You don't really need to have cgi scripts to utilize .htaccess files. You would use cgi to say administer .htaccess files. i.e. so that your visitors can change their passwords and or add new passwords.
.htaccess files can be used to protect a directory and thus protecting files in said directory. The .htaccess will protect every directory under which the directory under which it resides.
Although the common use of .htaccess files is for security really it is administation file that is capable of far more then security
If the server and .htaccess files is setup right you cannot look at the file with the direct link to said file.
Here is an example of an .htaccess file
Code:
AuthName "You must be a valid user"
AuthType Basic
AuthUserFile .htpasswd
Order Deny,Allow
Deny from all
Allow from 65.11.222.176
require valid-user
AuthName = What is printed on the popup screen to validate user...
AuthType = Basic (I think there is other types but this is the only one I have used)
AuthUserFile = location and title of your password file...
Order Deny,Allow = we first deny then we allow
Deny from all = No one is authorized
Allow from 65.11.222.176 = ok well will allow people from that ip address. Note you can do blocks here and or domain names too...
require valid-user = you must have a login/password to access this directory
I am still learning all this myself but that should give you some idea???
Links that I used to understand more,,,
www.apache.org
www.apacheweek.com/features/userauth
http://linux.com/security/newsitem.p...id=12&aid=3667
http://apachetoday.com/news_story.ph...02-01-NW-LF-SW
There are a few more but this will get you started
Hope this helps
Late
P.S. this should really be in one of the server development forums
CryingWolf
Bookmarks