|
Home > Archive > Web Servers General Talk > April 2004 > <Directory> statements no in a .htaccess file
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
<Directory> statements no in a .htaccess file
|
|
|
| I've got a small config problem.
I am a normal host client on a linux server running apache 1.3.29.
I want to keep some of my scripts and images protected until I
can get the copyright. The most simple and efficient way that
I can think of, without imposing passwords or other obvious fumbling
like that, is to set up a directory statement something like this:
SetEnvIfNoCase Referer "www\.mydomain\.com" linked_from_website
<Directory "/home/mydomain/public_html/protecteddir">
order deny,allow
deny from all
allow from env=linked_from_website
</Directory>
If I put those in the apache configuration files and bounced the
server, it would probably work as I wish ... only allow any file
in that directory or below (images, html, javascript, etc) to be
accessed if the referer is an html or shtml file that is not protected
but exists in my domain. All typed in addresses, links from other
sites
ftp or whatever cannot access those files.
The Problem: I'm just a user. I have no access to the apache
configuration
files. I don't even have a /usr/local/apache directory. AND
<Directory> statements are not allowed inside of an .htaccess file
which is the ONLY file
that has some control over the server configuration that I can modify.
Isn't that a biaotch!
The Questions: Does anyone out there know a method by which the
web-hosting
company can set up a file in my home dir that has some control over
the apache configuration, that I can modify and effect changes without
needing to bounce
the server (since that would bug all the others on my system, I
believe) that
will implement that snippet of <Directory> statements?
OR
is there another way to do the equivalent modification without using
some sort of Cpanel hotlink or Password protected directory sort of
thing that does not accomplish what I want?
Please, Make My Day!
Clint
| |
| Klaus Johannes Rusch 2004-04-15, 8:33 am |
| clint wrote:
> SetEnvIfNoCase Referer "www\.mydomain\.com" linked_from_website
> <Directory "/home/mydomain/public_html/protecteddir">
> order deny,allow
> deny from all
> allow from env=linked_from_website
> </Directory>
>
> The Problem: I'm just a user. I have no access to the apache
> configuration
> files. I don't even have a /usr/local/apache directory. AND
> <Directory> statements are not allowed inside of an .htaccess file
> which is the ONLY file
> that has some control over the server configuration that I can modify.
You can simply place the order, deny and allow statements in the
/home/mydomain/public_html/protecteddir/.htaccess file.
PS. Checking the referrer is not a reliable access control mechanism, it
is trivial to generate a request with a faked referrer, and there is
equally a chance that legitimate requests will not have a referrer
because of firewall filtering or browser settings.
--
Klaus Johannes Rusch
KlausRusch@atmedia.net
http://www.atmedia.net/KlausRusch/
|
|
|
|
|