0

While i try to access the .htaccess file its saying access forbidden,which is obvious. But the listing of all other files also getting displayed,i.e no restrictions are imposed on those files which are under the same directory as the .htaccess. However i want to restrict everyone but myself from those files too. Here is my httpd.config

inside directory of httpd.config

Options Indexes FollowSymLinks Includes ExecCGI

AllowOverride ALL

Require all granted

<Files ".ht*">
Require all denied
</Files>

my .htaccess file

# deny everyone but myself
<Limit GET POST PUT>
    Options -Indexes
    Order allow,deny
    Deny from all
</Limit>
2
Contributors
3
Replies
29
Views
4 Years
Discussion Span
Last Post by cereal
1

If you have a static IP you can add it as allow rule:

<Limit GET POST PUT>
    Options -Indexes
    Order allow,deny
    Deny from all
    Allow from xxx.xxx.xxx.xxx
</Limit>

Otherwise you can use the Authenticantion modules: http://httpd.apache.org/docs/2.0/howto/auth.html

Edited by cereal

Votes + Comments
Static id,that's the problem in my case. I don't have one. Is there any other way to achieve the same functionality? Like,could we use php in order to get the current ip and auto set it in our .htaccess?
0

Static ip,that's the problem in my case. I don't have one. Is there any other way to achieve the same functionality? Like,could we use php in order to get the current ip and auto set it in our .htaccess?

Edited by sash_kp

0

Inside the .htaccess file write:

order allow,deny
deny from all
allow from env=ALLOW_ME

And then inside a PHP file:

<?php
apache_setenv('ALLOW_ME', true);

It should work if PHP is managed as module by Apache (I cannot test it right now). It can work also by checking the referer:

SetEnvIF Referer "http://youwebsite\.tld/page\.php" allowme
order allow,deny
deny from all
allow from env=allowme

But this last example is not safe because the referer can be spoofed easily.

Reference for more options:

Otherwise with PHP: use glob() function to list the files of the restricted path and sessions to limit the access to the listings.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.