the following code into the .htaccess file
# in the public_html folder of your hosting account
# make the changes to the file according to the instructions.

# Replace MyDomain.com and /MySubfolder/ with the real names.

# Redirect to canonical hostname and rewrite to internal MySubfolder.

# Activate the rewrite engine
RewriteEngine on

# 1. Redirect non-canonical hostame requests to www.MyDomain.com
RewriteCond %{HTTP_HOST} !^(www\.MyDomain\.com)?$
RewriteRule (.*) http://www.MyDomain.com/$1 [R=301,L]

# 2. Rewrite root request to index file in MySubfolder
RewriteRule ^$ /MySubfolder/index.php [L]
#RewriteRule !. /MySubfolder/index.php [L]
# (pick one of the above two lines, they are equivalent)

# 3. Rewrite requests to MySubfolder
# If the request has not already been rewritten to /MySubfolder/ 
RewriteCond %{REQUEST_URI} !^/MySubfolder/
# and is not a request that is always handled by a file
RewriteCond %{REQUEST_URI} !(MySubfolder).\.(png|gif|jpe?g|css|js|zip|txt)$
# and does not actually exist as a file or folder
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# rewrite the request to be handled by the folder
RewriteRule (.*) /MySubfolder/$1 [L]

Now I will add from your htaccess example what I think will help for security

Should I add between “RewriteEngine on” and the first redirect the following code snippets (1-2) coming from your file (seem important for security) ?

########## 1-Begin - No directory listings
## Note: +FollowSymlinks may cause problems and you might have to remove it
IndexIgnore *
Options +FollowSymLinks All -Indexes
########## End - No directory listings

And the following rule ...

########## Begin - Common hacking tools and bandwidth hoggers block

And after end of all redirections

########## Begin - Force HTTPS for certain pages

########## Begin - Rewrite rules to block out some common exploits

########## Begin - File injection protection, by SigSiu.net

I dont know if these ones are necessary for Joomla in a subfolder (I have other Joomla site and programs in other folders in my publiv html)

OUT ?
########## Begin - Advanced server protection rules exceptions ####
—> ## Referrer filtering for common media files. Replace with your own domain.—> This one out?
—> ## Disallow visual fingerprinting of Joomla! sites (module position dump) —> This one out?

IN ?
—> ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine —> This one seem important?

OUT ?
—> ## Back-end protection —> This one out?
—> ## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ directory —> This one out?
—> ## Disallow front-end access for certain Joomla! system directories —> This one out?
—> ## Allow limited access for certain Joomla! system directories with client-accessible content —> This one out?

IN ?
—> ## Disallow access to rogue PHP files throughout the site, unless they are explicitly allowed —> This one seem important?
—> ## Disallow access to htaccess.txt and configuration.php-dist —> This one seem important?
—> ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @ —> This one seem important if you use SQli only?
—> ########## Begin - Basic antispam Filter, by SigSiu.net —> This one seem important?

Thanks...

In fact, in my public_html I have both my main joomla site in a subfolder and other folders (at the same level that the main subfolder) with Joomla sites and other php programs and even html site.

Look like this:

public_html
.htaccess (main htaccess file with 301 redirect to “Main Site Folder”
• Main site folder (with admin pro htaccess)
• Folder with demo joomla site (will update and install AdminPro on all)
• more Folders with applications and html sites

I guess I should use the non-joomla site protection in that case....

Really appreciate your input — Thanks Nicholas

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.