• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Trouble in restricting the directory which contains .htaccess file

 
Greenhorn
Posts: 20
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
While i try to access the .htaccess file its saying access forbidden,which is obvious. But the listing of all other files also getting displayed,i.e no restrictions are imposed on those files which are under the same directory as the .htaccess. However i want to restrict everyone but myself from those files too. Here is my httpd.config

inside directory of httpd.config
Options Indexes FollowSymLinks Includes ExecCGI

AllowOverride ALL

Require all granted

<Files ".ht*">
Require all denied
</Files>

my .htaccess file
# deny everyone but myself
<Limit GET POST PUT>
Options -Indexes
Order allow,deny
Deny from all
</Limit>
 
Bartender
Posts: 3648
16
Android Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Just how are you planning to distinguish yourself from everyone else?
 
sashwat kumar padhy
Greenhorn
Posts: 20
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

K. Tsang wrote:Just how are you planning to distinguish yourself from everyone else?



Actually i could use ALLOW FROM xxx.xx.xx.x(my ip adress) but i don't have a static ip. So is there any way to use php,so that it can automatically get the current ip and set it in the .htaccess?
 
K. Tsang
Bartender
Posts: 3648
16
Android Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

sashwat kumar padhy wrote:

K. Tsang wrote:Just how are you planning to distinguish yourself from everyone else?



Actually i could use ALLOW FROM xxx.xx.xx.x(my ip adress) but i don't have a static ip. So is there any way to use php,so that it can automatically get the current ip and set it in the .htaccess?



If you could get the IP it's most likely the internal router IP (192.168.x.x) rather than the public router IP. Once you have your IP, I don't think you can "dynamically" change the .htaccess file.

Actually what do you want to do exactly? Reading the content of the .htaccess file? Browsing the files in directory?

If it is the latter, then you can simply write a PHP script and the .htaccess file is not needed at all.
 
sashwat kumar padhy
Greenhorn
Posts: 20
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

K. Tsang wrote:

sashwat kumar padhy wrote:

K. Tsang wrote:Just how are you planning to distinguish yourself from everyone else?



Actually i could use ALLOW FROM xxx.xx.xx.x(my ip adress) but i don't have a static ip. So is there any way to use php,so that it can automatically get the current ip and set it in the .htaccess?



If you could get the IP it's most likely the internal router IP (192.168.x.x) rather than the public router IP. Once you have your IP, I don't think you can "dynamically" change the .htaccess file.

Actually what do you want to do exactly? Reading the content of the .htaccess file? Browsing the files in directory?

If it is the latter, then you can simply write a PHP script and the .htaccess file is not needed at all.



The whole directory listing is restricted if .htaccess is present in that directory. This is exactly what i want for every user who tries to access the directory,however i want myself to have access to that directory listing for me only being the owner of those files. Without having a static ip,how to achieve it,that's my concern.
 
K. Tsang
Bartender
Posts: 3648
16
Android Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well I'm not security guy or Linux/Apache admin. But I can tell you this: from brief search, allowing IP to bypass .htaccess is unreliable. If the protected directory has an index.php page then you got a way in.

bypass .htaccess <- click
 
Won't you please? Please won't you be my neighbor? - Fred Rogers. Tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic