Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Aug 2002
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts

    .htaccess - allow some files

    The directory in which I have .htaccess file contains 6 files - a.htm, b.htm, w.log, x.log, y.log, z.txt and abc.pl. Out of these two files should be accessible - a.htm and w.log. The rest of the 4 files should denied access unless being accessed by using correct login and password. The contents of the .htaccess file I am using are:

    AuthUserFile /home/xxxx/cgi-bin/pass/.htpasswd
    AuthGroupFile /dev/null
    AuthType Basic
    AuthName "Members Area"
    Options -Indexes
    ErrorDocument 401 /error.cgi?401
    ErrorDocument 403 /error.cgi?403
    ErrorDocument 404 /error.cgi?404
    ErrorDocument 500 /error.cgi?500
    <LIMIT GET POST>
    require valid-user
    </LIMIT>

    How do I modify the above scripts so that the files, a.htm and w.log are accessible and available for viewing without login - without username and password.

  • #2
    Regular Coder Feyd's Avatar
    Join Date
    May 2002
    Location
    Los Angeles, CA Maxim: Subvert Society
    Posts
    403
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I haven't test it (nor tried it), but this may work...

    Code:
    Options -Indexes
    
    ErrorDocument 401 /error.cgi?401 
    ErrorDocument 403 /error.cgi?403 
    ErrorDocument 404 /error.cgi?404 
    ErrorDocument 500 /error.cgi?500 
    
    AuthUserFile /home/xxxx/cgi-bin/pass/.htpasswd 
    AuthGroupFile /dev/null 
    AuthType Basic 
    AuthName "Members Area" 
    Allow From All 
    <Files file.ext> 
    Deny From All 
    </Files>
    Moderator, Perl/CGI Forum
    shadowstorm.net - subvert society

  • #3
    Regular Coder Feyd's Avatar
    Join Date
    May 2002
    Location
    Los Angeles, CA Maxim: Subvert Society
    Posts
    403
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Actually...

    Apache 1.2 and later allows you to protect individual files, rather than on a per directory basis (as originally using htaccess/htpasswd)

    Code:
    <files file.ext>
     AuthType Basic
     AuthName "Members Area"
     AuthUserFile /home/xxxx/cgi-bin/pass/.htpasswd
     AuthGroupFile /dev/null  
     Require valid-user
    </files>
    Moderator, Perl/CGI Forum
    shadowstorm.net - subvert society

  • #4
    New Coder
    Join Date
    Aug 2002
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The htaccess file in a CGI-BIN directory. This directory contains scripts with which one can post data as well as view data. This directory also contains a html file which comes up after some data has been fed (A kind of thank you page). The htaccess file works fine, only letting the viewers with valid username and password access and search the database. Anyone can post the data also. The only problem is that when the data is posted a screen comes up asking for username and password alongwith the thank you page (the data gets added to the files in the cgi-bin). How can I avoid this screen coming up when the action is POST. <LIMIT GET>
    require valid-user </LIMIT>. I removed POST from this.


    AuthUserFile /home/xxx/www/cgi-bin/pass/.htpasswd

    AuthGroupFile /dev/null

    AuthType Basic

    AuthName "Members Area"

    Options -Indexes

    ErrorDocument 401 /error.cgi?401

    ErrorDocument 403 /error.cgi?403

    ErrorDocument 404 /error.cgi?404

    ErrorDocument 500 /error.cgi?500

    <Files *.htm, *.log>
    Order Allow,Deny
    allow from all
    </Files>

    <LIMIT GET>
    require valid-user
    </LIMIT>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •