On 06/30/2014 07:30 AM, Jeroen Van den Horn wrote:
> I'm sure that when you fiddle a bit with some RewriteCond's and
> RewriteRules you can accomplish what you want out-of-the-box.
>
> J
>
>
> On Mon, Jun 30, 2014 at 2:23 PM, Gulkamal Singh
> <lund.singh.1...@gmail.com <mailto:lund.singh.1...@gmail.com>> wrote:
>
> Lets say that I have a domain hosting a public facing website
> (www.mywebsite.com <http://www.mywebsite.com>). Now lets say that -
>
> 1) Security is not a big thing.
> 2) To save money, I want to host the admin interface on the same
> domain (www.mywebsite.com/admin <http://www.mywebsite.com/admin>).
> 3) The admin interface requires login but never the less I do not
> want the public to be even aware of the location of the admin
> interface.
> 4) But there is a chance that someone might type in
> www.mywebsite.com/admin <http://www.mywebsite.com/admin> by
> guessing and discover that there is an admin user interface there.
> 5) I dont want to use complicated IP blocking to block access to
> the admin interface - I want to be able to login from any machine.
> I also dont want to go down the expensive certificate route.
>
> In this case, the following will be useful -
>
> 1) A browser that has a simple interface from where I can map a
> key to a url. When I make a request to my admin URL, it sends
> this key in the header, get or post.
> 2) A server which shows a 404 unless the key is present in the
> header, get or post.
>
> This is fairly a simple feature and I feel that if browsers and
> servers implement this, it could become popular. Could people
> please give me thoughts on this, if there might be benefits to
> this, and if it would be possible for apache http server to
> implement this?
>
>
why not just use a self signed key and implement ssl for your /admin only?
