scheme for access control

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • laredotornado@zipmail.com
    #1

    scheme for access control

    Hi,

    Based on some info on this newsgroup, I'm trying to password protect a
    directory of both PHP, HTML, and image files. The web server is Apache
    2 and PHP is 4.4.4. I created this .htaccess file

    RewriteCond %{REQUEST_FILEN AME} -f
    RewriteCond %{REQUEST_FILEN AME} !^accesscontrol .php
    RewriteRule ^(.*?)$ accesscontrol.p hp?file=$i&%{QU ERY_STRING} [NC,L]

    and then, just to check to make sure requests were hitting hte
    accesscontrol.p hp file, I created accesscontrol.p hp to look like below
    ....

    <?php

    header('HTTP/1.0 401 Unauthorized');
    exit;

    ?>

    so theoretically, every request should result in a 401. However, when
    I visit a page in the directory where this stuff is stored, I can view
    the page just fine. Why is the above failing to filter my requests?

    Thanks, - Dave

    Tags: None
    • Rik
      #2
      Re: scheme for access control

      laredotornado@z ipmail.com wrote:
      Hi,
      >
      Based on some info on this newsgroup, I'm trying to password protect a
      directory of both PHP, HTML, and image files. The web server is
      Apache 2 and PHP is 4.4.4. I created this .htaccess file
      >
      RewriteCond %{REQUEST_FILEN AME} -f
      RewriteCond %{REQUEST_FILEN AME} !^accesscontrol .php
      RewriteRule ^(.*?)$ accesscontrol.p hp?file=$i&%{QU ERY_STRING} [NC,L]
      Hey, I know that code from somewhere :-)

      It works here, be sure to start you're .htaccess with:
      RewriteEngine On

      Ans that mod_rewrite is offcourse enabled etc.

      And this:
      RewriteCond %{REQUEST_FILEN AME} !^accesscontrol .php
      should be:
      RewriteCond %{REQUEST_FILEN AME} !^accesscontrol \.php
      --
      Rik Wasmus


        Comment

        • laredotornado@zipmail.com
          #3
          Re: scheme for access control

          You're the man, Rik. You wouldn't happen to know how to enable the
          mod_rewrite module in Apache 2's httpd.conf file, would you?

          Thanks, - Dave

          Rik wrote:
          laredotornado@z ipmail.com wrote:
          Hi,

          Based on some info on this newsgroup, I'm trying to password protect a
          directory of both PHP, HTML, and image files. The web server is
          Apache 2 and PHP is 4.4.4. I created this .htaccess file

          RewriteCond %{REQUEST_FILEN AME} -f
          RewriteCond %{REQUEST_FILEN AME} !^accesscontrol .php
          RewriteRule ^(.*?)$ accesscontrol.p hp?file=$i&%{QU ERY_STRING} [NC,L]
          >
          Hey, I know that code from somewhere :-)
          >
          It works here, be sure to start you're .htaccess with:
          RewriteEngine On
          >
          Ans that mod_rewrite is offcourse enabled etc.
          >
          And this:
          RewriteCond %{REQUEST_FILEN AME} !^accesscontrol .php
          should be:
          RewriteCond %{REQUEST_FILEN AME} !^accesscontrol \.php
          --
          Rik Wasmus

            Comment

            • Rik
              #4
              Re: scheme for access control

              laredotornado@z ipmail.com wrote:
              You're the man, Rik. You wouldn't happen to know how to enable the
              mod_rewrite module in Apache 2's httpd.conf file, would you?
              >
              Normally it's there, just remove the ';' in front of it.
              --
              Rik Wasmus


                Comment

                • Colin Fine
                  #5
                  Re: scheme for access control

                  Rik wrote:
                  laredotornado@z ipmail.com wrote:
                  >Hi,
                  >>
                  >Based on some info on this newsgroup, I'm trying to password protect a
                  >directory of both PHP, HTML, and image files. The web server is
                  >Apache 2 and PHP is 4.4.4. I created this .htaccess file
                  >>
                  >RewriteCond %{REQUEST_FILEN AME} -f
                  >RewriteCond %{REQUEST_FILEN AME} !^accesscontrol .php
                  >RewriteRule ^(.*?)$ accesscontrol.p hp?file=$i&%{QU ERY_STRING} [NC,L]
                  >
                  Hey, I know that code from somewhere :-)
                  >
                  It works here, be sure to start you're .htaccess with:
                  RewriteEngine On
                  >
                  Ans that mod_rewrite is offcourse enabled etc.
                  >
                  And this:
                  RewriteCond %{REQUEST_FILEN AME} !^accesscontrol .php
                  should be:
                  RewriteCond %{REQUEST_FILEN AME} !^accesscontrol \.php
                  This looks to me like a much more complicated solution than using
                  mod_auth_extern al.

                  Colin

                    Comment

                    Previous template Next
                    Working...