access to directories based on referrer and passwor

Do something cool with CMS? Show us ...
This board is for 'Answers', and the discussion of answers... Not for questions.
Post Reply
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm
Location: Fernie British Columbia, Canada

access to directories based on referrer and passwor

Post by calguy1000 »

I installed singapore ala the wiki, and I didn't want anybody from accessing /singapore, I wanted them forced to be inside the cmsms code.

So after a little digging about apache I came up with:

Code: Select all

SetEnvIf Referer <my hostname> allowit
 
order deny,allow
deny from all
allow from env=allowit
allow from 192.168.10.


Now, unless you are originating from my site, or my local network, you cannot access these pages manually
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm
Location: Fernie British Columbia, Canada

access to directories based on referrer and passwor

Post by calguy1000 »

Just a little note, if you weren't already aware:

This is my .htaccess file.... well,

Another handy little item to put in this file is:

Code: Select all

IndexIgnore *


This prevents people from being able to browse directly to /uploads and seing anything....
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Sammex

Re: access to directories based on referrer and passwor

Post by Sammex »

Just an FYI here.... if all you need is minimal security (trying to avoid user errors, but access issues are not important), your solution is ok. If security is the real issue though, you need to be aware that the referrer can be forged somewhat easily. If that's a problem for you, you might be able to solve this by password protecting the tree and accessing it within CMSMS through the fetchurl plugin. (I am assuming that plugin will work with a URL of the form http://username:password@www.mysite.com/mypath.) This would let you access the protected data without exposing the authentication details on your page.
Post Reply

Return to “Tips and Tricks”