• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Trouble in restricting the directory which contains .htaccess file

 
sashwat kumar padhy
Greenhorn
Posts: 20
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While i try to access the .htaccess file its saying access forbidden,which is obvious. But the listing of all other files also getting displayed,i.e no restrictions are imposed on those files which are under the same directory as the .htaccess. However i want to restrict everyone but myself from those files too. Here is my httpd.config

inside directory of httpd.config
Options Indexes FollowSymLinks Includes ExecCGI

AllowOverride ALL

Require all granted

<Files ".ht*">
Require all denied
</Files>

my .htaccess file
# deny everyone but myself
<Limit GET POST PUT>
Options -Indexes
Order allow,deny
Deny from all
</Limit>
 
K. Tsang
Bartender
Posts: 3526
16
Android Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just how are you planning to distinguish yourself from everyone else?
 
sashwat kumar padhy
Greenhorn
Posts: 20
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
K. Tsang wrote:Just how are you planning to distinguish yourself from everyone else?


Actually i could use ALLOW FROM xxx.xx.xx.x(my ip adress) but i don't have a static ip. So is there any way to use php,so that it can automatically get the current ip and set it in the .htaccess?
 
K. Tsang
Bartender
Posts: 3526
16
Android Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sashwat kumar padhy wrote:
K. Tsang wrote:Just how are you planning to distinguish yourself from everyone else?


Actually i could use ALLOW FROM xxx.xx.xx.x(my ip adress) but i don't have a static ip. So is there any way to use php,so that it can automatically get the current ip and set it in the .htaccess?


If you could get the IP it's most likely the internal router IP (192.168.x.x) rather than the public router IP. Once you have your IP, I don't think you can "dynamically" change the .htaccess file.

Actually what do you want to do exactly? Reading the content of the .htaccess file? Browsing the files in directory?

If it is the latter, then you can simply write a PHP script and the .htaccess file is not needed at all.
 
sashwat kumar padhy
Greenhorn
Posts: 20
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
K. Tsang wrote:
sashwat kumar padhy wrote:
K. Tsang wrote:Just how are you planning to distinguish yourself from everyone else?


Actually i could use ALLOW FROM xxx.xx.xx.x(my ip adress) but i don't have a static ip. So is there any way to use php,so that it can automatically get the current ip and set it in the .htaccess?


If you could get the IP it's most likely the internal router IP (192.168.x.x) rather than the public router IP. Once you have your IP, I don't think you can "dynamically" change the .htaccess file.

Actually what do you want to do exactly? Reading the content of the .htaccess file? Browsing the files in directory?

If it is the latter, then you can simply write a PHP script and the .htaccess file is not needed at all.


The whole directory listing is restricted if .htaccess is present in that directory. This is exactly what i want for every user who tries to access the directory,however i want myself to have access to that directory listing for me only being the owner of those files. Without having a static ip,how to achieve it,that's my concern.
 
K. Tsang
Bartender
Posts: 3526
16
Android Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well I'm not security guy or Linux/Apache admin. But I can tell you this: from brief search, allowing IP to bypass .htaccess is unreliable. If the protected directory has an index.php page then you got a way in.

bypass .htaccess <- click
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic