An alternative to creating a password level protection to the admin folder would be to block all access to the admin area to all except for a few ip address.
This would be in a file called ".htaccess" (or in the httpd.conf) in the www/admin folder
It would look something like this
<IfModule mod_rewrite.c>
RewriteEngine On
#####IP Lockdown to prevent Unauthorised access from unauthorised IP
RewriteCond is the condition in which you will be redirected to the rule
Remote host is the ip
! - signifiys not this ip address
and the rewriterule is to a page to display as a result.
The pros:
You are whitelisting ip addresses that can have access. This works well if you have a fixed ip in an office/home.
If you have a dynamic address though, then you would need to read documentation on the rewrite rule to see if you can include a dyndns in wome way. I have not found out how to do this successfully yet.
The cons:
You could inadvertently lock yourself/or other uses out. Probably not good for everybody using this.
Potential
I guess you could mask the fact that adserver is even installed if you did something with referers but if you have many there again, won't be feasible for everyone.
Securing Revive
in Managing Revive Adserver
Posted
An alternative to creating a password level protection to the admin folder would be to block all access to the admin area to all except for a few ip address.
This would be in a file called ".htaccess" (or in the httpd.conf) in the www/admin folder
It would look something like this
<IfModule mod_rewrite.c>
RewriteEngine On
#####IP Lockdown to prevent Unauthorised access from unauthorised IP
RewriteCond %{REQUEST_URI} !/www/admin/unauthorised.html
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteCond %{REMOTE_HOST} !^your\.ip\.addr\.ess
RewriteRule $ /www/admin/unauthorised.html [R=404,L]
</IfModule>
Explaination
The pros:
You are whitelisting ip addresses that can have access. This works well if you have a fixed ip in an office/home.
If you have a dynamic address though, then you would need to read documentation on the rewrite rule to see if you can include a dyndns in wome way. I have not found out how to do this successfully yet.
The cons:
You could inadvertently lock yourself/or other uses out. Probably not good for everybody using this.
Potential
I guess you could mask the fact that adserver is even installed if you did something with referers but if you have many there again, won't be feasible for everyone.