473,320 Members | 2,024 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Log in page

1,059 1GB
Hi,
Can anyone give me a small suggestion.

How can I make a web directory secure?

say I have a site name
http://johny.ensiigen.com who's root is
/home/johny.ensiigen.com/public_html

there is a directory, say secure, in the public_html. i.e. any one can brows
http://johny.ensiigen.com/secure/

What I want is, if anyone try to access to http://johny.ensiigen.com/secure/ he will redirected to somewhere else for log in purpose, for more precious example if anyone try to access http://johny.ensiigen.com/secure/new.jpg, that page will verify user from "database" (.htaccess is not an option) and decide to permit the access or not. I have seen such thing but failed to figure out how to do. Is there anything to do with apache server or cgi or php. Please let me know.

I will be greatfull :)

Best Regards,
Johny
Feb 22 '10 #1

✓ answered by Atli

Hey.

When you say ".htaccess is not an option", does that mean just he authentication or does that exclude mod_rewrite and directory permissions as well?

If you can't set a 403 status for the directory via .htaccess or Apache's main configuration file, then restricting access to the directory may prove impossible. Also, since mod_rewrite would also be excluded, redirecting 404 requests from that directory to a download script would also be out.

Ideally, you would either:
  1. Put the files outside the web-root and use a PHP script that would handle whatever security restrictions are needed before it routes the file back to the user. Coupled with mod_rewrite, you could make this look as if the files were actually in the public location, but required login before being accessed.
  2. Keep the file in the public location, but use .htaccess to restrict access to them, using mod_rewrite to route the requests back to a PHP script, which would then handle the request in a similar manner to the script in method A.
But both these options require mod_rewrite and the ability to restrict access to the directory. (Either via a .htaccess file or via Apache's main configuration)

3 1194
Atli
5,058 Expert 4TB
Hey.

When you say ".htaccess is not an option", does that mean just he authentication or does that exclude mod_rewrite and directory permissions as well?

If you can't set a 403 status for the directory via .htaccess or Apache's main configuration file, then restricting access to the directory may prove impossible. Also, since mod_rewrite would also be excluded, redirecting 404 requests from that directory to a download script would also be out.

Ideally, you would either:
  1. Put the files outside the web-root and use a PHP script that would handle whatever security restrictions are needed before it routes the file back to the user. Coupled with mod_rewrite, you could make this look as if the files were actually in the public location, but required login before being accessed.
  2. Keep the file in the public location, but use .htaccess to restrict access to them, using mod_rewrite to route the requests back to a PHP script, which would then handle the request in a similar manner to the script in method A.
But both these options require mod_rewrite and the ability to restrict access to the directory. (Either via a .htaccess file or via Apache's main configuration)
Feb 22 '10 #2
kovik
1,044 Expert 1GB
If you don't want to use .htaccess (which is a bit of an absurd request), you could place the files in an outside directory and use a PHP script to access them, as ~Atli as stated, but instead of having http://domain.tld/secure/new.jpg, you'd have http://domain.tld/secure.php?file=new.jpg as your link. Then, you could make secure.php be the only file that handles access to the "secure" files.
Feb 22 '10 #3
johny10151981
1,059 1GB
Hello everybody,
I appreciate your response. I will look on it.
about .htaccess:
Actually if I hadn't said .htaccess is not an option in the first place I would get lot more answer by this time :). I know that, I can do all in http.conf that I can do in .htaccess. :).

Best Regards,
Johny
Feb 22 '10 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

1
by: Michael Brennan-White | last post by:
If I submit my for using a get action the resulting page loads . If I use a post action I get an error page saying "The page cannot be found". I am calling the originating page!!! This happens...
0
by: Nathan | last post by:
Hi, I seem to having a peculiar problem with the display of odd and even pages in XSL-FO. Here is a small background of the problem. My xsl stylesheet mentions my fo:layout-master-set as ...
2
by: James | last post by:
I've been to websites where if I navigate off a form, trying to get back to it by hitting the back button gives me a page which says "Warning, page has expired". It doesn't display the page. I've...
4
by: Kevin Phifer | last post by:
Ok, before anyone freaks out, I have a solution I need to create that gathers content from maybe different places. Each one can return a <form> in the html, so its the classic can't have more than...
2
by: John Lau | last post by:
Hi, Is there documentation that talks about the page lifecycle, the lifecycle of controls on the page, and the rendering of inline code, in a single document? Thanks, John
6
by: MooreSmnith | last post by:
When I navigate to the next page using Response.Rediect("MyNextPage.aspx") current page Page_Load event is called. What I may wrongly understood is that post back will happen whenever there is any...
1
by: Lenard Gunda | last post by:
Hi! I have the following problem. From my main page, when someone clicks a button, it uses client side javascript to open another .aspx page. This page displays content, based on what the...
15
by: Nathan | last post by:
I have an aspx page with a data grid, some textboxes, and an update button. This page also has one html input element with type=file (not inside the data grid and runat=server). The update...
8
by: Ed Jay | last post by:
I want to use history.go() to navigate between my previously loaded pages. I'm looking for a way to trigger a function call when a page is accessed using history.go(). Is there an event generated?...
3
by: Mesut | last post by:
I have written a form in with radio buttons the name is set to orderby and the value is set to KundeVorName and the next value is KundeNachName and it goes so on. I wanna modify my query according...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.