Moving Admin sub-site out of main website?


https://forum.kartris.com/Topic2303.aspx
Print Topic | Close Window

By stringerbell - Tue 13 Aug 2013
Is it possible to strip the Admin functionality out of the main folder structure and moving it somewhere else?

We'd want to have something like this:

Main Store's URL:
www.ourdomain.com

Admin's URL:
admin.ourdomain.com

We won't want people entering this and getting to the Admin login screen:
www.ourdomain.com/admin


For that we'd need to move such Admin sub-site to a completely different Website within our IIS box, or even move it to a different web server within our network.

How can it be done without breaking everything?


Thanks
By Paul - Tue 13 Aug 2013
Moving it doesn't really make sense. Even if you run it on a subdomain, it doesn't stop people finding the admin page. They only need to query your DNS records to find the subdomains, and search engines have a habit of finding pages you don't want (often they will get the URL via your browser).

The best way to stop it being accessible to outsiders is simply to draw up a list of the IPs or IP ranges your internet connection(s) use, and then in IIS set the /Admin folder to deny all except those IPs. We do this on the kartris.com site. I have to be on my company VPN to access it.

You can also block IPs within the Kartris web.config (we built this feature in for people on shared hosting that don't have IIS admin control). But it's best from IIS, as the requests don't even reach Kartris.

You can always map admin.domain.xyz or whatever to that if you really want to, although it isn't really necessary - it doesn't add any more security.