Eihwaz Posted March 5, 2010 Share Posted March 5, 2010 If you ever had your template stolen, here's how to prevent this from happening again:.htaccess: # Avoid directory browsing Options All -Indexes # Protecting *.tpl files Order allow,deny Deny from all Or, if you want some automation:/admin/tabs/AdminGenerator.php (somewhere around line 107 (I'm using V 1.3 alpha 1))change // ErrorDocument fwrite($writeFd, $this->_htData['ErrorDocument']['comment']."\nErrorDocument ".$this->_htData['ErrorDocument']['content']."\n"); fclose($writeFd); to: // ErrorDocument fwrite($writeFd, $this->_htData['ErrorDocument']['comment']."\nErrorDocument ".$this->_htData['ErrorDocument']['content']."\n"); // Directory browsing fwrite($writeFd, "\n# Avoid directory browsing\n"); fwrite($writeFd, "Options All -Indexes\n"); // Protecting templates fwrite($writeFd, "\n# Protecting *.tpl files\n"); fwrite($writeFd, "\n"); fwrite($writeFd, "\tOrder allow,deny\n"); fwrite($writeFd, "\tDeny from all\n"); fwrite($writeFd, "\n"); fclose($writeFd); Now everytime you generate .htaccess file (from BO), it will add those lines.What they do:Options All -Indexes (suggested by Peter from AktywnySmyk.pl)makes sure no one can get access to directory listing, even if the directory doesn't have an index file.Order allow,deny Deny from allThis will disallow viewing or downloading any tpl files from your website (including those in modules/ folder).I tried to warn every shop in Presta's showcase, but many people must have thaught I'm some sort of hacker, trying to gain access to their web-sites by making them change their .htaccess file Link to comment Share on other sites More sharing options...
Jack Posted March 7, 2010 Share Posted March 7, 2010 Hello Eihwaz,Thanks for the tips. How can I prevent people for downloading my css?Thank you for the help. Link to comment Share on other sites More sharing options...
Eihwaz Posted March 7, 2010 Author Share Posted March 7, 2010 Hi, Jack. There's no way, really: css, as well as javascript are client-side technologies. So it's like trying to prevent someone from downloading a picture from your website: there's no real way. Probably the only thing you can do is to minify your css code (it will also make it work faster (because of the smaller size)), but it will only stop amateurs. Link to comment Share on other sites More sharing options...
Jack Posted March 7, 2010 Share Posted March 7, 2010 Thanks for the reply. If they have my css and JS, it means they got everything.... :-S Thank you again for the help.One more question:is there a way I can minify my entire site codes such as css,js,php,and tpl? Link to comment Share on other sites More sharing options...
Eihwaz Posted March 7, 2010 Author Share Posted March 7, 2010 That dpends on what IDE you're using to develop your web-site in: there might be some plugins for it.You may also be interested in WEBO, they have a public beta version: it does pretty much everything to optimize your site: minifying, gzipping, spriting, etc. The installation is pretty easy, but I should warn you that I personaly haven't used it on a live site yet, only at localhost.Pretty handy tool: it even backs up your original files before changing them, so you can always undo the changes it has made.And then there's Google Minify, YUI Compressor, and the list can go on: just google for "minify css" or "minify javascript". Link to comment Share on other sites More sharing options...
Jack Posted March 7, 2010 Share Posted March 7, 2010 That dpends on what IDE you're using to develop your web-site in: there might be some plugins for it.You may also be interested in WEBO, they have a public beta version: it does pretty much everything to optimize your site: minifying, gzipping, spriting, etc. The installation is pretty easy, but I should warn you that I personaly haven't used it on a live site yet, only at localhost.Pretty handy tool: it even backs up your original files before changing them, so you can always undo the changes it has made.And then there's Google Minify, YUI Compressor, and the list can go on: just google for "minify css" or "minify javascript". Thank you very much for taking the time to reply my questions. Link to comment Share on other sites More sharing options...
sinoland Posted September 15, 2010 Share Posted September 15, 2010 Hello,Thank you for your solutions. I tried to edit AdminGenerator.php to handle 403 error by adding$tab['ErrorDocument']['content'] = '403 '.__PS_BASE_URI__.'404.php';right after// ErrorDocument$tab['ErrorDocument']['comment'] = '# Catch 404 errors';$tab['ErrorDocument']['content'] = '404 '.__PS_BASE_URI__.'404.php';For the ErrorDocument part, the generated .htaccess only showsErrorDocument 403 /404.phpAm I missing something? Please help. Thank you. Link to comment Share on other sites More sharing options...
robkwal Posted September 15, 2010 Share Posted September 15, 2010 I get the following error when i make the changes you suggest:Server error!The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script.If you think this is a server error, please contact the webmaster.Error 500www.[website].comWed Sep 15 11:52:25 2010Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7e mod_auth_pgsql/2.0.3ANY IDEAS?! Link to comment Share on other sites More sharing options...
mantobani Posted February 21, 2011 Share Posted February 21, 2011 Thank you, this is helpful, a must be in the prestashop tweaks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now