Hi, I want to protect my cron.php from unauthorized access. I placed "cron" in filesmatch line of .htaccess as suggested by video http://drupal.org/node/347981. But it doesn't work as still I am getting cron jobs run anonymously very often.

I now want to implement the suggestion given at http://drupal.org/cron to protect the file by adding the following lines in .htaccess:

<Files "cron.php">
        Order Deny,Allow
        Deny from all
        Allow from localhost
        Allow from 127.0.0.1
        Allow from xx.xx.xx.xx <-- your IP address
    </Files>

Now when I try to visit page www.example.com/cron.php, I get a 403 message directly from the server (not from my Drupal site), so this means that it works and blocks cron access from other IPs.

However I'm wondering if this creates conflicts with Poormanscron, as the module uses random page requests from site users to launch cron job. All those IP addresses will not be authorized to run cron, will users receive a 403 or won't they even notice that cron is being run via Poormanscron?

Thank you for your support.

Comments

steff2009’s picture

steff2009 CreditAttribution: steff2009 commented

Hello, anybody having suggestions on poormanscron regarding this issue? Thank you.