In order to add a bit of security to the zp-core admin folder, I added an .htaccess file that limits the allowed IPs that can access the admin folder. I thought I was being clever.
order deny,allow
deny from all
allow from {work IP here}
allow from {home IP here}
allow from 127.0.0.1
But since I've done that I've noticed errors in my apache logs:
[error][client 59.98.208.11] client denied by server configuration: /absolute/path/to/zenphoto/zp-core/images/rss.gif
[error][client 59.98.208.11] client denied by server configuration: /absolute/path/to/zenphoto/zp-core/js/jquery.js
So my genius plan is letting ZP include server side type scripts, but the things in zp-core that are client side aren't getting out. (Duh!)
So my question boils down to asking for recommendations:
Does anyone out there use IP based access for their zp-admin folder and how do you do it? I've thought to put a line of php at the top of some of the admin files that check for IP instead of the htaccess, but that crashed it for some reason.
Thank you in advance for your time.
Zenphoto
