peranha Posted June 1, 2008 Share Posted June 1, 2008 I am trying to get this to work but cannot. order deny,allow deny from all # allow the admin allow from 192.168.150.100 # allow moderator: allow from 192.168.150.102 # allow server (this for scripts, etc to work): allow from 192.168.150.156 it is in a file called .htaccess, and is located in the pics folder of my website. I am not that great at htaccess, but cannot find anything online for this issue as everything that I find has this exact code in it. I want it to deny direct access to everyone except these 3 ipaddresses. Does anyone know why it doesnt work. I am using apache 2 if that helps. anything I need to change in the config file? Quote Link to comment Share on other sites More sharing options...
scrupul0us Posted June 2, 2008 Share Posted June 2, 2008 in the httpd.conf file... make sure for the "pics" folder you have "allowoverrides" in the options also # allow server (this for scripts, etc to work): allow from 192.168.150.156 if that IP is the same server as apache then this line isnt needed as the server will allow itself unless DENY is explicitly set elsewhere Quote Link to comment Share on other sites More sharing options...
peranha Posted June 4, 2008 Author Share Posted June 4, 2008 The code that I have when I am viewing the website online, all the images are not put into the page. I want to deny direct access from outside, but have direct access from these 3 addresses. If I add 127.0.0.1 it does not change anything, script still runs, but does not add any images to the page. htaccess order deny,allow deny from all # allow the admin allow from 191.168.150.100 # allow moderator: allow from 192.168.150.102 # allow server (this for scripts, etc to work): allow from 127.0.0.1 httpd.conf <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/mberanek/newsite/pics/"> AllowOverride All </Directory> Quote Link to comment Share on other sites More sharing options...
peranha Posted June 7, 2008 Author Share Posted June 7, 2008 Anyone know how to do this? If I put Options -Indexes in the htaccess, I get the pics to come up on pages, and block direct access to the folder, but now if they know the file name, They can access the pic. Can this be done with htaccess, or do i need something else to block this access. I cant seem to find anything anywhere that will do this. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 7, 2008 Share Posted June 7, 2008 Options -Indexes only affects the listing of files in a folder when there is no default document present. This has nothing to do with a browser requesting an image that is on a web page <img src="your_image.jpg"> or someone directly entering the address of the image if they know it. all the images are not put into the pageI am guessing by this statement that some of the images are working? You need to tell or show exactly what is or is not working. Are the IP addresses static or dynamically assigned? If dynamically assigned, are you sure what your current IP address is? It could have gotten re-assigned and no longer matches what is in the .htaccess file. For your last setting in the .htaccess file, unless you have a script that is reading and dynamically outputting the files using fopen(), file_get_contents() or a similar file read function and it is using a URL instead of a file system path, you don't need to allow the web server to have http/https access to the files. Using a file read function using a file system path does not use a http request and a .htaccess setting is not needed and has no effect. Quote Link to comment Share on other sites More sharing options...
peranha Posted June 11, 2008 Author Share Posted June 11, 2008 all the images are not put into the pageI am guessing by this statement that some of the images are working? You need to tell or show exactly what is or is not working. None of the images work when I have the htaccess with the first post. The ip addresses are static private address on my network, so I know they are right, and will not be changed unless I change them myself, (or a hacker gets in and changes them). I call images with <img src="your_image.jpg"> on all pages, and with the first script, none of the images show up even though 127.0.0.1 is set to allow access. Also 192.168.150.100 is my PC, and when I just navigate to the server via the private ip address, not the website, the images show up, just when i go to the website, they do not show up. I just put in the Index -options as I know it will show an error, and will still use the images in the website, but I need to do both use the images in the website, and block access to the folder, and block direct access to them if someone knows the direct path. Quote Link to comment Share on other sites More sharing options...
peranha Posted June 21, 2008 Author Share Posted June 21, 2008 Anyone think of anything?? I cant seem to find anything that will work. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.