-------- Original Message -------- Subject: Re: [TriLUG] a webmastering question Date: Tue, 16 Sep 2003 21:06:33 -0400 (EDT) From: Jeffery Painter <[EMAIL PROTECTED]> To: "Richard O. Hammer" <[EMAIL PROTECTED]>
You may need some admin priveleges if they have not allowed you to create your own .htaccess files, but I think most default installations will allow it.
You will still probably need a linux box to generate your password file if
you choose to go this route since if you only have ftp access you probably
can't run the program to create the password on that box :)
You can create the password file as follows, the location of htpasswd may differ depending on your setup.
[EMAIL PROTECTED] painter]$ /usr/local/apache2/bin/htpasswd -c webaccess.dat painter
New password: test1234
Re-type new password: test1234
Adding password for user painter
If you want to keep adding more users, don't use the -c flag (that creates
a new file each time)
[EMAIL PROTECTED] painter]$ cat webaccess.dat painter:enBBO0NUzBGxE
You can now place test.dat in a directory on your web server
[EMAIL PROTECTED] painter]$ cat .htaccess
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti* AuthType Basic AuthName "Secure Access" AuthUserFile /path/to/webaccess.dat require valid-user
the path to the webaccess.dat must be the full path of where-ever you are uploading it to your webserver
that's it for starters!
good luck
Jeff Painter [EMAIL PROTECTED]
On Tue, 16 Sep 2003, Richard O. Hammer wrote:
> Thank you, Jeff,
>
> .htaccess files may be the way to go, but I don't know enough about
> them yet. I have little experience administering apache.
>
> From what I've read so far it looks like I may need administrative
> privileges to edit .htaccess or configuration files. As webmaster I
> have an FTP account to the directories of the site, but I don't think
> I have any administrative privileges or a shell login account. Also,
> this being a low budget operation, with the site being hosted for free
> by a friend of the arts, I don't get much help from the human host. I
> probably need to do this with the FTP account and no more. Can I do
> the .htaccess file trick with just FTP access and no more?
>
> Again, I have succeeded in using sessions and creating a few password
> protected PHP scripts.
>
> Rich Hammer
>
> provided
> Jeffery Painter wrote:
> > Have you tried restricting the .doc files to a specific directory and
> > using .htaccess files to manage access to that directory?
> >
> > Seems like this would do the trick as apache won't care what the file type
> > is, it will follow the access rules based on the directory structure.
> >
> > hth,
> > Jeff Painter
> > [EMAIL PROTECTED]
> >
> >
> > On Tue, 16 Sep 2003, Richard O. Hammer wrote:
> >
> >
> >>In my role as webmaster for a local organization
> >><http://www.canecreekcloggers.org/>, I am trying to figure out how to
> >>serve MS Word files with HTTP to only those users who have
> >>authenticated themselves.
> >>
> >>It seems like there ought to be an easy and obvious way but I haven't
> >>found it yet. The site is running on Debian GNU/Linux, with Apache
> >>1.3.27 and PHP/4.3.
> >>
> >>I can make a few steps toward the goal:
> >> . I can use sessions with PHP, and thereby allow only authenticated
> >>users beyond a certain point in any PHP script.
> >> . I can put .doc files on the server and open them just fine. On my
> >>Windows computer both Netscape and IE do the right thing, opening the
> >>file in MS Word.
> >> . I can serve a .doc file to an authenticated user with the PHP
> >>virtual() function.
> >>
> >>But every way that I have thought of so far has this weakness: an
> >>unauthenticated user could load the .doc file directly, without going
> >>through my PHP script, if that user happened to learn the URL of the
> >>.doc file. My PHP scripts do not seem to have any more permissions to
> >>access files than the permissions which are granted to any browser.
> >>
> >>Any suggestions?
> >>
> >>Thanks,
> >>Rich Hammer
> >>
> >>P.S. have a good hurricane!
> >>
> >>
> >>
> >
> >
> >
>
>
>
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
