httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@thompsonmike.co.uk
Subject [users@httpd] Help with .htaccess file
Date Tue, 03 Aug 2004 03:48:44 GMT
I have a certain directory on my webserver, only authenticated users are
allowed in. They are authenticated in the CMS. When logged in there they
geta link to take them to the forum.

My problem is that I have set up a .htaccess like so:

Code:

SetEnvIf Referer ^http://81\.174\.224\.69 access
Order deny,allow
Deny from all
Allow from 10.0.0.0/255.255.255.0 192.168.1.0/255.255.255.0 127.0.0.1 
Allow from env=access



This works great, apart from when the user makes a post (External from the
IPs listed in the .htaccess), and the system then goes off and trys to
load a page.

I get the following error in my error_log


Code:

[Tue Aug 03 03:35:35 2004] [error] [client 81.174.214.20] client denied by
server configuration: /var/www/localhost/htdocs/forum/viewtopic.php



So I tried putting this in my .htaccess as well,

Code:


SetEnvIf Referer ^http://81\.174\.224\.69 access
setEnvIf Request_URI "/forum/" access2
Order deny,allow
Deny from all
Allow from 10.0.0.0/255.255.255.0 192.168.1.0/255.255.255.0 127.0.0.1 
Allow from env=access
Allow from env=access2



And yeap, that does work. Only problem is that someone typing in the
direct and full URL to the forum or posting can now get it bypassing the
security.

Has any one got any ideas on how I can get round it?






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message