Moving Admin sub-site out of main website?

Moving it doesn't really make sense. Even if you run it on a subdomain, it doesn't stop people finding the admin page. They only need to query your DNS records to find the subdomains, and search engines have a habit of finding pages you don't want (often they will get the URL via your browser).

The best way to stop it being accessible to outsiders is simply to draw up a list of the IPs or IP ranges your internet connection(s) use, and then in IIS set the /Admin folder to deny all except those IPs. We do this on the kartris.com site. I have to be on my company VPN to access it.

You can also block IPs within the Kartris web.config (we built this feature in for people on shared hosting that don't have IIS admin control). But it's best from IIS, as the requests don't even reach Kartris.

You can always map admin.domain.xyz or whatever to that if you really want to, although it isn't really necessary - it doesn't add any more security.

Author	Message
stringerbell	Posted Tue 13 Aug 2013
Supreme Being Group: Awaiting Activation Last Active: Thu 8 May 2014 Posts: 1, Visits: 43 4,701	Is it possible to strip the Admin functionality out of the main folder structure and moving it somewhere else? We'd want to have something like this: Main Store's URL: www.ourdomain.com Admin's URL: admin.ourdomain.com We won't want people entering this and getting to the Admin login screen: www.ourdomain.com/admin For that we'd need to move such Admin sub-site to a completely different Website within our IIS box, or even move it to a different web server within our network. How can it be done without breaking everything? Thanks Tags admin
	REPLY QUOTE LIKE 360
Paul	Posted Tue 13 Aug 2013
große Käse Group: Administrators Last Active: Fri 15 Sep 2023 Posts: 806, Visits: 2,737 454,266	Moving it doesn't really make sense. Even if you run it on a subdomain, it doesn't stop people finding the admin page. They only need to query your DNS records to find the subdomains, and search engines have a habit of finding pages you don't want (often they will get the URL via your browser). The best way to stop it being accessible to outsiders is simply to draw up a list of the IPs or IP ranges your internet connection(s) use, and then in IIS set the /Admin folder to deny all except those IPs. We do this on the kartris.com site. I have to be on my company VPN to access it. You can also block IPs within the Kartris web.config (we built this feature in for people on shared hosting that don't have IIS admin control). But it's best from IIS, as the requests don't even reach Kartris. You can always map admin.domain.xyz or whatever to that if you really want to, although it isn't really necessary - it doesn't add any more security. -- If my post solves your issue, can you 'Mark as Answer' so it's easier for other users to find in future. If you would like to be informed of new features, new releases, developments and occasional special bonuses, please sign up to our mailing list: http://bit.ly/19sKMZb Tags secure back end
	REPLY QUOTE LIKE 381

Moving Admin sub-site out of main website?

Moving Admin sub-site out of main website?

Similar Topics

Reading This Topic