Jump to content

Recommended Posts

I am trying to get this to work but cannot.

 

order deny,allow
deny from all
# allow the admin
allow from 192.168.150.100
# allow moderator:
allow from 192.168.150.102
# allow server (this for scripts, etc to work):
allow from 192.168.150.156

 

it is in a file called .htaccess, and is located in the pics folder of my website.  I am not that great at htaccess, but cannot find anything online for this issue as everything that I find has this exact code in it.  I want it to deny direct access to everyone except these 3 ipaddresses.  Does anyone know why it doesnt work.  I am using apache 2 if that helps.  anything I need to change in the config file?

Link to comment
https://forums.phpfreaks.com/topic/108258-htaccess-will-not-work/
Share on other sites

in the httpd.conf file... make sure for the "pics" folder you have "allowoverrides" in the options

 

also

 

# allow server (this for scripts, etc to work):

allow from 192.168.150.156

 

if that IP is the same server as apache then this line isnt needed as the server will allow itself unless DENY is explicitly set elsewhere

The code that I have when I am viewing the website online, all the images are not put into the page.  I want to deny direct access from outside, but have direct access from these 3 addresses.  If I add 127.0.0.1 it does not change anything, script still runs, but does not add any images to the page.

 

htaccess

order deny,allow
deny from all
# allow the admin
allow from 191.168.150.100
# allow moderator:
allow from 192.168.150.102
# allow server (this for scripts, etc to work):
allow from 127.0.0.1

 

httpd.conf

<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/mberanek/newsite/pics/">
AllowOverride All
</Directory>

Anyone know how to do this?  If I put Options -Indexes in the htaccess, I get the pics to come up on pages, and block direct access to the folder, but now if they know the file name, They can access the pic.  Can this be done with htaccess, or do i need something else to block this access.  I cant seem to find anything anywhere that will do this.

Options -Indexes only affects the listing of files in a folder when there is no default document present. This has nothing to do with a browser requesting an image that is on a web page <img src="your_image.jpg"> or someone directly entering the address of the image if they know it.

 

all the images are not put into the page
I am guessing by this statement that some of the images are working? You need to tell or show exactly what is or is not working.

 

Are the IP addresses static or dynamically assigned? If dynamically assigned, are you sure what your current IP address is? It could have gotten re-assigned and no longer matches what is in the .htaccess file.

 

For your last setting in the .htaccess file, unless you have a script that is reading and dynamically outputting the files using fopen(), file_get_contents() or a similar file read function and it is using a URL instead of a file system path, you don't need to allow the web server to have http/https access to the files. Using a file read function using a file system path does not use a http request and a .htaccess setting is not needed and has no effect.

all the images are not put into the page
I am guessing by this statement that some of the images are working? You need to tell or show exactly what is or is not working.

 

None of the images work when I have the htaccess with the first post.  The ip addresses are static private address on my network, so I know they are right, and will not be changed unless I change them myself, (or a hacker gets in and changes them).  I call images with <img src="your_image.jpg"> on all pages, and with the first script, none of the images show up even though 127.0.0.1 is set to allow access.  Also 192.168.150.100 is my PC, and when I just navigate to the server via the private ip address, not the website, the images show up, just when i go to the website, they do not show up.  I just put in the Index -options as I know it will show an error, and will still use the images in the website, but I need to do both use the images in the website, and block access to the folder, and block direct access to them if someone knows the direct path.

  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.