User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » .htaccess help Page [1]  
bous
All American
11215 Posts
user info
edit post

i've searched google all over and can't really figure this out, sorry.

i am trying to block all files with the extension .abc from being used without a valid user

how can i do this?

(dont want to do it by ip, only by require user BLAH)

7/28/2006 12:16:25 AM

esgargs
Suspended
97470 Posts
user info
edit post

valid user is something you'd have to use CGI for

7/28/2006 12:19:33 AM

bous
All American
11215 Posts
user info
edit post

there has to be a way to do this

can i treat the .abc as an htm file which will make valid user kick in?

[Edited on July 28, 2006 at 12:32 AM. Reason : ]

7/28/2006 12:23:51 AM

esgargs
Suspended
97470 Posts
user info
edit post

files on the webserver belong to the webserver. There's no user funda.

7/28/2006 12:40:42 AM

bous
All American
11215 Posts
user info
edit post

listen

php files in the directory with .htaccess have to have a password to view

but other files (like text files) can be viewed out in the open

how can i make a text file act like a php file so i have to put in a password to view it?

7/28/2006 12:55:51 AM

Wolfrules
All American
1880 Posts
user info
edit post

structure for denying files instead of directories:

AuthName "Realm Name"
AuthType Basic
AuthUserFile /.htpasswd
Allow From All
<Files *.abc>
Require valid-user
</Files>

7/28/2006 2:11:24 AM

esgargs
Suspended
97470 Posts
user info
edit post

oops I so fucking misread the thread it ain't funny.

7/28/2006 2:16:53 AM

bous
All American
11215 Posts
user info
edit post

what about multiple file extensions? just add more <Files> areas? or put it all into one Files section somehow?


And how can I make .abc files DOWNLOAD in a browser instead of the browser wanting to display them as text?

[Edited on July 31, 2006 at 10:29 AM. Reason : ]

7/31/2006 10:26:25 AM

quagmire02
All American
44225 Posts
user info
edit post

http://www.javascriptkit.com/howto/htaccess.shtml

7/31/2006 10:45:28 AM

bous
All American
11215 Posts
user info
edit post

STILL NO LUCK!

i have found NO WAY to block .txt files from being displayed in the browser using htaccess


i'll pay someone $5 paypal from checking who knows what to do and it fixes it


host is godaddy, so that's the problem i assume...

8/2/2006 2:10:34 PM

1CYPHER
Suspended
1513 Posts
user info
edit post

Let users read em, but have them encrypted first so they are looking at garbage.

8/2/2006 2:15:00 PM

bous
All American
11215 Posts
user info
edit post

scripts use data in those files so can't be encrypted

and godaddy doesn't allow you to have files in a private html folder, only one public html folder

8/2/2006 2:19:40 PM

Wolfrules
All American
1880 Posts
user info
edit post

chmod the files to 644.. it'll allow it to be read by the server but not by the browser.

you may have to mess around with the numbers if the scripts need to write/execute the data files. But as long as the scripts and the txt files are owned by the same user.. 644 should work just fine.

[Edited on August 2, 2006 at 7:23 PM. Reason : ]

8/2/2006 7:17:56 PM

YOMAMA
Suspended
6218 Posts
user info
edit post

how are the files listed?

Index?

So would this work?

IndexIgnore *.txt

8/2/2006 9:45:23 PM

OmarBadu
zidik
25071 Posts
user info
edit post

just because it's ignored by the index doesn't mean the file is inaccessible

8/2/2006 9:51:16 PM

bous
All American
11215 Posts
user info
edit post

Quote :
"chmod the files to 644.. it'll allow it to be read by the server but not by the browser."


tried 600, didn't work, browser still could access.

needs to be 100% inaccessible, not just by index


i think it's godaddy and that they suck ass with the way they configured their shared hosting server?

8/2/2006 10:41:46 PM

SilentIsrael
All American
1764 Posts
user info
edit post

Have you considered storing the data in a location that can't be accessed by any web user - (i.e. a mySQL database)? Changing the .htaccess files on servers run by GoDaddy, Yahoo or any other major hosting provider can get tricky. The servers are often shared so they don't always grant you the ability to manipulate things as much as you like. You can't even use .htaccess files on Yahoo sites. Some suggestions:

Put the data in a PHP file and use another PHP file to include it. PHP scripting is not including in the source code when the page lands on the browser, so random users aren't likely to see it. This is assuming that your script is a PHP file that is reading data from a .txt file. Give me a little more information on what you're trying to do exactly.

8/2/2006 11:34:44 PM

Wolfrules
All American
1880 Posts
user info
edit post

maybe this will work.. I found some different syntax in apache help files..

<Files ~ "\.txt$">
Deny from all
</Files>

8/3/2006 12:34:54 AM

dakota_man
All American
26584 Posts
user info
edit post

As long as there's a thread about it....

I did a DreamHost "one click install" of WebCalendar (http://www.k5n.us/webcalendar.php). I want to use HTTP (.htaccess) authentication with it, but it defaults to cookie authentication (if that's what it's really called). The internet tells me PHP must be built as an Apache module. I have no idea what that means. Suggestions?

[Edited on August 3, 2006 at 8:23 AM. Reason : link]

8/3/2006 8:23:24 AM

SilentIsrael
All American
1764 Posts
user info
edit post

^ It means that your Apache conf file has to have the PHP module in it. By default Apache does not have that module built in. When PHP is installed, you have to insert two or three lines of code into your Apache conf file to get Apache to pick up PHP. Most hosting providers have this enabled by default. If your hosting provider does not, you might want to look for another one.

^^ I still recommend finding away around having to mess with the .htaccess file. If you're running your own webserver - you have full control, but the results can be tricky with other providers. PM or IM me (newparadox03) and I'll show you how to perform some PHP tricks to store your data in a .php file as an array or keep it locked away safely in a mySQL database.

8/3/2006 9:31:08 AM

bous
All American
11215 Posts
user info
edit post

Quote :
"<Files ~ "\.txt$">
Deny from all
</Files>"


godaddy sucks, didn't work

8/3/2006 5:07:27 PM

jackleg
All American
170957 Posts
user info
edit post

did you use the full path? and not just /

godaddy has issues but its better than those damn TWW hosting companies. hahaah

8/3/2006 5:21:14 PM

bous
All American
11215 Posts
user info
edit post

it wasn't working because Java was installed and that was taking precedence or something.



any idea how to make .asp files really act as .php files to spoof teh haxers?

8/14/2006 11:03:06 AM

 Message Boards » Tech Talk » .htaccess help Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.