Jump to content

Allowing an IP to access the admin WHMCS portal

coley

By coley
in Using WHMCS

 Share

Recommended Posts

coley Junior Member

coley

Posted
Posted

Good day,

 

I'm new to this forum can anyone help me to add an IP address on the trusted lists so that when the person wants to login to the admin portal he is not blocked and is allowed. Because whenever they try to login to the admin portal they are blocked and it defaults to the client area.

 

I read a document but i did not understand where exactly i run the command. This is what i found :

 

"For increased protection, if your staff use fixed IP addresses, you can add even more protection to your admin area by restricting access to a specific set of IPs. This is done by creating a file with the name .htaccess within your WHMCS admin directory, with the following content:

 

order deny,allow

allow from 12.34.5.67

allow from 98.76.54.32

deny from all

You can specify as many different allow from lines as you require. Or you can even allow entire IP subnet's by specifying just the first part of an IP, for example: "12.34.". This is called Htaccess IP Restriction."

Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted

http://docs.whmcs.com/Further_Security_Steps#Restrict_Access_by_IP

 

you simply just need to create a text file within your admin directory, call it .htaccess (if you can't do that, call it htaccess.txt and then rename it to .htaccess) and paste the above code into it..

 

order deny,allow
allow from 12.34.5.67
allow from 98.76.54.32
deny from all

but then edit the 'allow from' lines to only include the IP addresses that you want to allow access to the admin area - so let's say your IP address is 83.231.128.15 and only you can access the admin area, you would change the above code to...

 

order deny,allow
allow from 83.231.128.15
deny from all

if you have a colleague using a different IP, you can grant them access by modifying the file and adding their IP...

 

order deny,allow
allow from 83.231.128.15
allow from 85.188.192.87
deny from all

if your users are incorrectly being blocked from accessing the admin area, then it sounds as though you haven't added their correct IP address to the above .htaccess file.

Link to comment
Share on other sites
  • 7 months later...
Rodrigo Gomes Junior Member

Rodrigo Gomes

Posted
Posted (edited)
On 26/03/2017 at 12:26 PM, brian! said:

http://docs.whmcs.com/Further_Security_Steps#Restrict_Access_by_IP

you simply just need to create a text file within your admin directory, call it .htaccess (if you can't do that, call it htaccess.txt and then rename it to .htaccess) and paste the above code into it.. 


order deny,allow
allow from 12.34.5.67
allow from 98.76.54.32
deny from all
but then edit the 'allow from' lines to only include the IP addresses that you want to allow access to the admin area - so let's say your IP address is 83.231.128.15 and only you can access the admin area, you would change the above code to... 

order deny,allow
allow from 83.231.128.15
deny from all
if you have a colleague using a different IP, you can grant them access by modifying the file and adding their IP... 

order deny,allow
allow from 83.231.128.15
allow from 85.188.192.87
deny from all
if your users are incorrectly being blocked from accessing the admin area, then it sounds as though you haven't added their correct IP address to the above .htaccess file.

Hello brian,

These rules in htaccess are no longer working.
I'm using version 7.3.0 and it's not a problem with htaccess (yes, I'm sure of that).

Edited by Rodrigo Gomes
Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted

Hi Rodrigo,

2 hours ago, Rodrigo Gomes said:

These rules in htaccess are no longer working.
I'm using version 7.3.0 and it's not a problem with htaccess (yes, I'm sure of that).

are you really sure ??

because if I copy & paste the above to the admin folder in the v7.3.0 dev .htaccess file, I can't access the admin area... remove those lines, or add my own IP, and I can access it again.

 

Link to comment
Share on other sites
Rodrigo Gomes Junior Member

Rodrigo Gomes

Posted
Posted

Hello brian,

I'm really really sure. This is very strange.

 

I have exactly this on my htaccess: 

Order Deny,Allow
Deny from all
Allow from ::1 127.0.0.0/8
Allow from 123.456.789.10

 

I have tested this same rule on other folders, and it works normally. But in the admin folder of whmcs no, continue accessing the index.

However, it block static files, images, css.
And it does not allow login, because it block the dologin.php file.

 

Apache is configured correctly, with:

AllowOverride All

 

Note: I use a custom name for the admin folder.

Link to comment
Share on other sites
Rodrigo Gomes Junior Member

Rodrigo Gomes

Posted
Posted (edited)
7 minutes ago, brian! said:

it might be worth a ticket to support - it might be how it's interpreting the ::1 because if I try it with standard IP addresses, it seems to work fine.

Like I said before, I'm pretty sure it's not htaccess.

The deny of access works in any other folder, except in that administrative folder.

 

Something very strange is happening here.

Edited by Rodrigo Gomes
Link to comment
Share on other sites
  • 1 month later...
Martins Junior Member

Martins

Posted
Posted

Hello Rodrigo Gomes,

Did you solve this issue? I have similar issue, if I am accessing admin/ access is denied, but if I access login url directly, e.g. admin/login.php, I have login form without static content which is blocked.

Have WHMCS 7.1.2.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept