Bryce, you're looking to limit access to a specific file only?
(sorry, can't ignore previous post, just gotta get my 2 pence in!)
is handy for that, directives are similiar to what you'd
put in a , but meant to apply to a single file
only:
... limit directives here ...
Hmm, check the apache docs, the above is dredged from this old guy's
failing core mem.
Real world example, serve the file only if browser has the username &
password:
Order mutual-failure
Allow from all
AuthName "ContestRealm"
AuthUserFile /www/passwords/thecontest.pswd
AuthType Basic
require valid-user
For your application, I'd start with losing the Auth* lines, change "Allow
from all" to be "Allow from 192.168.1.1" Where 192.168.1.1 is the real IP
address of the host you will allow in.
If you're using .htacess files, don't forget to do this in httpd.conf:
AllowOverride AuthConfig
... other stuff that is already there ...
- t
-------
On 20 Aug 2002, Bryce C wrote:
Thanks! Please ignore my previous post as I found the the following at
http://httpd.apache.org/docs/env.html
Prevent "Image Theft"
This example shows how to keep people not on your server from using
images on your server as inline-images on their pages. This is not a
recommended configuration, but it can work in limited circumstances. We
assume that all your images are in a directory called /web/images.
SetEnvIf Referer "^http://www.example.com/" local_referal
# Allow browsers that do not send Referer info
SetEnvIf Referer "^$" local_referal
Order Deny,Allow
Deny from all
Allow from env=local_referal
Note: spelling of 'referer' and 'referal' is intentional.
For more information about this technique, see the ApacheToday tutorial
" Keeping Your Images from Adorning Other Sites".
This is basically what I'm searching for except downloads instead of
images but what's the diff?
Thank You.
On Tue, 2002-08-20 at 22:29, Victor Odhner wrote:
> Bryce,
>
> First, glance at:
> http://www.lugatgt.org/articles/apache/#htacc
> http://httpd.apache.org/docs/mod/mod_access.html
>
> Those will give you an overview. Note especially
> the "order" clause that can give you non-intuitive
> results.
>
> This page seems to address what you were asking:
> http://www.rice.edu/web/access-control.html
>
> For other references, do a Google search on
> htaccess allow deny
>
> Normally this is handled in your httpd.conf file.
>
> Note that if httpd.conf does not permit overriding
> by the htaccess file, then the htaccess file has no
> effect. Search for "allow override" for details.
>
> See http://httpd.apache.org/docs/misc/security_tips.html
>
> In httpd.conf, I think you want something like this:
>
>
> Order Deny,Allow
> Deny from all
> Allow from 999.999.999.35 (or whatever)
>
>
> Bryce C wrote:
> >
> > Could someone please tell me or point me in the right direction for
> > limiting direct access / allowing access from only 1 web address using
> > an .htaccess file?
> >
> > --
> > Bryce Chidester
> > Network Administrator
> > CoBryce Communications
> > Bryce AT BryceCo DOT Net
> > http://www.bryceco.net
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> --
>
> Vic
>
> http://members.cox.net/vodhner/
> -- or --
> http://www.newearth.org/~victor/resume.html
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>