SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Thread: (.ht)access

  1. #1
    SitePoint Zealot
    Join Date
    Oct 2000
    Location
    Belgium
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I do not understand the .htaccess "philosophy"...

    Imaging I have a CGI script running in a DIR:
    /mydomain/cgi-bin/myscript

    an a DIR with members (only) photos:
    /mydomain/cgi-bin/myscript/privatephotos

    I would like to limit access to the /privatephotos dir ONLY for the cgi
    script. So that no one (members included) has access to the /privatephotos
    dir EXCEPT through the cgi script? So if someone types:
    "http://mydomain.com/cgi-bin/myscript/privatephotos/veryprivate.gif" in his
    browser they would get an errormessage: NO ACCESS or are redirected.

  2. #2
    ComDude CryingWolf's Avatar
    Join Date
    Dec 2000
    Location
    I don't know the cat drug it in!!!
    Posts
    247
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You don't really need to have cgi scripts to utilize .htaccess files. You would use cgi to say administer .htaccess files. i.e. so that your visitors can change their passwords and or add new passwords.

    .htaccess files can be used to protect a directory and thus protecting files in said directory. The .htaccess will protect every directory under which the directory under which it resides.

    Although the common use of .htaccess files is for security really it is administation file that is capable of far more then security

    If the server and .htaccess files is setup right you cannot look at the file with the direct link to said file.

    Here is an example of an .htaccess file

    Code:
    AuthName "You must be a valid user"
    AuthType Basic
    AuthUserFile .htpasswd
    
    Order Deny,Allow
    
    Deny from all
    Allow from 65.11.222.176
    
    require valid-user
    AuthName = What is printed on the popup screen to validate user...
    AuthType = Basic (I think there is other types but this is the only one I have used)
    AuthUserFile = location and title of your password file...

    Order Deny,Allow = we first deny then we allow

    Deny from all = No one is authorized
    Allow from 65.11.222.176 = ok well will allow people from that ip address. Note you can do blocks here and or domain names too...

    require valid-user = you must have a login/password to access this directory


    I am still learning all this myself but that should give you some idea???

    Links that I used to understand more,,,

    www.apache.org
    www.apacheweek.com/features/userauth
    http://linux.com/security/newsitem.p...id=12&aid=3667
    http://apachetoday.com/news_story.ph...02-01-NW-LF-SW

    There are a few more but this will get you started

    Hope this helps

    Late

    P.S. this should really be in one of the server development forums
    body { background:#000000; color:#000000 }
    HEY, WHO TURNED OUT THE LIGHTS?!?
    Easy come easy go!!!
    CryingWolf


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •