Computers| Computers |
|
04-01-2008, 07:57 AM
| #1 (permalink) |
| Security/Hacking Mod  Join Date: Jan 2005 Location: USA
Posts: 25,457
|  Secure your server with htaccess I apologize if this topic drifts a bit away from the usual ones you find here at ghacks but I thought it would be extremely useful for everyone who has a server or webspace that supports htaccess and htpasswd. Htaccess files can do much more than just secure a directory on your server or website but I want to concentrate on this topic because it is something that I have been using on some of my websites for a very long time to increase security. I use it mainly to secure certain directories on my websites from being accessed without the proper authorization. This is the admin directory in the case of Wordpress for instance but could also be used to secure a directory that hosts some valuable files. I would like to point out two possibilities that secure a directory with .htacess. The first is to protect the directory by only allowing users with a certain IP or IP range access to it. Everyone else would receive an access denied error message. The second possibility would be to create usernames and passwords that have to be supplied before accessing the content. IP Protection: Create a .htaccess file and add the following code to it: AuthName "Protected Content" AuthType Basic order deny,allow deny from all #Comment allow from 255.255.255.255 Change the IP address in the last line to the one used by the user / users. You can use wildcards * if the user is receiving dynamic IPs from his ISP. It is possible to add as many allow from lines to the .htaccess file as you want. Place that htaccess file in the directory that you want to protect. (all subdirectories are affected as well. The problem with this kind of protection is twofold. If your IP changes, say you are on holiday or accessing from a different location, you need to add or change the IPs in the htaccess code. Users who happen to have a IP of that range can access the content without problems. This is usually a user from the same ISP. A more secure protection is the basic auth protection. Password Protection: Whenever a user tries to access a directory or file a popup will appear asking the user for a username and password. This method requires two files, a htaccess file and a htpasswd file. The htpasswd file stores the usernames and encrypted passwords and should be placed outside of the root directory of the website. AuthName "Restricted Area" AuthType Basic AuthUserFile /path/to/.htpasswd AuthGroupFile /dev/null require valid-user Since the passwords are encrypted you need to use a script to do that. A working one is the htpasswd Content Generator. Just enter a username and password and click on encrypt. Paste the line on the results page into the htpasswd file and place it exactly in the path that you specified in AuthUserFile. It is possible to combine both protections for added security. I would begin by evaluating if your webhost is allowing those kind of files. Secure your server with htaccess
__________________  www.MasterB365.com www.Tech-Dump.com "On 10-3-08 Obama Supporters Vandalized-Tresspassed and STOLE My Palin-McCain Sign Violating My First Amendment Right To Free Speech. Do It Again And You Will Find Out What The 2nd Amendment Is All ABOUT!" |
|  |
 |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| SQL server error | wicked23 | Windows Operating Systems and Software | 6 | 03-05-2008 05:28 PM |
| Home Server and WEB server? | prvrt | Computer Networking & Internet Access | 9 | 01-04-2008 12:14 AM |
| Wireless Network with Server Setup - Please help! | VolLRB | Computer Networking & Internet Access | 3 | 12-28-2007 11:18 PM |
| Try Microsoft Windows Home Server for 120 Days | Osiris | Windows Operating Systems and Software | 0 | 11-04-2007 07:13 PM |
| Convince me to build a server.....please | jfenwick | Building, Buying, Upgrading for General PCs | 5 | 10-30-2007 01:27 PM |
Linear Mode
