How to restrict the public from getting into the setup/admin pages?

system · August 24, 2016, 12:53pm

fatimah-al-naji wrote on Wednesday, August 24, 2016:

Good day,

I have a question about openEMR system, I will give you an example that clarify my question , let us imagine this is my URL 109.0123.2.1/openemr
As a user I don’t want the public to get access to the admin.php and setup.php pages through my URL by typing 109.0123.2.1/openemr/setup.php or 109.0123.2.1/openemr/admin.php
Is there a way that restrict the public from getting into the setup/admin pages?

Your help is highly appreciated,
Best,

system · August 24, 2016, 12:59pm

cmswest wrote on Wednesday, August 24, 2016:

hi, check this out:
http://open-emr.org/wiki/index.php/Securing_OpenEMR

system · August 24, 2016, 1:50pm

visolveemr wrote on Wednesday, August 24, 2016:

Hello Fatimah,

To restrict specific pages, you need to change your webserver’s virtual host configurations as follows,

add the following code in Virtual Host settings of your openemr instance,

<Files "setup.php">
 Require all denied
</Files>

If still having issue, please share your server details.

Thanks,
ViSolve OpenEMR Team,
ViSolve

system · August 25, 2016, 7:43am

fatimah-al-naji wrote on Thursday, August 25, 2016:

Thank you Stephen Waite and ViSolve. Your replay is very helpful.