So after a little digging about apache I came up with:
Code: Select all
SetEnvIf Referer <my hostname> allowit
order deny,allow
deny from all
allow from env=allowit
allow from 192.168.10.
access to directories based on referrer and passwor
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
- Location: Fernie British Columbia, Canada
access to directories based on referrer and passwor
I installed singapore ala the wiki, and I didn't want anybody from accessing /singapore, I wanted them forced to be inside the cmsms code.
So after a little digging about apache I came up with:
Now, unless you are originating from my site, or my local network, you cannot access these pages manually
So after a little digging about apache I came up with:
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
- Location: Fernie British Columbia, Canada
access to directories based on referrer and passwor
Just a little note, if you weren't already aware:
This is my .htaccess file.... well,
Another handy little item to put in this file is:
This prevents people from being able to browse directly to /uploads and seing anything....
This is my .htaccess file.... well,
Another handy little item to put in this file is:
Code: Select all
IndexIgnore *Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
-
Sammex
Re: access to directories based on referrer and passwor
Just an FYI here.... if all you need is minimal security (trying to avoid user errors, but access issues are not important), your solution is ok. If security is the real issue though, you need to be aware that the referrer can be forged somewhat easily. If that's a problem for you, you might be able to solve this by password protecting the tree and accessing it within CMSMS through the fetchurl plugin. (I am assuming that plugin will work with a URL of the form http://username:password@www.mysite.com/mypath.) This would let you access the protected data without exposing the authentication details on your page.
