Securing admin folder

[Al@iamstudios]

Hi everyone, advance apologies for any mistakes - first time poster.

I've installed osCommerce, carefully following the tutorials mentioned elsewhere and the original docs, and applied the fixes from the previous post (PHP5 fix - BIG thanks for that to all who contributed). Everything seems fine and I can access both admin and store sections until I get around to securing the admin folder.

I'm unable to access the store and admin sections, receiving an HTTP 500 error, after password protecting my admin folder through HELM. As soon as I remove the password protection from the admin folder through HELM, I have complete access again.

Does this mean that I have to manually configure the .htaccess and .htpasswd files? Or have I just been a bit of a plum and done something wrong elsewhere?

[RFH Reseller: nick]

Do you not get the Authentication pop-up in your browser when trying to view the page at all? Never had this problem myself.

I think I'm right in saying that you can't really use .htaccess with IIS. If you have those files in the directories, maybe they are causing the problems?

[Staff: Warren Ashcroft]

Remember to NOT upload any osCommerce incuded .HTACESS files - they are linux based and mess up the secured folders filter.

[Al@iamstudios]

Thanks for the replies, guys.

I've removed the .htaccess files and secured the admin folder via HELM and I can still access the store and admin so that's a step up but I still don't have a secure admin folder - I can go straight to it with no password request. I suspect that I need to reinstall osCommerce (remembering to leave the .htaccess files at home) so I'll get stuck in when I get back from work.

Thanks again, I'll post how it goes.

[Staff: Warren Ashcroft]

Thanks for the replies, guys.

I've removed the .htaccess files and secured the admin folder via HELM and I can still access the store and admin so that's a step up but I still don't have a secure admin folder - I can go straight to it with no password request. I suspect that I need to reinstall osCommerce (remembering to leave the .htaccess files at home) so I'll get stuck in when I get back from work.

Thanks again, I'll post how it goes.

Find and delete all .htaccess files, then simply reinstalled and resetup the secured folders in Helm.

[Al@iamstudios]

All working beautifully!

I deleted all osCommerce files from the server and reinstalled it. The .htaccess files never even got a sniff of the web this time though and after completing the installation/configuration, I now have a fully secure admin folder. As a matter of fact, it's even cleared up some other errors I was getting in the store with missing parameters.

Thanks again Nick & Warren - much appreciated.

Just out of curiosity, I guess that when the osCommerce docs mention additions to the Directory Index ("Add to your DirectoryIndex statement and include the following : index.php This can be done in the Apache httpd.conf file if you have root access, or can be done in an .htaccess file in your /catalog dir"), it can be ignored?

[RFH Reseller: nick]

I think you can safely ignore that. the server is set up to use index.php as one of the defaults anyway.

[Al@iamstudios]

Sweet. Thanks for that.

Just for reference, I used these docs for the install...
http://oscdox.com/phpWiki.html

[RFH Reseller: nick]

Sweet. Thanks for that.

No Problem.
(I've always wanted to say that!)