need to protect a folder on apache

Discussion in 'Windows Desktop Systems' started by stewartbmw2000, Jun 28, 2003.

  1. Hi

    Havn't played around with html and website related things in ages so I need some advice on whats the best way to protect a folder on my website which runs apache.

    The second is a recomendation on picture a gallery php script.

    Thanks

    Bruce
     
  2. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    I suggest making a .htaccess file. You can read about them in the Apache documentation.
     
  3. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    Well if you dont want it to show up in a directory listing and its hosted on Linux, you can rename it like this:

    folder name: download
    rename to: .download

    yes add the . in front of it and it will be hidden from directory listings. But you can still go to it using http://url.com/.download
     
  4. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    btw $download would do the same thing if it is on a windows host afaik
     
  5. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    yeah, i just remembered that.
     
  6. thanks for your help guys
     
  7. w0lv3rin3

    w0lv3rin3 The Source Political User

    Messages:
    465
    Location:
    Barrie, ON
    Suggest You use .htaccess for that to protect your folder, password and logins, and use MD5 encrytipn to encrypt ur passwords.

    Make shure u have ur passwords on offline folder.


    here4s a url for more howtos to get the job done, very useful.

    Apachie User Authentication Tutorial
     
  8. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    Even if its not in an offline folder under the standard apache config they are unable to download them and will instead get a nice 404.
     
  9. w0lv3rin3

    w0lv3rin3 The Source Political User

    Messages:
    465
    Location:
    Barrie, ON
    well i dunno how or where u learn ur .htpass but i can tell u this, mine is offline inactive from apachie web server and is still able to work with out 404 error.

    u have to set primeters on where the pass is located in ur apachie config.
     
  10. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    read what i said again then reply.
     
  11. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    it will still work regardless with the .htaccess, but what X-Istence is saying is that in the apache configuration file all files called .ht* are denied to public view
     
  12. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    Yes, that is what i am saying.
     
  13. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
  14. but can an .htpasswd / .htaccess system still be hacked?

    how secure is it?
     
  15. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    Very secure. I think you have to gain access to the file system "the regular way" to access the files. You can't crack it via Apache afaik.
     
  16. w0lv3rin3

    w0lv3rin3 The Source Political User

    Messages:
    465
    Location:
    Barrie, ON
    it can be still hacked, but is very secure.

    just depending on how well u know Apachie and hwo well u know how,,to use .htaccess or not
     
  17. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    Well, its as secure as the password you use. The longer and more complicated the password, the longer it will take to brute force your way in.
     
  18. w0lv3rin3

    w0lv3rin3 The Source Political User

    Messages:
    465
    Location:
    Barrie, ON
    ur also forgeting the encryption methods u use.

    right now im using MD5 encryption.
     
  19. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    The encryption really doesnt matter, any one way encryption will do, because its impossible to unencrypt.