473,406 Members | 2,698 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > html / css > questions > preventing direct access to web content

Join Bytes to post your question to a community of 473,406 software developers and data experts.

Preventing direct access to web content

CJM
I have a intranet-based system running IIS5/6. We have a secure logon
feature whereby certain users can access restricted content. While most of
this is ASP pages, and thus we can control that, some of the content is
served directly as a PDF or plain html (automatically generated from
MSOffice!).

If a user discovers the location of this content, he access it directly
through the browser (bypassing the menus), which rather makes a mockery of
this concept of secure content!

I have seen one or two commercial ISAPI filters that can be used to prevent
this access, but I dont want to spend where I dont have to, especially when
I'm not entirely sure how they work.

Does anybody know of any other means by which I can achieve this? Free
utils/filters perhaps or maybe abother method I am not aware of?

As an aside, I've heard a few mumblings about .htaccess files, but the
information I have found so far involved password protecting directories on
Apache servers... Does anybody know where I can find more about using
..htaccess file. [I think I am going to need them for an IndexServer project
coming up]

Thanks.

Chris
Jul 20 '05 #1
3 2888
CJM wrote:

As an aside, I've heard a few mumblings about .htaccess files, but the
information I have found so far involved password protecting directories on
Apache servers... Does anybody know where I can find more about using
.htaccess file. [I think I am going to need them for an IndexServer project
coming up]


Do a Google web search on .htaccess
--
Brian
follow the directions in my address to email me

Jul 20 '05 #2
"Brian" <us*****@mangymutt.com.invalid-remove-this-part> wrote in message
news:16v1b.174609$Oz4.45532@rwcrnsc54...
CJM wrote:

As an aside, I've heard a few mumblings about .htaccess files, but the
information I have found so far involved password protecting directories on Apache servers... Does anybody know where I can find more about using
.htaccess file. [I think I am going to need them for an IndexServer project coming up]


Do a Google web search on .htaccess


If you are running Apache and want to protect directories then you will need
to use password creation utility (htpasswd) also you will need to place a
..htaccess file in the root of the directory to be protected. See details at:

http://httpd.apache.org/docs-2.0/how...ttingitworking
(remember if you want to add other users, miss out the "-c" or you will
over-write any existing password files).

On the other hand if all you want to do is to find out more about what you
can use .htaccess files for (other than password protecting directories), or
how to use them...then see:
http://httpd.apache.org/docs-2.0/howto/htaccess.html

What you can / can not use .htaccess files for is determined to some extent
by the modules that are built into your version of Apache at build time.
For a list of modules see:
http://httpd.apache.org/docs-2.0/mod/
--
Keith

Jul 20 '05 #3
CJM
Thanks Andy.

In the longer term, an Windows Integrated Logon/Active Directory solution
will be appropriate, but unfortunately for the next 9-12months that wont be
possible (long story)

I see what you mean about using a separate apache server, but I think it is
a bit too complex/fiddly, plus it would be on a windows box, which doesnt
bode well!

I think it's going to be a case of waiting for AD or using a £200 ISAPI
filter.

Cheers

Chris

"Andy Dingley" <di*****@codesmiths.com> wrote in message
news:1t********************************@4ax.com...
On Fri, 22 Aug 2003 15:15:14 +0100, "CJM" <cj*****@m.co.uk> wrote:
Does anybody know of any other means by which I can achieve this?


Set up an Apache server (maybe another port on the same machine, but
ideally on a Unix box) and use .htaccess to control access.

ISAPI filter.

Windows integrated logons. Put the approved people in a group, let the
group's rights control access to the content, let Windows integrate
the lot for you, right across the network and down to the user's
desktop. You need a very long spoon for this, because you're supping
right from Bill Gates' 3rd tit, but it can be made to work. Of
course, if you're not an intranet in an all-M$oft shop, then you're
stuffed and you're back to #1 or #2.

Jul 20 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
preventing external access to directory
by: J C-W | last post by:
I have a directory with files (of various formats) contained within a website which uses PHP to control user access via session variables. I would like to protect the directory from direct external...
PHP
5
How to preventing the no-frame JS ?
by: Eli | last post by:
Hi, I'm using an IFRAME which in there I can load any site. But there are some sites that check if they're in a frame and reload the whole window. This disrupt my whole page. Some questions:...
Javascript
4
Preventing users from seeing raw data
by: Trevor Williams | last post by:
I have a split database which has some rudimentary security in place which prevents unauthorised users from double-clicking the data file and seeing anything worthwhile. If they do this a popup...
Microsoft Access / VBA
0
reading large text fields (ODBC direct connection to Oracle) in Access 97 vba
by: Thomas Zimmermann | last post by:
Hi I have an Accesss 97 database that imports data from an Oracle database. Some of the text fileds in the oreacle database have a fileds size larger than 255 characters. If I just link the...
Microsoft Access / VBA
2
preventing duplicate row insertion from asp.net app
by: aboesteanu | last post by:
Data is stored in SQL Server 2000. One table is Person another Item. Each row in the Person table may have associated with it several rows in the Item table. The Item table has a field called...
ASP.NET
1
Preventing direct linking picture and video files ?
by: Petri | last post by:
Dear newsreaders, Access to aspx-pages can be prevented for example checking authentication cookie on page_onload part of code. But is there any way to prevent direct access to indivual files...
ASP.NET
2
preventing direct access to database
by: bill | last post by:
I am using vb.net and SQL Server 2000. Hopefully i will soon be using VB.net 2005. I would like to prevent users from having direct access to a SQL Server database, and require them to access...
Visual Basic .NET
1
Need help preventing spammers in guestbooks
by: capb | last post by:
Hello, This is my first post, and any help would be greatly appreciated. I create online memorials which contain guestbooks which have been the subject of computer generated spam. I have been able...
PHP
15
Preventing Browser-caching between Frames
by: bvdb | last post by:
Hello, my web-application uses two frames, one with a list of database records, one with a record detail view. From the detail view there is "mark" function that will mark the respective record in...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!