i've searched google all over and can't really figure this out, sorry.

i am trying to block all files with the extension .abc from being used without a valid user

how can i do this?

(dont want to do it by ip, only by require user BLAH)

7/28/2006 12:16:25 AM

valid user is something you'd have to use CGI for

7/28/2006 12:19:33 AM

there has to be a way to do this

can i treat the .abc as an htm file which will make valid user kick in?

[Edited on July 28, 2006 at 12:32 AM. Reason : ]

7/28/2006 12:23:51 AM

files on the webserver belong to the webserver. There's no user funda.

7/28/2006 12:40:42 AM

listen

php files in the directory with .htaccess have to have a password to view

but other files (like text files) can be viewed out in the open

how can i make a text file act like a php file so i have to put in a password to view it?

7/28/2006 12:55:51 AM

structure for denying files instead of directories:

AuthName "Realm Name"
AuthType Basic
AuthUserFile /.htpasswd
Allow From All
<Files *.abc>
Require valid-user
</Files>

7/28/2006 2:11:24 AM

oops I so fucking misread the thread it ain't funny.

7/28/2006 2:16:53 AM

what about multiple file extensions? just add more <Files> areas? or put it all into one Files section somehow?


And how can I make .abc files DOWNLOAD in a browser instead of the browser wanting to display them as text?

[Edited on July 31, 2006 at 10:29 AM. Reason : ]

7/31/2006 10:26:25 AM

http://www.javascriptkit.com/howto/htaccess.shtml

7/31/2006 10:45:28 AM

STILL NO LUCK!

i have found NO WAY to block .txt files from being displayed in the browser using htaccess


i'll pay someone $5 paypal from checking who knows what to do and it fixes it


host is godaddy, so that's the problem i assume...

8/2/2006 2:10:34 PM

Let users read em, but have them encrypted first so they are looking at garbage.

8/2/2006 2:15:00 PM

scripts use data in those files so can't be encrypted

and godaddy doesn't allow you to have files in a private html folder, only one public html folder

8/2/2006 2:19:40 PM

chmod the files to 644.. it'll allow it to be read by the server but not by the browser.

you may have to mess around with the numbers if the scripts need to write/execute the data files. But as long as the scripts and the txt files are owned by the same user.. 644 should work just fine.

[Edited on August 2, 2006 at 7:23 PM. Reason : ]

8/2/2006 7:17:56 PM

how are the files listed?

Index?

So would this work?

IndexIgnore *.txt

8/2/2006 9:45:23 PM

just because it's ignored by the index doesn't mean the file is inaccessible

8/2/2006 9:51:16 PM

Quote :

"chmod the files to 644.. it'll allow it to be read by the server but not by the browser."

tried 600, didn't work, browser still could access.

needs to be 100% inaccessible, not just by index


i think it's godaddy and that they suck ass with the way they configured their shared hosting server?

8/2/2006 10:41:46 PM

Have you considered storing the data in a location that can't be accessed by any web user - (i.e. a mySQL database)? Changing the .htaccess files on servers run by GoDaddy, Yahoo or any other major hosting provider can get tricky. The servers are often shared so they don't always grant you the ability to manipulate things as much as you like. You can't even use .htaccess files on Yahoo sites. Some suggestions:

Put the data in a PHP file and use another PHP file to include it. PHP scripting is not including in the source code when the page lands on the browser, so random users aren't likely to see it. This is assuming that your script is a PHP file that is reading data from a .txt file. Give me a little more information on what you're trying to do exactly.

8/2/2006 11:34:44 PM

maybe this will work.. I found some different syntax in apache help files..

<Files ~ "\.txt$">
Deny from all
</Files>

8/3/2006 12:34:54 AM

As long as there's a thread about it....

I did a DreamHost "one click install" of WebCalendar (http://www.k5n.us/webcalendar.php). I want to use HTTP (.htaccess) authentication with it, but it defaults to cookie authentication (if that's what it's really called). The internet tells me PHP must be built as an Apache module. I have no idea what that means. Suggestions?

[Edited on August 3, 2006 at 8:23 AM. Reason : link]

8/3/2006 8:23:24 AM

^ It means that your Apache conf file has to have the PHP module in it. By default Apache does not have that module built in. When PHP is installed, you have to insert two or three lines of code into your Apache conf file to get Apache to pick up PHP. Most hosting providers have this enabled by default. If your hosting provider does not, you might want to look for another one.

^^ I still recommend finding away around having to mess with the .htaccess file. If you're running your own webserver - you have full control, but the results can be tricky with other providers. PM or IM me (newparadox03) and I'll show you how to perform some PHP tricks to store your data in a .php file as an array or keep it locked away safely in a mySQL database.

8/3/2006 9:31:08 AM

Quote :

"<Files ~ "\.txt$"> Deny from all </Files>"

godaddy sucks, didn't work

8/3/2006 5:07:27 PM

did you use the full path? and not just /

godaddy has issues but its better than those damn TWW hosting companies. hahaah

8/3/2006 5:21:14 PM

it wasn't working because Java was installed and that was taking precedence or something.



any idea how to make .asp files really act as .php files to spoof teh haxers?

8/14/2006 11:03:06 AM