#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Posts
    17
    Rep Power
    0
    Is it possible to restrict access effectively to a certain directory of a server? I could easily do a cgi script so fake part of it, but people could still guess filenames.

    Could it be done with a .htaccess file?

    Thanks in advance for any help
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>Is it possible to restrict access effectively to a certain directory of a server?

    Yes and No.
    Yes, you can restrict access for requests to that directory via browser and prompt them to login.

    #############################################
    AuthName "Private Only"
    AuthType Basic
    AuthUserFile /path/to/.htpasswd
    require valid-user
    #############################################

    Do not place your .htpasswd under DocumentRoot if you are running your own server.

    Many people have said "you should never place your .htpasswd under DocumentRoot at anytime to effectively deny access from anyone"
    But this isn't true. You can't effectively deny access to users on your same server, it's how vulnerable inside-attack is even you disabled telnet access. Anyone on the same server can still run command to access to your "secret" directory along with bypassing the login prompt.

IMN logo majestic logo threadwatch logo seochat tools logo