Today I simply run a plain normal update on my FreeBSD server of the Apache server. Usually this works out without any problems.

But tonight, big panic!
The rails applications didn't start anymore.

I received a Forbidden Message. (Directory listing isn't allowed). Passenger wasn't working anymore.

So I started trying several things:
- Trying to recompile passenger. No success.
- Trying to upgrade an recompile passenger, No succes.
- I was about to downgrade Apache to the previous version. (Which is a bit hard with the shared FreeBSD Port system, running in a jail. Stupid me had thrown away the previous binary)

Thanks to the google-gods I've found the following issue
https://github.com/phusion/passenger/issues/1648

It seems the autoindex module isn't compatible with Passenger anymore..

For the moment I temporary solved it by disabling the autoindex module of Apache in httpd.conf
#LoadModule autoindex_module libexec/apache24/mod_autoindex.so

* Note to self *
Never throw away the previous installed package binary.

7kdfbg48sv

Last post I've added a module attribute for the spree backend for supplying the configuration data.

I think it's much cleaner to use Spree's build in configuration system.
The admin path now is a normal Spree setting. You can supply it in the Spree initializer:

Spree.config do |config|
  config.admin_path = "/super-secret-name"
end

The code changes required in Spree for this solution only is 3 lines!
Add the admin_path preference to this file core/app/models/spree/app_configuration.rb

module Spree
  class AppConfiguration < Preferences::Configuration
    #...
    preference :admin_path, :string, default: "/admin"
    #...
  end
end

And alter the backend/config/routes.rb, to include a path definition in the top namespace and change the '/admin' path route of the last line.

Spree::Core::Engine.add_routes do
  namespace :admin, path: Spree::Config.admin_path do
 
    #.. everything remains the same, except this last line:
    get Spree::Config.admin_path, to: 'admin/root#index', as: :admin
 
  end
end

That's all...
Sending in a PullRequest now :)

At the moment Spree uses a hardcoded /admin path for accessing the backend.
I really, really would like if this was configurable.

The solution could be pretty simple:

file: /lib/spree_backend.rb (spree/backend/lib/spree_backend.rb)

  module Spree::Backend
    mattr_accessor :route_admin_path
    @@route_admin_path = "/admin"

    def self.config
      yield self
    end  
  end

Next in spree /config/routes.rb (spree/backend/config/routes.rb)

Spree::Core::Engine.add_routes do
  namespace :admin, path: Spree::Backend.route_admin_path do

    #.. everything remains the same, except this last line:
    get Spree::Backend.route_admin_path, to: 'admin/root#index', as: :admin

  end
end

And ready, you can now configure your admin path, via an initializer of your application

Spree::Backend.config do |config|
  config.route_admin_path = '/super-secret-name'
end

I know it's security by obscurity, but it makes building automated attacks much more difficult.
Which is very important if there are known security issues.

Warning: Plugins are not converted and use the default /admin path. But these plugins can be changed easily by adding the path: Spree::Backend.route_admin_path option!

Please tell my what do you think of this solution?!?