16 Jul 2013

How to disable the /admin* URL protection?

Tags: Security, Tips and Tricks

QHow to disable the /admin* URL protection, if it keeps redirecting me to the site homepage even if I’m logged in, probably because of some module which affects cookies handling?

AThis has been restricted by design to protect your sites from brute-force DoS attempts, because these URLs are never cached and always hit Drupal directly. There is an easy to use switch to disable this protection per site, so if you experience problems with redirects to the homepage when accessing /admin* URLs, just set disable_admin_dos_protection = TRUE in the site or platform level INI file — note however that we recommend to debug this and determine the module affecting Drupal standard cookies naming and behaviour, so you could keep your site safe from DoS attempts.

!Please understand that by removing this default protection, you are making all sites hosted on your instance vulnerable to potential DoS attacks, which are very common these days, with networks of spambots targeting Drupal sites with attempts to add spam as nodes, comments and registering new accounts. We reserve the right to restore default protection if our monitoring will detect that removed restrictions allowed to successfully attack your site and cause system instability.

Create Account or request a free Test Drive
Already 900+ hosts powering thousands of Drupal sites are running on our high-performance Aegir BOA stack
© 2009-2023 Omega8.cc | ul. Zlota 59, 14th floor Skylight Building, 00-120 Warsaw, Poland | Twitter
Smokin’ Fast Drupal Hosting in Amsterdam · Chicago · Frankfurt · London
Madrid · New York · San Jose · Singapore · Sydney · Toronto · Warsaw