Moving Admin sub-site out of main website?

Posted By stringerbell Tue 13 Aug 2013
Add to Favorites1
Author Message
stringerbell
 Posted Tue 13 Aug 2013
Supreme Being

Supreme Being - (5,213 reputation)Supreme Being - (5,213 reputation)Supreme Being - (5,213 reputation)Supreme Being - (5,213 reputation)Supreme Being - (5,213 reputation)Supreme Being - (5,213 reputation)Supreme Being - (5,213 reputation)Supreme Being - (5,213 reputation)Supreme Being - (5,213 reputation)

Group: Awaiting Activation
Last Active: Thu 8 May 2014
Posts: 1, Visits: 43
Is it possible to strip the Admin functionality out of the main folder structure and moving it somewhere else?

We'd want to have something like this:

Main Store's URL:
www.ourdomain.com

Admin's URL:
admin.ourdomain.com

We won't want people entering this and getting to the Admin login screen:
www.ourdomain.com/admin


For that we'd need to move such Admin sub-site to a completely different Website within our IIS box, or even move it to a different web server within our network.

How can it be done without breaking everything?


Thanks
Paul
 Posted Tue 13 Aug 2013
große Käse

große Käse - (508,440 reputation)große Käse - (508,440 reputation)große Käse - (508,440 reputation)große Käse - (508,440 reputation)große Käse - (508,440 reputation)große Käse - (508,440 reputation)große Käse - (508,440 reputation)große Käse - (508,440 reputation)große Käse - (508,440 reputation)

Group: Administrators
Last Active: Tue 10 Sep 2024
Posts: 807, Visits: 2,748
Moving it doesn't really make sense. Even if you run it on a subdomain, it doesn't stop people finding the admin page. They only need to query your DNS records to find the subdomains, and search engines have a habit of finding pages you don't want (often they will get the URL via your browser).

The best way to stop it being accessible to outsiders is simply to draw up a list of the IPs or IP ranges your internet connection(s) use, and then in IIS set the /Admin folder to deny all except those IPs. We do this on the kartris.com site. I have to be on my company VPN to access it.

You can also block IPs within the Kartris web.config (we built this feature in for people on shared hosting that don't have IIS admin control). But it's best from IIS, as the requests don't even reach Kartris.

You can always map admin.domain.xyz or whatever to that if you really want to, although it isn't really necessary - it doesn't add any more security.


--
If my post solves your issue, can you 'Mark as Answer' so it's easier for other users to find in future.

If you would like to be informed of new features, new releases, developments and occasional special bonuses, please sign up to our mailing list: http://bit.ly/19sKMZb

Similar Topics

Expand / Collapse

Reading This Topic

Expand / Collapse

Back To Top