Reputation: 12779
Change Composite C1 standard admin URL for security - best practice
As C1 has a standard admin path ~/Composite/top.aspx - this is an easy vector for an attacker to focus efforts.
Is there a best practice way to move this - either by changing the top.aspx file name and or the folder without breaking code, and without breeching the license agreement?
This would seem like a good idea for all installations.
Upvotes: 3
Views: 526
Answers (1)
Reputation: 13028
This would seem like a good idea for all installations.
Not really. What you propose is security through obscurity and not the best approach.
I'd rather make sure that the /Composite Backend Login is only reachable for specific IP adresses (i.e. the IP adress of the site admin and any editors) or set up an additional HTTP password authentication in the webserver for that area.
Upvotes: 2
Related Questions
- How can I change the URL to the Django admin interface?
- Best practice for securing an admin panel for a custom cms?
- Secure url with ADMIN role Spring Security
- Alias/Redirect Page Type in Composite C1
- Changing Umbraco 7.1.4 admin URL
- Magento change complete admin url
- Composite C1 - 'URL Aliases', redirecting URL's with Querystring
- Composite C1 - Multiple domains & sites in one Composite C1 instance
- Running Multiple Sites from Common Composite C1 CMS
- CCTray - Change url of server