SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Member
    Join Date
    May 2002
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Protecting a directory

    Hello all,

    Not sure if this is the right forum or not to ask this, but couldn't see another one.

    This is is what I wanna do:

    I want to make it so that no one can access my http://www.foo.com/images/ directory just like that and see all my images. I want to protect the directory. I tried the .htaccess thing, but when I put <img src="images/foobar.gif"> in a page, it asks me for a password.

    I know this must be pretty simple cuz I've seen it all over the net, but can't think of how!

    Thanks to all in advance!

    --Rockit

  2. #2
    SitePoint Guru
    Join Date
    Dec 2000
    Location
    Karachi, Pakistan
    Posts
    913
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    It seems that you don't want people to browse your images directory? So, basically there are two ways of achieving this. First if creating a blank index.html page. The second way is a bit technical though not difficult.

    Create a .htaccess file with the following content:

    Options -Indexes
    And place the .htaccess in your main directory where all your html/php files reside. Doing so would give the people trying to snoop through your image directory a 403 Forbidden Access error.


    Let me know if I can be of any further help!


    Salam,
    -Omair
    36Host.com - $36/year web hosting [affiliates earn 30%]
    * Affordable Small Business Web Hosting since 2003! *
    "500mb space, 10gb bandwith, 50 pop/ftp accounts, php,
    mysql, pre-installed php scripts, 24/7 support & more...."



  3. #3
    SitePoint Member
    Join Date
    May 2002
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs up THANKS!!!

    Hey Omair ... salaam!

    Thanks a bunch for the help man ... tried both, and both work like charms. Sticking with the .htaccess solution since its implemented everytime I need a new directory.

    W'salam,
    --Omar (rockit)

  4. #4
    SitePoint Guru
    Join Date
    Dec 2000
    Location
    Karachi, Pakistan
    Posts
    913
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey,

    What's your name? Omar?? Muslim??


    Salam,
    -Omair
    36Host.com - $36/year web hosting [affiliates earn 30%]
    * Affordable Small Business Web Hosting since 2003! *
    "500mb space, 10gb bandwith, 50 pop/ftp accounts, php,
    mysql, pre-installed php scripts, 24/7 support & more...."



  5. #5
    SitePoint Wizard
    Join Date
    Apr 2002
    Posts
    2,292
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    hiyer

    could you tell me what a ".htaccess file" is please? i've never come accross that. what is it, who does it work?

    thanks

  6. #6
    SitePoint Member
    Join Date
    May 2002
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Hey

    Hey johnyboy,

    A .htaccess file basically allows you to set access rights to your directories and files. You can password protect files, directories and the like. You can have a .htaccess in every directory, and since its a hidden file, if you're using UNIX, you need to issue the 'ls -al' command to view it.

    Here is a small tutorial on it:

    Tutorial

    Hope that helps,

    Later

  7. #7
    SitePoint Zealot yuri's Avatar
    Join Date
    Oct 2001
    Location
    Just Round The Corner!
    Posts
    166
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    access to folder

    hi, it is possible to pasword protect th folde by using

    .htpasswd

    this will allow you to create a username and a password that will allow you to gain access to the folder if you need it. i dont know what form the file take on, all i know is that it works.

    BTW this is only for *nix systems not windows

    chris
    Last edited by yuri; Jun 28, 2002 at 08:06.

  8. #8
    SitePoint Addict w3exit's Avatar
    Join Date
    Jun 2002
    Posts
    331
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    cool solution!

  9. #9
    SitePoint Zealot yuri's Avatar
    Join Date
    Oct 2001
    Location
    Just Round The Corner!
    Posts
    166
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    right here is the specs you will need for a .htpasswd file:

    The first thing you will need to do is create a file called .htpasswd. I know, you might have problems with the naming convention, but it is the same idea behind naming the htaccess file itself, and you should be able to do that by this point. In the htpasswd file, you place the username and password (which is encrypted) for those whom you want to have access.

    For example, a username and password of wsabstract (and I do not recommend having the username being the same as the password), the htpasswd file would look like this:

    wsabstract:y4E7Ep8e7EYV

    Notice that it is UserName first, followed by the Password. There is a cool tool available for you to easily encrypt the password into the proper encoding for use in the httpasswd file.

    For security, you should not upload the htpasswd file to a directory that is web accessible (yoursite.com/.htpasswd), it should be placed above your www root directory. You'll be specifying the location to it later on, so be sure you know where you put it. Also, this file, as with htaccess, should be uploaded in ASCII and not BINARY.

    Create a new htaccess file and place the following code in it:

    AuthUserFile /usr/local/you/safedir/.htpasswd
    AuthGroupFile /dev/null
    AuthName EnterPassword
    AuthType Basic

    require user wsabstract
    The first line is the full server path to your htpasswd file. If you have installed scripts on your server, you should be familiar with this. Please note that this is not a URL, this is a server path. Also note that if you place this htaccess file in your root directory, it will password protect your entire site, which probably isn't your exact goal.

    The second to last line require user is where you enter the username of those who you want to have access to that portion of your site. Note that using this will allow only that specific user to be able to access that directory. This applies if you had an htpasswd file that had multiple users setup in it and you wanted each one to have access to an individual directory. If you wanted the entire list of users to have access to that directory, you would replace Require user xxx with require valid-user.

    The AuthName is the name of the area you want to access. It could anything, such as "EnterPassword". You can change the name of this 'realm' to whatever you want, within reason.

    that should do it.

    chris


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •