By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,716 Members | 1,306 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,716 IT Pros & Developers. It's quick & easy.

URL and .htaccess

P: n/a
I've protected a directory with an .htaccess file.

I'd like some of the files in this directory to be accessible by a scheduler
that runs an "URL". The problem is that the scheduler runs scripts in this
directory, so the server asks a username and password. How to avoid this ???
Should I set the .htaccess file to allow GET, but how ??? and what would be
the URL ???

directory tree:

admin
.htaccess
admin.htm //frame
adminmnu.htm //menu in frame
script1.php
script2.php
script3.php
I'd like to run the script from home with a scheduler like:
http://www.mysite.com/admin/script2....password=pass;
username and password being the ones asked in the .htaccess file.

How to do so ?

Bob
Jul 17 '05 #1
Share this Question
Share on Google+
13 Replies


P: n/a
Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote:
I've protected a directory with an .htaccess file.

I'd like some of the files in this directory to be accessible by a scheduler
that runs an "URL". The problem is that the scheduler runs scripts in this
directory, so the server asks a username and password. How to avoid this ???
Should I set the .htaccess file to allow GET, but how ??? and what would be
the URL ???

directory tree:

admin
.htaccess
admin.htm //frame
adminmnu.htm //menu in frame
script1.php
script2.php
script3.php
I'd like to run the script from home with a scheduler like:
http://www.mysite.com/admin/script2....password=pass;
username and password being the ones asked in the .htaccess file.

How to do so ?

Bob


Theoretically:
http://htuser:ht****@www.mysite.com/...&password=pass

Might work - or not... depends on the browser.
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle
Jul 17 '05 #2

P: n/a
*** Bob Bedford wrote/escribió (Fri, 24 Sep 2004 17:32:51 +0200):
I've protected a directory with an .htaccess file. I'd like to run the script from home with a scheduler like:
http://www.mysite.com/admin/script2....password=pass;
username and password being the ones asked in the .htaccess file.


You can't pass auth data this way if you are using Apache mod_auth; the
data must go in the request headers. I can think of two options:

* Use another auth system to protect the site
* Change your scheduled script so it can provide HTTP auth data

I normally use the latter option but of course it depends on what your
script looks like.

--
-- Álvaro G. Vicario - Burgos, Spain
-- Thank you for not e-mailing me your questions
--
Jul 17 '05 #3

P: n/a
> Theoretically:
http://htuser:ht****@www.mysite.com/...&password=pass
Might work - or not... depends on the browser.


Already tried, seems not to work with IE6.... thanks anyway

Cheers
Jul 17 '05 #4

P: n/a
Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote:
Theoretically:

http://htuser:ht****@www.mysite.com/...&password=pass

Might work - or not... depends on the browser.


Already tried, seems not to work with IE6.... thanks anyway

Cheers


Yep. Exactly _there_ MS killed the support for this syntax "for security
reasons"...
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle
Jul 17 '05 #5

P: n/a
.oO(Simon Stienen)
Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote:
Theoretically:

http://htuser:ht****@www.mysite.com/...&password=pass

Might work - or not... depends on the browser.


Already tried, seems not to work with IE6.... thanks anyway

Cheers


Yep. Exactly _there_ MS killed the support for this syntax "for security
reasons"...


The explanation might be questionable, but after all the decision was
correct. Username and password are not allowed in HTTP URLs by RFC 1783:

| An HTTP URL takes the form:
|
| http://<host>:<port>/<path>?<searchpart>
|
| where <host> and <port> are as described in Section 3.1. If :<port>
| is omitted, the port defaults to 80. No user name or password is
| allowed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^
| ^^^^^^^^

<http://www.freesoft.org/CIE/RFC/1738/14.htm>

It is allowed for other schemes like FTP.

Micha
Jul 17 '05 #6

P: n/a
.oO(Simon Stienen)
Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote:
Theoretically:

http://htuser:ht****@www.mysite.com/...&password=pass

Might work - or not... depends on the browser.


Already tried, seems not to work with IE6.... thanks anyway

Cheers


Yep. Exactly _there_ MS killed the support for this syntax "for security
reasons"...


The explanation might be questionable, but after all the decision was
correct. Username and password are not allowed in HTTP URLs by RFC 1738:

| An HTTP URL takes the form:
|
| http://<host>:<port>/<path>?<searchpart>
|
| where <host> and <port> are as described in Section 3.1. If :<port>
| is omitted, the port defaults to 80. No user name or password is
| allowed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^
| ^^^^^^^^

<http://www.freesoft.org/CIE/RFC/1738/14.htm>

It is allowed for other schemes like FTP.

Micha
Jul 17 '05 #7

P: n/a
Michael Fesser <ne*****@gmx.net> wrote:
.oO(Simon Stienen)
Bob Bedford <be******@YouKnowWhatToDoHerehotmail.com> wrote:
Theoretically:

http://htuser:ht****@www.mysite.com/...&password=pass

Might work - or not... depends on the browser.

Already tried, seems not to work with IE6.... thanks anyway

Cheers


Yep. Exactly _there_ MS killed the support for this syntax "for security
reasons"...


The explanation might be questionable, but after all the decision was
correct. Username and password are not allowed in HTTP URLs by RFC 1738:

| An HTTP URL takes the form:
|
| http://<host>:<port>/<path>?<searchpart>
|
| where <host> and <port> are as described in Section 3.1. If :<port>
| is omitted, the port defaults to 80. No user name or password is
| allowed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^
| ^^^^^^^^

<http://www.freesoft.org/CIE/RFC/1738/14.htm>

It is allowed for other schemes like FTP.

Micha


Ok, but this RFC is dated 1994, I guess it will be updated soon, since
afaik http://user:pass@host/ is inplemented in every important browser and
webspace providers advertise with the so-called "@-domains".
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle
Jul 17 '05 #8

P: n/a
On Fri, 24 Sep 2004 23:29:39 +0200, Simon Stienen
<si***********@news.slashlife.de> wrote:
Ok, but this RFC is dated 1994, I guess it will be updated soon,


No, not likely.

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Jul 17 '05 #9

P: n/a
"Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message
news:41***********************@news.sunrise.ch...
I've protected a directory with an .htaccess file.

I'd like some of the files in this directory to be accessible by a scheduler that runs an "URL". The problem is that the scheduler runs scripts in this
directory, so the server asks a username and password. How to avoid this ??? Should I set the .htaccess file to allow GET, but how ??? and what would be the URL ???


What exactly is this scheduler?
Jul 17 '05 #10

P: n/a
Chung Leong <ch***********@hotmail.com> wrote:
"Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message
news:41***********************@news.sunrise.ch...
I've protected a directory with an .htaccess file.

I'd like some of the files in this directory to be accessible by a

scheduler
that runs an "URL". The problem is that the scheduler runs scripts in this
directory, so the server asks a username and password. How to avoid this

???
Should I set the .htaccess file to allow GET, but how ??? and what would

be
the URL ???


What exactly is this scheduler?


The MS Windows "equivalent" for cron-jobs, but I don't know, how far the
functionality can compete with crons...
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle
Jul 17 '05 #11

P: n/a
Simon Stienen wrote:
Ok, but this RFC is dated 1994,
RFC1738 has been updated by, amongst others, RFC2396 (1998),
the current spec of generic URI syntax. It'd be out of
place to define particular schemes there, but it does warn
against 'the passing of authentication information in clear
text' (sec. 3.2.2).
I guess it will be updated soon,
Don't guess about an RFC's status; search the index.

http://www.rfc-editor.org/rfcsearch.html
since afaik http://user:pass@host/ is inplemented in every important
browser and webspace providers advertise with the so-called "@-domains".


The ABNF in RFC2616, the authoritative reference for HTTP
URI syntax, doesn't allow usernames or passwords (also sec.
3.2.2).

--
Jock
Jul 17 '05 #12

P: n/a
"Simon Stienen" <si***********@news.slashlife.de> wrote in message
news:24**************@news.dangerouscat.net...
Chung Leong <ch***********@hotmail.com> wrote:
"Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message
news:41***********************@news.sunrise.ch...
I've protected a directory with an .htaccess file.

I'd like some of the files in this directory to be accessible by a

scheduler
that runs an "URL". The problem is that the scheduler runs scripts in this directory, so the server asks a username and password. How to avoid
this ???
Should I set the .htaccess file to allow GET, but how ??? and what
would be
the URL ???


What exactly is this scheduler?


The MS Windows "equivalent" for cron-jobs, but I don't know, how far the
functionality can compete with crons...


Schedule wget or Netscape instead of IE and use the
http://user:password@server/ syntax.
Jul 17 '05 #13

P: n/a
Chung Leong <ch***********@hotmail.com> wrote:
"Simon Stienen" <si***********@news.slashlife.de> wrote in message
news:24**************@news.dangerouscat.net...
Chung Leong <ch***********@hotmail.com> wrote:
"Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message
news:41***********************@news.sunrise.ch...
I've protected a directory with an .htaccess file.

I'd like some of the files in this directory to be accessible by a
scheduler
that runs an "URL". The problem is that the scheduler runs scripts in this directory, so the server asks a username and password. How to avoid this ???
Should I set the .htaccess file to allow GET, but how ??? and what would be
the URL ???
What exactly is this scheduler?


The MS Windows "equivalent" for cron-jobs, but I don't know, how far the
functionality can compete with crons...


Schedule wget or Netscape instead of IE and use the
http://user:password@server/ syntax.


_I_ do have an unix server and therefore cron jobs :)
Anyway, the OP doesn't.

Instead of wget or Netscape, he could also call the PHP CLI to generate the
requests...
The one of PEAR should be just fine (never worked with PEAR :S) or any self
written... My own function for this is up at
<http://trashbin.dangerouscat.net/div/webcontent.php.txt>
(Hey, I wrote it for me, so it doesn't need any comments ;P)
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle
Jul 17 '05 #14

This discussion thread is closed

Replies have been disabled for this discussion.