"if you want to secure your site..."

Hi everyone,

I’m new to invoice plane and would like to ask for your help. I’ve successfully installed the app on my server (yay!). At the end of the installation I got the following info:

If you want to secure your site place this code directly after RewriteEngine on in the .htaccess file and replace yourdomain.com:
Redirect /setup http://yourdomain.com/

Could you let me know what this does exactly and why I would / would not want to do this?

Thanks in advance for your help!


This will ensure that nobody except you can run the setup again.
Basically the setup does not change existing data but could be used to attack your installation.

I installed invoice plane a month ago and REALLY like it. I saw the same message post installation and added the entry to my installation but still get the 1st step of setup ie “choose installation language” when I go to mydomain.com/billing/setup.

I edited the .htaccess file at root of invoice plane install.

the contents of .htaccess look like this:

# Remove index.php
RewriteEngine on Redirect /setup http://mydomain.com
RewriteBase /billing
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]

what have I missed?

This is great work by the way. Once I get a few more aspects of IP configured I’ll donate to the cause. I left my ever increasing in price software last month.


Well, the instructions may be a little bit unclear. This is how it must look:

# Remove index.php
RewriteEngine on
Redirect /setup http://mydomain.com
RewriteBase /billing
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]

And don’t forget to replace http://mydomain.com with your actual domain.

Thanks for the reply. I initially tried that as well but I still get the initial setup screen. I thought maybe it was b/c I was logged in still but I logged out and tried it with your code and still get the setup screen. Does being installed in a subdirectory necessitate something else on the Redirect line?


Oh… sure, you have to add the subdomain to the line too:

Redirect /subdomain/setup http://mydomain.com

Bingo! Thank you very much, I kept putting the subdomain at the end of the url portion ie http://mydomain.com/billing/

After editing .htaccess as above I noticed that the direct link to domain/settings/ is lost !

Please try this solution then or remove the line from the .htaccess file.

Hello, first of all, awesome app, congratulations.

I put this code in my .htaccess file:

RewriteEngine On
Redirect /InvoicePlane-master/setup htt://mydomain (I delete the “p” of “http” for the newbye thing)
#RewriteBase /InvoicePlane-master

but when I try to access to: http://mydomain/InvoicePlane-master/index.php/setup

redirect me to the setup: http://mydomain/InvoicePlane-master/index.php/setup/language

Some clue?, thanks.

@Manu try

Redirect /InvoicePlane-master/index.php/setup http://mydomain.de

Yes of course I try with a lot combinations, and I didn’t moved the original .htaccess file. I’s weird, still allows access to setup.

Hello Kovah, any other clue, I want secure my site.

Thanks, I wait your response.

@Manu I had a similar problem. Here is how I fixed it:

After removing access to the index.php file under the config, it was still allowing access to setup.

So I added a backslash after the redirect URL and that did the trick.
e.g.: RewriteEngine on Redirect billing/setup http://mydomain.com/