hi guys
im using the nop commerce v.1.9 and i noticed from any browser in different place if i type my web sit : www.mywebsite.eu/administration i will be direct to the admin page. so if someone type and go to the admin page can try all the password with brut force or maybe can find it in another way . so how can i configure the nop commerce if someone type mywebsite/administration get the error page.
THIS IS VERY IMPORTANT FOR THOESE WHO USING THE NOP COMMERCE BECAUSE THIS WAY IN NOT SECURE AND VERY DANGEROUS.
if anybody can help for this security. AND LET ME KNOW WHAT PROCESS I CAN DO.
THANKS
Security on administration page
- 192
- 1594
- 2009/10/20
- Netherlands
Search Google for keywords 'secure subfolder asp.net' and you'll find a ton of solutions.
These are regular ASP.NET functions, not specific nopCommerce.
Or just use IIS security options if you have access to IIS control panel.
What you choose to configure, depends on your demands and wishes, like access via a single IP address only.
These are regular ASP.NET functions, not specific nopCommerce.
Or just use IIS security options if you have access to IIS control panel.
What you choose to configure, depends on your demands and wishes, like access via a single IP address only.
- 59
- 304
- 2011/4/16
- Italy
hi
thanks for your answer,i checked the web config with the asp.net site all is ok,i called to my server company they said the iis on server is installed and everything is ok for them. so i dont know in which way i can set my application.because i dont want if someone can access on my administration pag.if you have some more idea please let me know
thanks
thanks for your answer,i checked the web config with the asp.net site all is ok,i called to my server company they said the iis on server is installed and everything is ok for them. so i dont know in which way i can set my application.because i dont want if someone can access on my administration pag.if you have some more idea please let me know
thanks
- 192
- 1594
- 2009/10/20
- Netherlands
OK. From your answer I think you are on a hosted server and you don't have access to IIS directly.
The two options that remain then is
1. Check the control panel from your hosting party and see if they have something like Protected Subdirectories. If they do, set a password on the Administration subfolder.
2.Change the web.config in the Administration folder to allow only certain (or only one) IP addresses.
See this link for more information: http://www.stokia.com/support/misc/web-config-ip-address-restriction.aspx
Please note that this is not a nopCommerce function, but a general webserver or ASP.NET function.
There is lots of information on this on the internet.
The two options that remain then is
1. Check the control panel from your hosting party and see if they have something like Protected Subdirectories. If they do, set a password on the Administration subfolder.
2.Change the web.config in the Administration folder to allow only certain (or only one) IP addresses.
See this link for more information: http://www.stokia.com/support/misc/web-config-ip-address-restriction.aspx
Please note that this is not a nopCommerce function, but a general webserver or ASP.NET function.
There is lots of information on this on the internet.