I have to add a password protected zone to a site I am working on (using the .htpasswd file). The thing is the whole directory structure it's being pointed at doesn't exist and is created through mod_rewrite.
Will it still work, or does the directory actually have to physically exist on the server?
Clarification:
While I may need to password protect the directory:
http://sitename/category/protected/
mod_rewrite translates this to:
index.php?category=category&directory=protected
So the actual directory does not exist. Is it still protectable?
You can add the access rules to the apache config file (httpd.conf or similar) in a Directory or Location tag instead of adding it in the .htaccess file.
Your rewrite rules will ultimately point to some files in a directory on your system (unless they redirect users to some external location). The authentication setup should be on the underlying directory that will be accessed.
Related
I'm trying to follow the instructions on http://www.4webhelp.net/tutorials/misc/htaccess.php in order to create a password file placed outside of the web root and use it in conjunction with .htaccess. The problem I can't solve here is that the AuthUserFile info in .htaccess is supposed to be an absolute path to the server root. I am using a server provided by a web hosting company and I found using <?php echo $_SERVER['DOCUMENT_ROOT']; ?> that the complete path to my web root looks something like /mumbo/jumbo/my_site/public_html where /mumbo/jumbo/ is stuff determined by the web host and, importantly, subject to change without notice. In PHP I can of course generate a path that always is correct using $_SERVER['DOCUMENT_ROOT']. But .htaccess is not written in PHP. Is there a similar way to obtain the server root path upstream of the web root dynamically using the syntax of .htaccess?
From the manual:
File-path is the path to the user file. If it is not absolute, it is
treated as relative to the ServerRoot.
You should give either an absolute path or a relative one to the server root. Neither would solve your problem.
I need to put something in a directory on my web server that starts with ., i.e. the path would be my.domain/.something/somefile.
However, it seems that my Apache configuration blocks all access to hidden directories.
How do I change the config so that access to this one particular directory is allowed?
The default configuration from the apache.org distribution has no problem serving files from a .something subdirectory of the document root. You'd have to search your own logs and configuration for a problem.
I have a website for all intents and purposes is called.
www.foobar.com
Which in my server path is /var/www/
I tried to create a new folder in /var/ called "analytics", with the hope that if I typed www.foobar.com/analytics I could access that folder.
However that does not work because it is actually looking for /var/www/analytics instead of /var/analytics
So how can I have multiple directories mapped to a URI?
For phpmyadmin I can access www.foobar.com/phpmyadmin with the phpadmin folder is in a completely different directory. So it must be possible.
However I tried googling but could not find any answers so I guess I do not have the right description of what this functionality is on Apache webservers.
Any help would be appreciated.
You have to create virtual directories in Apache.
If you are using Apache2, then can you go to the directories
/etc/apache2/sites-available and /etc/apache2/sites-enabled.
You have probably only the default virtual directory enabled.
You can make a copy of a virtual directory in the map /sites-available.
A virtual directory starts with specifying what the root directory is.
Then can you use the commands a2ensite and a2dissite in order to enable or disable the virtual directories respectively.
After a change in enabled/disabled virtual directories do you need to restart/reload the apache server.
If you use .htaccess file, do not forget to set AllowAccess (in the tag Directory) to at least FileInfo or .htaccess will be ignored.
If you want to make those directories different hosts, then can you make aliases in /etc/hosts.
On my home computer have I aliases for the ip addresses 27.0.0.1 and 27.0.1.1.
That gives me the possibility to have two different sites at the same time.
If running any zend application it is recommended to ceate the vhost.
Why is it so?
Although the public part form the url can be removed by copying the index.php and .htaccess file to root of project directory.
Well... yes, technically can just copy index.php and .htaccess to the root of the project directory. However, by doing that you will expose all of your application files to the public.
For example, someone could try to access your config file like this: http://yourhost/yourproject/application/configs/config.ini
This will actually display the content of the config file (which might include sensitive data like your database configuration) unless you explicitly configure something in your .htaccess to prevent this.
When using a vhost with the DocumentRoot set to the public dir, that means that no file outside the public directory will be accessible from an URL. And since you should normally only have the index.php file in there, you ensure that your application is always accessed from that starting point.
How do you write rules to redirect all requests to *.php and *.html files in upload/ folder to a text file name forbidden.txt in root www folder. What I'm trying to do exactly is preventing script execution in this dir by redirecting those requests to the text file
Note: The upload/ folder is accessibly by ftp used by a group of people to upload files so I cannot place htaccess inside this folder.
Create an .htaccess file at the root level of your site containing
RedirectMatch ^/upload/.+(html|php)$ http://www.yoursite.com/forbidden.txt
You could also try switching off the PHP engine in that directory by creating an .htaccess file in /upload/ containing:
php_value engine off
although you would need to ensure that people cannot upload files with the name .htaccess
Put your htaccess rules in httpd.conf instead.
If you can't edit httpd.conf, then your best bet is to not allow web access to that directory at all. Let FTP users access a folder outside of your web directory and then provide a mechanism for retrieving the file contents.
You could name that directory "upload". Then you could have your .htaccess file make requests to /upload/myfile execute upload.php, which finds ../upload/myfile and spits backs its contents. This way it would appear to users that they are accessing the "upload" folder directly, but you would the level of control you want through the PHP script.