Make sure that you have completed the previous steps completely before moving on to configuring NukeSentinel™. NukeSentinel™ has been pre-configured to:
NOTE: You cannot yet use the write to .htaccess setting but you soon will. If you click on Admin Auth List, you should see the NukeSentinel™ ADMIN record that you added during Configuration (setup.php).
Click on Blocker Configuration and review the settings for all the blockers. Most have been preset but you should still review them all. If you change any settings, be sure to save them prior to moving onto a different blocker.
Now, you should be able to SAFELY activate the Admin Access Protection part of NukeSentinel™. Go back to the NukeSentinel™ Administration main panel. In the Administrative Settings section you should see a drop down box beside Admin Auth:. Hopefully you will see "Off", "Admin HTTPAuth", and "Admin CGIAuth". It's okay if "Admin CGIAuth" is NOT there. Simply click "Admin HTTPAuth" and save the settings.
If "Admin HTTPAuth" is not in the list, either PHP is not being run as an Apache module (i.e., it is being run via CGI), or "register_globals" is turned OFF (which is actually an additional security measure). Either way, since "Admin HTTPAuth" is not available to you, skip over the next paragraph.
If all is working for you, you will now be prompted with the standard browser HTTP Authentication pop up. Type in your NukeSentinel™ id/pass and it should then let you in. If it does, close all browser sessions that you might have open so we can REALLY test this. Open up a new, single browser sessions and type http://www.YOURDOMAIN.com or http://www.YOURDOMAIN.com/html and select GO or press enter. You should see your nuke site with the Welcome message. Next, type http://www.YOURDOMAIN.com/admin.php or http://www.YOURDOMAIN.com/html/admin.php and select GO or press enter. You should be prompted with the HTTP Authorization screen. Enter your NukeSentinel™ id/pass and submit it. Assuming it works, you should now see the regular nuke Admin login screen. Enter your nuke admin id/pass and submit it. You should now see your nuke ACP.
Once the above is working for you, be sure to read the section on Protecting Your Forums Admin Folder at the bottom of this page.
If you do not have HTTP Auth and/or .htaccess, do not panic. Read on and hopefully it will all be explained.
There are two basic ways that PHP can be integrated into Apache: as an Apache module, or as a CGI program. If your host is running PHP as an Apache module (plus "register_globals" must be turned ON - not recommended), then you have the capability of using HTTP Authentication as a function of the browser and you do not even need .htaccess/.staccess. If, however, your host is running PHP as a CGI program (or "register globals" is turned OFF), then we have to use the same HTTP Authentication but with a .htaccess and .staccess (a password file).
As an Apache module you have more flexibility than as a CGI. There are pro's and con's to each but we will only address the impact as it relates to NukeSentinel™. The reason we introduced this scheme is to protect your admin.php file from being so easily cracked. It provides an extra layer of security to gain access to the standard PHP-Nuke Admin Control Panel (ACP). There are other safe-guards built into NukeSentinel™ that protects admin.php, but this is just another layer of "protection".
Should you find yourself in the smaller group of users that require CGI Auth (as we call it), following these instructions to use and activate CGI Auth (HTTP Authentication using .htaccess and .staccess):
# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .staccess>
deny from all
</Files>
<Files admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/USERNAME/public_html/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
USERNAME will be your username and the path may be different
That is the procedure. It sounds more complicated than what it is, but hopefully the more detailed explanation was helpful.
There is an additional benefit to using this method of Admin Athentication (read on).
There are numerous attempts from hackers to try and exploit the Forums admin scripts by calling them directly. It is recommended that you also protect the entire modules/Forums/admin folder with a similar approach to admin authentication.
If you are using "CGIAuth", rename the rn.htaccess file that is in modules/Forums/admin to .htaccess and then modify the line for AuthUserFile to match what you have within the .htaccess file that is in the root of your RavenNuke™ installation. This will also protect your Forums admin folder using the same NukeSentinel™ admin auth userid and password!
If you using "HTTPAuth", see the Protecting Your Forums Admin Folder thread in the RavenPHPScripts support forums.
| <<< Configure Base RavenNuke™ | Additional Add-Ons >>> |