Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Mar 2012
    Posts
    91
    Thanks
    2
    Thanked 0 Times in 0 Posts

    how do you deny all but allow from own domain site

    Hi All,

    I have an issue with allowing access to files by the a site where all the files are hosted in the same location on server and blocking all others trying to access.

    Currently I have a .htaccess flie located in a sub folder (directory) the permission for the file is 0644.

    The file includes the codes below to and the password restricted part works fine.


    Code:
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>
    
    
    AuthName "Restricted Area" 
    AuthType Basic 
    AuthUserFile /home/asdfg/.htpasswds/qwert/.htpasswd 
    AuthGroupFile /dev/null 
    <Files something2.php>
    require valid-user
    </Files>
    <Files something3.php>
    require valid-user
    </Files>
    <Files something4.php>
    require valid-user
    </Files>
    <Files something5.php>
    require valid-user
    </Files>

    I have tried many suggestions to give the domain name of the site access to the files and block all others.
    I have used the codes below and NONE of them work except from completely blocking all access to the files for the site.
    I know I am doing something wrong but don't know what. If anyone has a suggestion of code to use I am all ears.

    I have used the codes as written on various help sites and also mixed in a few allow in the various forms different sites write them.

    Code:
    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName OnlyFromUNO
    
    <Limit GET>
    order deny,allow
    deny from all
    allow from .abc.com
    </Limit>
    
    
    <Files afile.js>
    order allow,deny
    deny from all
    allow from 123.456.7.890
    allow from .abc.com
    allow from .*abc\.com.*
    allow from abc.com
    </Files>
    
    
    <FilesMatch "\.(js|jpg|gif|log)$">
    order deny,allow
    deny from all
    allow from 123.456.7.890
     allow from .*abc\.com.*
    </FilesMatch>
    
    
    <FilesMatch ".\.js$">
    Order Allow,Deny
    Deny from all
    Allow from abc.com
    </FilesMatch>

    Martin.

  • #2
    Regular Coder
    Join Date
    Oct 2004
    Posts
    363
    Thanks
    0
    Thanked 18 Times in 18 Posts
    Those are for blocking requests from users, ie. from your browser. When you put
    Code:
    <script type="text/javascript" src="http://example.com/abc.js"></script>
    in http://example.com/abc.html the request comes from the user's browser not the server.

    It looks like you want to prevent hotlinking
    Code:
    <IfModule mod_rewrite.c>
      RewriteEngine On
    
      RewriteCond %{HTTP_REFERER} !^$
      RewriteCond %{HTTP_REFERER} !^https?://(.+\.)?example\.com(/.*)?$ [NC]
      RewriteRule .\.(gif|jpe?g|png|log|js)$ - [NC,F,L]
    </ifModule>
    It is fairly unreliable because the user can set HTTP_REFERER to anything they want.

  • #3
    New Coder
    Join Date
    Jun 2005
    Location
    Blackpool. UK
    Posts
    98
    Thanks
    0
    Thanked 4 Times in 4 Posts
    just allow localhost to access the files

    Code:
    order allow,deny
    deny from all
    allow from 127.0.01

  • #4
    New Coder
    Join Date
    Jun 2005
    Location
    Blackpool. UK
    Posts
    98
    Thanks
    0
    Thanked 4 Times in 4 Posts
    That should be.

    127.0.0.1


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •