16th Mar 2010
I have my site hosted on a hosting company's servers. I have a
directory in that site, let's call it www.mysite.com/safe/notsafe/
I'd like to restrict access to the "notsafe" directory. Ideally, I'd
like to only permit web access if the requesting browser comes from
one of a list of permissable domain names (namely, my work and my
home).
I know one can restrict an ENTIRE site's traffic by using .htaccess in
the root directory, but (a) I don't think I can use htaccess to
restrict certain directories (I may be wrong here).... (b) I'm never
quite sure if htaccess should reside in the root of my
publicly-accessible web root or its parent.... (c) I tried muddling
with htaccess and accidentally wiped out my FrontPage extensions.
Is there a way I can restrict access to one directory to only certain
accessing domains?Hi jhabley-ga,
Good day and thanks for your question.
To answer (a), you can use htaccess to restrict directories, even webpages.
First determine which IP addresses you wish to grant or deny access
to. IP address can be in either numberic format or by hostname.
Next create a file called .htaccess in the directory that you wish to
limit access to. This access restriction will affect all files and
subdirectories under this directory. In the file .htacess, add the
following lines:
order deny allow
deny from xxx.xxx.xxx.xxx
allow from xxx.xxx.xxx.xxx
If you want to block access to your pages from a particular IP, then
add the line deny from xxx.xxx.xxx.xxx, replacing xxx.xxx.xxx.xxx with
the actual IP address. If you want to grant access to a certain IP
address then you would add the line allow from xxx.xxx.xxx.xxx,
replacing xxx.xxx.xxx.xx with the actual IP address for each IP
address. Order is important here! All lines starting with DENY must
come before any line starting with ALLOW.
It is possible to use "wildcards" when specify IP addresses. For
example, .edu will match any machine whose hostname ends with .edu.
While 128.8. will match any machine whose IP address starts with 128.8
I hope this answered your question. If you have any clarifications,
please don't hesitate to ask.
Thank you for using this service and have a nice day
Regards,
aditya2k.Thanks - a question... is it possible for me to wildcard it so that it
denies everyone except two or three specific domain names?
For instance, would this work?
limit get post>
order deny allow
deny from *
allow from permitted_domain.com
Incidentally, I'm getting this error when I upload a .htaccess file
(using wsftp to upload in ASCII mode):
"Premature end of script headers:"
This will usually follow any error messages sent out by a program. By
default, all error messages (messages which are sent to stderr) go to
the error log file.
This indicates that the program failed to return a valid
"Content-type" string to the server. This is usually because the
program is a script which failed to compile or because of the fact
that stdout is buffered by deafult. If this is a Perl script, try
adding "$ = 1;" to the top of the program.
"Illegal character �15 (carriage return)"
This indicates that the CGI program is a Perl script which was
incorrectly uploaded to the server with "BINARY" transfer mode, after
being developed and/or edited on a non-UNIX machine (any platform
which uses more than just one character to indicate an end-of-line
state). To fix this problem, resend the script to the server after
setting your FTP client to use "ASCII" transfer mode. In this mode,
the server will translate the file such that it contains just the one
character, making it valid on UNIX machines.
P.S. I did indeed include an open < in the code -- the example I gave above...For your first clarification,
You don't have to specify the deny from *
The moment you specify 'allow from', it allows access only to those domains
To deny all IPs, the syntax would be "deny from all"
As far as your second clarification is concerned, try recreating the
file using notepad, and don't use the Tab key. Also, make sure there
are no lines at the beginning or end of the file.
I also hope you're uploading a 'full' htaccess file which includes the
parts before Thanks -- So, let me see if I have it right.
1. If I only use an "allow from permitted.com" between the
tags, ONLY that domain can access it? I don't need to use a DENY FROM
to keep all others out, and should omit that line entirely?
2. Does it block only HTTP access, or ALL access (i.e. FTP, FrontPage).
> I also hope you're uploading a 'full' htaccess file which includes the
> parts before
Hmmmm... nope, just what you put. What should the other items in that file be?Helloooo?... ;)Sorry for taking time...my ISP had some connectivity issues, and I was
cut off from the net for most part of the day.
For security, you should not upload the htpasswd file to a directory
that is web accessible (yoursite.com/.htpasswd), it should be placed
above your www root directory. You'll be specifying the location to it
later on, so be sure you know where you put it. Also, this file, as
with htaccess, should be uploaded as ASCII and not BINARY.
Create a new htaccess file and place the following code in it:
AuthUserFile /usr/local/you/safedir/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user wsabstract
The first line is the full server path to your htpasswd file. If you
have installed scripts on your server, you should be familiar with
this. Please note that this is not a URL, this is a server path. Also
note that if you place this htaccess file in your root directory, it
will password protect your entire site, which probably isn't your
exact goal.
The second to last line require user is where you enter the username
of those who you want to have access to that portion of your site.
Note that using this will allow only that specific user to be able to
access that directory. This applies if you had an htpasswd file that
had multiple users setup in it and you wanted each one to have access
to an individual directory. If you wanted the entire list of users to
have access to that directory, you would replace Require user xxx with
require valid-user.
The AuthName is the name of the area you want to access. It could
anything, such as "EnterPassword". You can change the name of this
'realm' to whatever you want, within reason.
After those lines, you should place the onwards lines.
For great resources on .htpasswd, visit
http://httpd.apache.org/docs/howto/htaccess.html
http://www.javascriptkit.com/howto/htaccess.shtml
http://apache-server.com/tutorials/ATusing-htaccess.html
Cheers,
aditya2kHi - thanks for the additional info. The problem is, as I mentioned
I'm on a hosted server. In other words, I only have access to the root
of my shared directory which contains a few system-related files and a
big HTML directory which is public.
What I'm after is the text I would need to put in a .htaccess file
which I would drop into the directory I need to restrict.Also, your posting seemed to talk about htpasswd and forcing passwords
on people. That's not what I'm after. I'm trying to block all access
from specific domains to a specific directory. In other words, I only
want people coming from 123.com and 456.com to have access to pages in
the www.mysite.com/secretdirectory/
When I upload this htaccess file (ASCII mode):
order deny allow
deny from all
allow from 123.com
allow from 456.com
...I get the CGI error I posted earlier.OK...here is what the file should be :
order allow,deny
allow from .123.com .456.com
If this returns the same CGI error, then I need to know
(a) What your webhost's server is running (which OS)
(b) Browser you used when you got that error. Try using different
browsers. Sometimes, that error crops up on Mozilla.#If you have any other info about this subject , Please add it free.# |
|
Posted by smith under toyotataa.com |
