Page 1 of 1

access to directories based on referrer and passwor

Posted: Tue Jan 04, 2005 4:38 am
by calguy1000
I installed singapore ala the wiki, and I didn't want anybody from accessing /singapore, I wanted them forced to be inside the cmsms code.

So after a little digging about apache I came up with:

Code: Select all

SetEnvIf Referer <my hostname> allowit
 
order deny,allow
deny from all
allow from env=allowit
allow from 192.168.10.


Now, unless you are originating from my site, or my local network, you cannot access these pages manually

access to directories based on referrer and passwor

Posted: Tue Jan 04, 2005 4:40 am
by calguy1000
Just a little note, if you weren't already aware:

This is my .htaccess file.... well,

Another handy little item to put in this file is:

Code: Select all

IndexIgnore *


This prevents people from being able to browse directly to /uploads and seing anything....

Re: access to directories based on referrer and passwor

Posted: Tue Mar 15, 2005 4:12 pm
by Sammex
Just an FYI here.... if all you need is minimal security (trying to avoid user errors, but access issues are not important), your solution is ok. If security is the real issue though, you need to be aware that the referrer can be forged somewhat easily. If that's a problem for you, you might be able to solve this by password protecting the tree and accessing it within CMSMS through the fetchurl plugin. (I am assuming that plugin will work with a URL of the form http://username:password@www.mysite.com/mypath.) This would let you access the protected data without exposing the authentication details on your page.