|
htaccess HELP!
I have a site/directory that I only want myself and my partner to be able to load up
I was going to use a deny all ip's but ours, but the issue is that we have other sites that pull images from this domain so, how can I restrict anyone but us two from that domain, but allow images to be pulled from ANY domain from there? |
basically, the issues is, we have an important control panel on that domain, and I want only us to access that control panel...it is already password protected to get into the control panel....but I still want that extra level of htaccess control to only allow our ip's
|
restrict the main url and let images directory be readable from all
|
Ignore me. I misread your post
|
Or... put the control panel in a directory like,
58ju4Tg and then restrict access in that directory. |
Quote:
the images folder is WITHIN the control panel directory though |
maybe do a symbolic link of the images dir or move the control panel to another dir
|
why can't you just store the images somewhere else?
|
What types of images?
|
Quote:
|
ie, just gif, jpg?
|
Quote:
|
slkfjaldika;ie';1190-9
|
Quote:
|
Quote:
it HAS to be the way I am saying I need something in htaccess that blocks EVERYONE out of that domain except our 2 ip's, but allows external sites to access the images in domain.com/cp/images/ |
Hire a midget to protect it.
|
Code:
SetEnvIf Request_URI "\.gif$" imaginer |
You can add your own image types and IP's...
And send a hooker to my door. |
Quote:
will you take a midget hooker? |
Or leave my IP in it so I can hax0r your shit for you...
|
Quote:
|
Code:
RewriteEngine On |
Quote:
thanks so much man, I owe ya one :) |
Now one thing you MIGHT have a problem with is if someone knows what you set the environment variable to, they can just set it themselves in the request... Which is why darksoul did his the correct way...
I just don't know that shit that well... |
Of course if they know the word you chose, they already have enough access to fuck you over...
|
Quote:
|
ImagineThat.... ;)
|
Be aware that the crackers can and probably will at some point just spoof the referer
with a bit of JavaScript. Checking the referer will stop the casual user who doesn't know anything, but it's not any kind of real security. I know you said you can't do this, but I bet you can, so I'd take another look at what other people suggested. first symlink domain.com/cp/images/ to domain.com/public/images/ or better eachsite.com/members/images/ then protect domain.com/cp/ then search and replace the links from domain.com/cp/images/ to just /members/images/ I can't think of any possible scenario where a symlink wouldn't do the job. The only thing I can think of is you had a $15 / month hosting account with no shell access and and no customer support, making it hard to actually create the symlink. Somehow I don't think that what you have, though. Still even then it takes 45 seconds to write a script that creates the symlink. If you symlink from each members' site it also has the enormous advantage of avoiding all kinds of other problems you are going to have down the road if the URLs used for the pics don't match their logical locations, ie. as part of each site. If you can;t use a symlink to another domain or at least another directory I'm really currious why that could possibly be. I'm also curious about what kind of POS CMS you bought that caused all these problems. :winkwink: |
Quote:
The referer is checked only if the file type is an image for anything else the access is allowed only from two ips. they can spoof all they want. |
The answer is 42
|
Quote:
The referrer is NEVER checked... The requested URI is... You can't spoof that or the spoof is what you are asking for... Kind of like asking for coke and getting a coke... But if you spoof and ask for pepsi, well fine then, you get a pepsi (if it isn't denied to your IP address)... |
Quote:
checking soemthing other than the referer? Quote:
|
Quote:
checking something other than the referer? Quote:
|
jesus you all
this is on a domain that is not public, not searched, not indexed, etc...it is a domain that ONLY has this control panel and it isn't even in a typical folder, it is in something like domain.com/beegdjmf so, what was brought up first, was perfect, my tech at nationalnet even said so ;) |
Quote:
|
BTW http://www.htaccesstools.com/ is a great resource for almost every .htaccess-related task. Must be bookmarked by everyone IMHO.
|
| All times are GMT -7. The time now is 07:25 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123