need to protect a folder on apache

S

stewartbmw2000

Guest
Hi

Havn't played around with html and website related things in ages so I need some advice on whats the best way to protect a folder on my website which runs apache.

The second is a recomendation on picture a gallery php script.

Thanks

Bruce
 
I suggest making a .htaccess file. You can read about them in the Apache documentation.
 
Well if you dont want it to show up in a directory listing and its hosted on Linux, you can rename it like this:

folder name: download
rename to: .download

yes add the . in front of it and it will be hidden from directory listings. But you can still go to it using http://url.com/.download
 
btw $download would do the same thing if it is on a windows host afaik
 
Suggest You use .htaccess for that to protect your folder, password and logins, and use MD5 encrytipn to encrypt ur passwords.

Make shure u have ur passwords on offline folder.


here4s a url for more howtos to get the job done, very useful.

Apachie User Authentication Tutorial
 
Even if its not in an offline folder under the standard apache config they are unable to download them and will instead get a nice 404.
 
well i dunno how or where u learn ur .htpass but i can tell u this, mine is offline inactive from apachie web server and is still able to work with out 404 error.

u have to set primeters on where the pass is located in ur apachie config.
 
it will still work regardless with the .htaccess, but what X-Istence is saying is that in the apache configuration file all files called .ht* are denied to public view
 
but can an .htpasswd / .htaccess system still be hacked?

how secure is it?
 
Very secure. I think you have to gain access to the file system "the regular way" to access the files. You can't crack it via Apache afaik.
 
Originally posted by stewartbmw2000
but can an .htpasswd / .htaccess system still be hacked?

how secure is it?

it can be still hacked, but is very secure.

just depending on how well u know Apachie and hwo well u know how,,to use .htaccess or not
 
Well, its as secure as the password you use. The longer and more complicated the password, the longer it will take to brute force your way in.
 
Originally posted by X-Istence
Well, its as secure as the password you use. The longer and more complicated the password, the longer it will take to brute force your way in.

ur also forgeting the encryption methods u use.

right now im using MD5 encryption.
 
Originally posted by w0lv3rin3
ur also forgeting the encryption methods u use.

right now im using MD5 encryption.

The encryption really doesnt matter, any one way encryption will do, because its impossible to unencrypt.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back