Hello,
please help me, this is serious.
some days ago I started to build a new website with Drupal 4.7.2 on Linux + Apache.
I configured everything ( DNS, Apache, Drupal...) to work ONLY when connecting to http://mysite.net. Or so I believed.
ten minutes ago I decided to continue building my website. Without thinking, I typed in the browser www.mysite.net and got the drupal page (with default theme) saying, more or less, "hello, this is the first connection, so this account will be administrator with password ..... Please configure"
If I click on configure, I go to the administration page and can screw the website without entering a password!
At the same time, if I type in the browser http://mysite.net I get to the website I configured (theme, etc...) and I _have_ to log in to change things.
What is this? An error of mine, a Drupal/apache bug, both? How can I set things so that www.mysite.net goes to mysite.net, without believing that is a first visit, and that anybody can hack the site?
TIA, O.
Make sure your .htaccess file is being read. Then make sure you have the correct redirect command uncommented.
If you're trying to run your www. domain as a different site than the non-www. domain, then I don't know -- I've never tried that. But it seems that either way site visitors will get Drupal's index.php.
Also, your admin session is saved in a cookie. That could be why you're able to access the admin area.
If you want to do an off-line site before placing it at the root, it's probably better to place it in a subdomain or subdirectory.
I hope this helps.
Laura
On Jun 10, 2006, at 10:16 AM, dondi_2006 wrote:
Hello,
please help me, this is serious.
some days ago I started to build a new website with Drupal 4.7.2 on Linux
- Apache.
I configured everything ( DNS, Apache, Drupal...) to work ONLY when connecting to http://mysite.net. Or so I believed.
ten minutes ago I decided to continue building my website. Without thinking, I typed in the browser www.mysite.net and got the drupal page (with default theme) saying, more or less, "hello, this is the first connection, so this account will be administrator with password ..... Please configure"
If I click on configure, I go to the administration page and can screw the website without entering a password!
At the same time, if I type in the browser http://mysite.net I get to the website I configured (theme, etc...) and I _have_ to log in to change things.
What is this? An error of mine, a Drupal/apache bug, both? How can I set things so that www.mysite.net goes to mysite.net, without believing that is a first visit, and that anybody can hack the site?
TIA, O.
-- [ Drupal support list | http://lists.drupal.org/ ]
-
dondi_2006 -
Laura Scott