VIPSTEPHAN..Made a new thread due to this been a new subject! I did state i am on a windows server using ASP but you say i can go ahead with the .htaccess...so...

this .htaccess file is s bit of a mystery to me but nonetheless am I correct that I save a blank txt page .htaccess and then post this to my root folder?

They talk of cgi, bin, php, apache, unix and more and everything else but asp or pdf and zip files that I am dealing with.

Ok, so what I gathered is that I simply save a blank txt file as .htaccess and then just by inserting "deny from all' in that .htaccess file NOBODY can be allowed access! just like that...hmmmm!
Thats what I see as the method but its actually plain english without any encodings etc and so just does not sound right?

But anyway...further...In that root folder i would have 5 directories storing pdf documents .

Must i create .htpasswd file also in the root folder with the encrypted un:pw referring the url of each directory. Why the encryption ?
Surely if one sets a password its a secret.... then its a secret!

Now, ensure the .htpasswd file defined in the SOMEDIR_OUTSIDE_ROOT has the following contents SO I assume then that within each of the directories I must simply paste the un:pw as well as in the htpasswd file located in the root where the entire addresses are stated...http://username:password@www.website.com/directory/

I assume when allowing access to only one file within that directory the address would then be http://username:password@www.website.com/directory/yourpdfile.zip

Is that it?

Well ive tried in most ways possible..re-read those tutorials and its just as good as if those files arnt there ..no effect whatsoever!
Any obvious exclusions?
Anbody else got a suggestion to hide away the actual location of a file when aURL of that file s linked for the download path?

Hi,

have you read this page?
http://www.javascriptkit.com/howto/htaccess.shtml


htaccess is an Apache thing, not an NT thing. There are similar capabilities for NT servers, though in my professional experience and personal opinion, NT's ability in these areas is severely handicapped. But that's not what we're here for.

htaccess files affect the directory they are placed in and all sub-directories, that is an htaccess file located in your root directory (yoursite.com) would affect yoursite.com/content, yoursite.com/content/contents, etc. It is important to note that this can be prevented (if, for example, you did not want certain htaccess commands to affect a specific directory) by placing a new htaccess file within the directory you don't want affected with certain changes, and removing the specific command(s) from the new htaccess file that you do not want affecting this directory. In short, the nearest htaccess file to the current directory is treated as the htaccess file. If the nearest htaccess file is your global htaccess located in your root, then it affects every single directory in your entire site.

Before you go off and plant htaccess everywhere, read through this and make sure you don't do anything redundant, since it is possible to cause an infinite loop of redirects or errors if you place something weird in the htaccess.

Also...some sites do not allow use of htaccess files, since depending on what they are doing, they can slow down a server overloaded with domains if they are all using htaccess files. I can't stress this enough: You need to make sure you are allowed to use htaccess before you actually use it. Some things that htaccess can do can compromise a server configuration that has been specifically setup by the admin, so don't get in trouble.


hth bazz

Thx for advice Bazz! will report back on success!

Is this fact> -step by step guide from http://bignosebird.com/passwd.shtml

I dont even want to waste more time if its an exclusive method of usability~
To setup .htaccess you must be able to access your server using telnet, this cannot be done using FTP.

well that's strange :confused:

You can do it with ftp - I've done it with fileZilla.

However, what I glean to be the better way is to put your .htpasswd file, 'outside your directory' tree. If your understanding of this would mean that you put it in a dir above those which are publicly accessible, then you would need root (perhaps only shell), access and I don't think FTP let's you do this.

If 'outside the directory tree' means that you could put it in a dir which is drilled down in another direction from your root dir, then filezilla will let you do it.

So I suspect that it depends on your application, specifically the security level you need, as to what you might choose to do. I understand that the htaccess method isn't fool proof anyway and a clue to this is given in the .htaccess line, AuthType Basic.

Fullest security would be achieved if you used a secure server but, I digress.

bazz