Apache Config Question

Tom Emerson plug-discuss@lists.plug.phoenix.az.us
Wed, 21 Aug 2002 06:17:37 -0700 (MST) 

Bryce, you're looking to limit access to a specific file only?
(sorry, can't ignore previous post, just gotta get my 2 pence in!)

<Files></Files> is handy for that, directives are similiar to what you'd 
put in a <Directory ...></Directory>, but meant to apply to a single file 
only:

<Files /real/path/to/your/file.blah> 

  ... limit directives here ... 

</Files>

Hmm, check the apache docs, the above is dredged from this old guy's 
failing core mem.

Real world example, serve the file only if browser has the username & 
password:

  <Files ~ viewcontest.htm>
    Order mutual-failure
    Allow from all
    AuthName "ContestRealm"
    AuthUserFile /www/passwords/thecontest.pswd
    AuthType Basic
    require valid-user
  </Files>

For your application, I'd start with losing the Auth* lines, change "Allow 
from all" to be "Allow from 192.168.1.1"  Where 192.168.1.1 is the real IP 
address of the host you will allow in.

If you're using .htacess files, don't forget to do this in httpd.conf:
<Directory /real/path/to/docroot>
   AllowOverride AuthConfig
   ... other stuff that is already there ...
</Directory>

  - t
-------

On 20 Aug 2002, Bryce C wrote:

Thanks!  Please ignore my previous post as I found the the following at
http://httpd.apache.org/docs/env.html

Prevent "Image Theft"

This example shows how to keep people not on your server from using
images on your server as inline-images on their pages. This is not a
recommended configuration, but it can work in limited circumstances. We
assume that all your images are in a directory called /web/images.

    SetEnvIf Referer "^http://www.example.com/" local_referal
    # Allow browsers that do not send Referer info
    SetEnvIf Referer "^$" local_referal
    <Directory /web/images>
       Order Deny,Allow
       Deny from all
       Allow from env=local_referal
    </Directory>

Note: spelling of 'referer' and 'referal' is intentional.

For more information about this technique, see the ApacheToday tutorial
" Keeping Your Images from Adorning Other Sites".


This is basically what I'm searching for except downloads instead of
images but what's the diff?
Thank You.


On Tue, 2002-08-20 at 22:29, Victor Odhner wrote:
> Bryce,
> 
> First, glance at:
>   http://www.lugatgt.org/articles/apache/#htacc
>   http://httpd.apache.org/docs/mod/mod_access.html
> 
> Those will give you an overview.  Note especially
> the "order" clause that can give you non-intuitive
> results.
> 
> This page seems to address what you were asking:
>   http://www.rice.edu/web/access-control.html
> 
> For other references, do a Google search on
>    htaccess allow deny
> 
> Normally this is handled in your httpd.conf file.
> 
> Note that if httpd.conf does not permit overriding
> by the htaccess file, then the htaccess file has no
> effect.  Search for "allow override" for details.
> 
> See http://httpd.apache.org/docs/misc/security_tips.html
> 
> In httpd.conf, I think you want something like this:
> 
>  <Directory /usr/local/httpd>
>      Order Deny,Allow
>      Deny from all	
>      Allow from 999.999.999.35  (or whatever)
>  </Directory>
> 
> Bryce C wrote:
> > 
> > Could someone please tell me or point me in the right direction for
> > limiting direct access / allowing access from only 1 web address using
> > an .htaccess file?
> > 
> > --
> > Bryce Chidester
> > Network Administrator
> > CoBryce Communications
> > Bryce AT BryceCo DOT Net
> > http://www.bryceco.net
> > 
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> > 
> > PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> -- 
> 
> Vic
> 
> http://members.cox.net/vodhner/
>   -- or --
> http://www.newearth.org/~victor/resume.html
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>