Log in page

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • johny10151981
    Top Contributor
    • Jan 2010
    • 1059
    #1

    Log in page

    Hi,
    Can anyone give me a small suggestion.

    How can I make a web directory secure?

    say I have a site name
    http://johny.ensiigen.com who's root is
    /home/johny.ensiigen. com/public_html

    there is a directory, say secure, in the public_html. i.e. any one can brows
    http://johny.ensiigen.com/secure/

    What I want is, if anyone try to access to http://johny.ensiigen.com/secure/ he will redirected to somewhere else for log in purpose, for more precious example if anyone try to access http://johny.ensiigen.com/secure/new.jpg, that page will verify user from "database" (.htaccess is not an option) and decide to permit the access or not. I have seen such thing but failed to figure out how to do. Is there anything to do with apache server or cgi or php. Please let me know.

    I will be greatfull :)

    Best Regards,
    Johny
    Tags: None
    • Atli
      Recognized Expert Expert
      • Nov 2006
      • 5062
      #2
      Hey.

      When you say ".htaccess is not an option", does that mean just he authentication or does that exclude mod_rewrite and directory permissions as well?

      If you can't set a 403 status for the directory via .htaccess or Apache's main configuration file, then restricting access to the directory may prove impossible. Also, since mod_rewrite would also be excluded, redirecting 404 requests from that directory to a download script would also be out.

      Ideally, you would either:
      1. Put the files outside the web-root and use a PHP script that would handle whatever security restrictions are needed before it routes the file back to the user. Coupled with mod_rewrite, you could make this look as if the files were actually in the public location, but required login before being accessed.
      2. Keep the file in the public location, but use .htaccess to restrict access to them, using mod_rewrite to route the requests back to a PHP script, which would then handle the request in a similar manner to the script in method A.

      But both these options require mod_rewrite and the ability to restrict access to the directory. (Either via a .htaccess file or via Apache's main configuration)

        Comment

        • kovik
          Recognized Expert Top Contributor
          • Jun 2007
          • 1044
          #3
          If you don't want to use .htaccess (which is a bit of an absurd request), you could place the files in an outside directory and use a PHP script to access them, as ~Atli as stated, but instead of having http://domain.tld/secure/new.jpg, you'd have http://domain.tld/secure.php?file=new.jpg as your link. Then, you could make secure.php be the only file that handles access to the "secure" files.

            Comment

            • johny10151981
              Top Contributor
              • Jan 2010
              • 1059
              #4
              Hello everybody,
              I appreciate your response. I will look on it.
              about .htaccess:
              Actually if I hadn't said .htaccess is not an option in the first place I would get lot more answer by this time :). I know that, I can do all in http.conf that I can do in .htaccess. :).

              Best Regards,
              Johny

                Comment

                Previous template Next
                Working...