Protecting the Joomla admin area via a .htaccess file is common practice.
However, it seems that Chronoforms is requiering access to the component folder in the admin area 😟
I have at least spottet, that the refresh captcha picture is located here:
administrator\components\com_chronoforms5\chronoforms\actions\load_captcha\refresh.png
At this moment, it's unclear what other dependencies are present.
On top, I have no idea on how to give access to this directory via .htaccess either!
Looks like several users posted this behaviour already some time ago and no solution was found.
From there, I'd like to suggest to the development team to unlink these dependencies in a new revision of the code and in the meantime help to provide a workable solution so the admin area to Joomla can be protected.
Thanks and counting on your great support in this forum!
Cugar
However, it seems that Chronoforms is requiering access to the component folder in the admin area 😟
I have at least spottet, that the refresh captcha picture is located here:
administrator\components\com_chronoforms5\chronoforms\actions\load_captcha\refresh.png
At this moment, it's unclear what other dependencies are present.
On top, I have no idea on how to give access to this directory via .htaccess either!
Looks like several users posted this behaviour already some time ago and no solution was found.
From there, I'd like to suggest to the development team to unlink these dependencies in a new revision of the code and in the meantime help to provide a workable solution so the admin area to Joomla can be protected.
Thanks and counting on your great support in this forum!
Cugar
Hi Cugar,
I don't know what Max's plans are with this. I'd just say that - based on the experience here - this isn't a common practice, though is does come up a few times a year.
The simple fix is to remove the .htaccess requirement from the ChronoForms folder in the admin area,
Bob
I don't know what Max's plans are with this. I'd just say that - based on the experience here - this isn't a common practice, though is does come up a few times a year.
The simple fix is to remove the .htaccess requirement from the ChronoForms folder in the admin area,
Bob
Hi Bob,
well, could be debatable... I know lot's of folks who protect the joomla admin area using the browser...
However, I don't know how to take the chronoforms folder out of the .htaccess requirements.
I was experimenting with:
This seems to work with Firefox, buf fails with IE10, Safari and Opera -:(
Any pointers?
Thanks
well, could be debatable... I know lot's of folks who protect the joomla admin area using the browser...
However, I don't know how to take the chronoforms folder out of the .htaccess requirements.
I was experimenting with:
AuthName "secure"
AuthType Basic
AuthUserFile C:/************/administrator/.htpasswd
require valid-user
SetEnvIf Request_URI "(/administrator/components/com_chronoforms5)$" allow
Order allow,deny
Allow from env=allow
Satisfy any
This seems to work with Firefox, buf fails with IE10, Safari and Opera -:(
Any pointers?
Thanks
Ok, figured it out.. The code above does not work - that simple...
Here is a .htaccess structure which works.
1) Place a .htaccess file with the following content in the administrator folder:
2) Place a .htaccess file with the following content in com_chronoforms5:
This will protect everyfolder in the adminstrator area with exception of the com_chronoforms5.
Cugar
Here is a .htaccess structure which works.
1) Place a .htaccess file with the following content in the administrator folder:
AuthName "secure"
AuthType Basic
AuthUserFile C:/************/administrator/.htpasswd
require valid-user
2) Place a .htaccess file with the following content in com_chronoforms5:
Satisfy Any
Order Allow,Deny
Allow from all
This will protect everyfolder in the adminstrator area with exception of the com_chronoforms5.
Cugar
Hi Cugar,
I look at a lot of sites, maybe one in twenty has some kind of admin block, most still seem to let CF work though.
I'm afraid that .htaccess is too arcane for me. I'd imagine that you could just add an .htaccess file to the com_chronoforms5 folder and that will over-ride any higher one?
Bob
I look at a lot of sites, maybe one in twenty has some kind of admin block, most still seem to let CF work though.
I'm afraid that .htaccess is too arcane for me. I'd imagine that you could just add an .htaccess file to the com_chronoforms5 folder and that will over-ride any higher one?
Bob
This topic is locked and no more replies can be posted.
