 |  |  |  |  |  |  |  |
Web pages accessed by me only?
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
I was wondering if there was a way to only allow myself to access certain pages on my website? Is there a way to do this by using my ip address? And if someone with a different ip try's to access the page they are denyed or forwarded back to my homepage, or something along those lines. Is this an htaccess issue, if so can someone give me some pointers. Thanks in advanced!
2
#2 Oct 15th, 2009
.htaccess can password protect portions of your site. If your private pages are intermingled with public pages in the same directory, you can create a .htaccess file to go in the root of your Web directory, like this:
That means that any php files beginning with "private_" (e.g. private_showusers.php, private_editaccount.php) will be password protected. Note that with AuthType set to "Basic" means that your password is sent in the clear, so it's not particularly safe unless you do it over SSL (i.e. as part of https://)
The .htpasswd file takes the format:
username:hash
where "username" is the login name (you can pick one) and "hash" is the standard unix password hash of a password. If you don't know how to use crypt() on Unix, you can use PHP as follows
Replace "mypassword" with your password (pick one) and replace "salt" with two random characters (e.g. 6v or dR etc).
Alternatively, you can use this online tool to do it: http://www.functions-online.com/crypt.html
The .htpasswd file should live outside of the public Web directories, but be readable by at least the Web server process.
A better way is to have all your private pages in a directory of their own (rather than mixed in with public pages in the same directory), in which case the .htaccess file would go in the root of that private directory and you can drop the <files> tags.
Alternatively, if you want to do it by IP, you can do it by PHP by adding:
at the very beginning of each private page.
Note that if you're using a proxy, or if your ISP proxies your traffic for you, it will be your ISP's proxy IP that is advertised, and not your actual computer's IP address. This is less secure, because you may find other people using the same ISP will show as having the same IP address and therefore they can get access to the private sections of your site.
To find out what IP address is advertised to the remote site, visit http://www.whatismyip.com/ and it will show you what your IP address is.
PHP Syntax (Toggle Plain Text)
That means that any php files beginning with "private_" (e.g. private_showusers.php, private_editaccount.php) will be password protected. Note that with AuthType set to "Basic" means that your password is sent in the clear, so it's not particularly safe unless you do it over SSL (i.e. as part of https://)
The .htpasswd file takes the format:
username:hash
where "username" is the login name (you can pick one) and "hash" is the standard unix password hash of a password. If you don't know how to use crypt() on Unix, you can use PHP as follows
php Syntax (Toggle Plain Text)
Replace "mypassword" with your password (pick one) and replace "salt" with two random characters (e.g. 6v or dR etc).
Alternatively, you can use this online tool to do it: http://www.functions-online.com/crypt.html
The .htpasswd file should live outside of the public Web directories, but be readable by at least the Web server process.
A better way is to have all your private pages in a directory of their own (rather than mixed in with public pages in the same directory), in which case the .htaccess file would go in the root of that private directory and you can drop the <files> tags.
Alternatively, if you want to do it by IP, you can do it by PHP by adding:
php Syntax (Toggle Plain Text)
at the very beginning of each private page.
Note that if you're using a proxy, or if your ISP proxies your traffic for you, it will be your ISP's proxy IP that is advertised, and not your actual computer's IP address. This is less secure, because you may find other people using the same ISP will show as having the same IP address and therefore they can get access to the private sections of your site.
To find out what IP address is advertised to the remote site, visit http://www.whatismyip.com/ and it will show you what your IP address is.
Last edited by edwinhermann; Oct 15th, 2009 at 4:47 pm.
|
Similar Threads
- News Story: 10,000 booby trapped web pages revealed (Network Security)
- edges of print missing when printing web pages (Web Browsers)
- How can I make use of applets while developing web pages? (Java)
- Dynamic web pages? Which will exist? (IT Professionals' Lounge)
- cannot open certain web pages w/ new computer (Windows NT / 2000 / XP)
- Explorer windows disapear when accessing some directories and web pages (Viruses, Spyware and other Nasties)
- Use the Address Bar to Launch Programs or Web Pages (Windows tips 'n' tweaks)
- Time out web pages w/text or drop boxes (Networking Hardware Configuration)
Other Threads in the PHP Forum
- Previous Thread: introduction
- Next Thread: Fill a table
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
.htaccess 301 2005 access add address alcatel array banking broadband c# cap cappedservice clean code combo conficker connection control copyright data database datagrid datagridview dbconnection dns domains dropdownlist fatalerror file files forum gartner government gpl groklaw hacker host htaccess intellectualproperty internet ip ipv6 journalism law limit login lookup lucent mal malware match mediainternet memmory microsoft module mod_rewrite ms mysql net news newspapers opensource oracle outofmemmory patents php position python record redirect remote reuse security seo service site sql sqlserver ssh traffic url users vb vb.net vbulletin virus vista web website windows
