Hi,
Can anyone give me a small suggestion.
How can I make a web directory secure?
say I have a site name http://johny.ensiigen.com who's root is /home/johny.ensiigen.com/public_html
there is a directory, say secure, in the public_html. i.e. any one can brows http://johny.ensiigen.com/secure/
What I want is, if anyone try to access to http://johny.ensiigen.com/secure/ he will redirected to somewhere else for log in purpose, for more precious example if anyone try to access http://johny.ensiigen.com/secure/new.jpg, that page will verify user from "database" (.htaccess is not an option) and decide to permit the access or not. I have seen such thing but failed to figure out how to do. Is there anything to do with apache server or cgi or php. Please let me know.
I will be greatfull :)
Best Regards,
Johny
Hey.
When you say ".htaccess is not an option", does that mean just he authentication or does that exclude mod_rewrite and directory permissions as well?
If you can't set a 403 status for the directory via .htaccess or Apache's main configuration file, then restricting access to the directory may prove impossible. Also, since mod_rewrite would also be excluded, redirecting 404 requests from that directory to a download script would also be out.
Ideally, you would either: - Put the files outside the web-root and use a PHP script that would handle whatever security restrictions are needed before it routes the file back to the user. Coupled with mod_rewrite, you could make this look as if the files were actually in the public location, but required login before being accessed.
- Keep the file in the public location, but use .htaccess to restrict access to them, using mod_rewrite to route the requests back to a PHP script, which would then handle the request in a similar manner to the script in method A.
But both these options require mod_rewrite and the ability to restrict access to the directory. (Either via a .htaccess file or via Apache's main configuration)
3 1194 Atli 5,058
Expert 4TB
Hey.
When you say ".htaccess is not an option", does that mean just he authentication or does that exclude mod_rewrite and directory permissions as well?
If you can't set a 403 status for the directory via .htaccess or Apache's main configuration file, then restricting access to the directory may prove impossible. Also, since mod_rewrite would also be excluded, redirecting 404 requests from that directory to a download script would also be out.
Ideally, you would either: - Put the files outside the web-root and use a PHP script that would handle whatever security restrictions are needed before it routes the file back to the user. Coupled with mod_rewrite, you could make this look as if the files were actually in the public location, but required login before being accessed.
- Keep the file in the public location, but use .htaccess to restrict access to them, using mod_rewrite to route the requests back to a PHP script, which would then handle the request in a similar manner to the script in method A.
But both these options require mod_rewrite and the ability to restrict access to the directory. (Either via a .htaccess file or via Apache's main configuration)
If you don't want to use .htaccess (which is a bit of an absurd request), you could place the files in an outside directory and use a PHP script to access them, as ~Atli as stated, but instead of having http://domain.tld/secure/new.jpg, you'd have http://domain.tld/secure.php?file=new.jpg as your link. Then, you could make secure.php be the only file that handles access to the "secure" files.
Hello everybody,
I appreciate your response. I will look on it.
about .htaccess:
Actually if I hadn't said .htaccess is not an option in the first place I would get lot more answer by this time :). I know that, I can do all in http.conf that I can do in .htaccess. :).
Best Regards,
Johny
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Michael Brennan-White |
last post by:
If I submit my for using a get action the resulting page loads . If I
use a post action I get an error page saying "The page cannot be
found". I am calling the originating page!!! This happens...
|
by: Nathan |
last post by:
Hi,
I seem to having a peculiar problem with the display of odd and even
pages in XSL-FO. Here is a small background of the problem.
My xsl stylesheet mentions my fo:layout-master-set as
...
|
by: James |
last post by:
I've been to websites where if I navigate off a form, trying to get back to
it by hitting the back button gives me a page which says "Warning, page has
expired". It doesn't display the page. I've...
|
by: Kevin Phifer |
last post by:
Ok, before anyone freaks out, I have a solution I need to
create that gathers content from maybe different places.
Each one can return a <form> in the html, so its the
classic can't have more than...
|
by: John Lau |
last post by:
Hi,
Is there documentation that talks about the page lifecycle, the lifecycle of
controls on the page, and the rendering of inline code, in a single
document?
Thanks,
John
|
by: MooreSmnith |
last post by:
When I navigate to the next page using
Response.Rediect("MyNextPage.aspx") current page Page_Load event is called.
What I may wrongly understood is that post back will happen whenever there
is any...
|
by: Lenard Gunda |
last post by:
Hi!
I have the following problem.
From my main page, when someone clicks a button, it uses client side
javascript to open another .aspx page. This page displays content, based on
what the...
|
by: Nathan |
last post by:
I have an aspx page with a data grid, some textboxes, and an update button.
This page also has one html input element with type=file (not inside the data
grid and runat=server).
The update...
|
by: Ed Jay |
last post by:
I want to use history.go() to navigate between my previously loaded pages.
I'm looking for a way to trigger a function call when a page is accessed
using history.go(). Is there an event generated?...
|
by: Mesut |
last post by:
I have written a form in with radio buttons the name is set to orderby and the value is set to KundeVorName and the next value is KundeNachName and it goes so on. I wanna modify my query according...
|
by: DolphinDB |
last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation.
Take...
|
by: DolphinDB |
last post by:
Tired of spending countless mintues downsampling your data? Look no further!
In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
|
by: ryjfgjl |
last post by:
ExcelToDatabase: batch import excel into database automatically...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: PapaRatzi |
last post by:
Hello,
I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
|
by: Defcon1945 |
last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
|
by: Shællîpôpï 09 |
last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
|
by: af34tf |
last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
| |