Quote:
Originally posted by SwordFish
I'm not talking about blocking hacking attempts. I said I'd like to see anyone show me how you can actually redirect password traffic from a pass site to a pass protected directory which of course is where they will be sending all the traffic.
You can put the normal mod rewrite htaccess in the pass protected folder, but the surfers from the passtrader site will still get the user/pass prompt regardless.
Apparently the server does auth BEFORE rewrite or something. There SHOULD be a way to INSTANTLY redirect surfers coming from a hostile URL even when they are going to a pass protected directory. So far I haven't found the way to do it, and I haven't found anyone that can tell me how.
|
Now you've found him
Added a new entry at
http://www.kinky-place.com/stuff/resourcesfs.htm that describes it (near the bottom). It feels a bit creepy because what I do is to open the directory wide for them just before I redirect them somewhere else. I was trying to figure out if that creates a security hole, but if it does I haven't found it yet.