blog.chenhow.net

".htaccess" tips and tricks

By using .htaccess files, we can control access to our web content by allowing/blocking certain user or ip address to access it.

You may ask why we need that, if you can do the same by using options like “order, limit” to restrict ipaddresses and user actions in httpd.conf.

Fair enough, but there is some limitation.

Ok, let me give you a few secarios:

Let say you are a system administrator in ABC company and your company have a few branches over the world. All these branches located in Malaysia, Singapore, Taiwan and China. And each branches will have their own web directory to store all their documents.

Each branches office have a static ip and domain name

Malaysia    1.2.3.4        www.abc.my

Singapore    2.3.4.5        www.abc.sg

Taiwan        3.4.5.6        www.abc.tw

China        4.5.6.7        www.abc.cn

So, one day..

senarios 1:

You boss came to you and ask you to restrict all the web directory, that only allow all the branches can access to it, public user shouldn’t able to view or access it.  Well, it will be easy , u just need to change the httpd.conf

httpd.conf

AllowOverride None Options AuthConfig # Allow use of the authorization directives

Order deny,allow

deny from all

allow 1.2.3.4

allow 2.3.4.5

allow 3.4.5.6

allow 4.5.6.7

But, in the same time , he wants to access all this directory from his house, which using dial up and doesnt have a fix address or ddns.

so what now?

Either you can ask him to apply a fix line or ask him to register dynamic dns.

But, ur boss definately wont like it.

so the best solution is to control the web content with valid username n passwd, another word ‘Web authentication’.

simply create a .htaccess in protect folder and add the following lines

Options  Indexes #to enable directory listing

AuthName     “Password Protected by .htaccess“ #Message that prompt when asking for username and password

Authtype     Basic

AuthUserFile /usr/local/apache2/passwd #password file location

require user boss #username boss

satisfy any #either u r using malaysia,china,singapore n taiwan ip or u have a valid username and password, then u can view and access this directory

if satisfy all, mean u must be one of the country ip and have to provide valid username n password in order to access.

generate username and password file

htpasswd -c /usr/local/apache2/passwd boss

-c is to create new passwd file, if u want to use back the existing password file

htpasswd /usr/local/apache2/passwd boss2

Is quite handy when you do not have the permission to change the httpd.conf file or restart the webserver.