• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: access to directories based on referrer and passwor
PostPosted: Tue Jan 04, 2005 4:38 am 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 8170
Location: Fernie British Columbia, Canada
I installed singapore ala the wiki, and I didn't want anybody from accessing /singapore, I wanted them forced to be inside the cmsms code.

So after a little digging about apache I came up with:

\$1:
SetEnvIf Referer <my hostname> allowit
 
order deny,allow
deny from all
allow from env=allowit
allow from 192.168.10.


Now, unless you are originating from my site, or my local network, you cannot access these pages manually

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: access to directories based on referrer and passwor
PostPosted: Tue Jan 04, 2005 4:40 am 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 8170
Location: Fernie British Columbia, Canada
Just a little note, if you weren't already aware:

This is my .htaccess file.... well,

Another handy little item to put in this file is:

\$1:
IndexIgnore *


This prevents people from being able to browse directly to /uploads and seing anything....

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: access to directories based on referrer and passwor
PostPosted: Tue Mar 15, 2005 4:12 pm 
Just an FYI here.... if all you need is minimal security (trying to avoid user errors, but access issues are not important), your solution is ok. If security is the real issue though, you need to be aware that the referrer can be forged somewhat easily. If that's a problem for you, you might be able to solve this by password protecting the tree and accessing it within CMSMS through the fetchurl plugin. (I am assuming that plugin will work with a URL of the form http://username:password@www.mysite.com/mypath.) This would let you access the protected data without exposing the authentication details on your page.


Top
   
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting