Well, the problem is I cant put the username and the password in the url, http://user:passw@mydomain/scriptdir/script is not allowed, thats the reason why I cant use .htpasswd to protect the dir. If it wasn't for this restriction I would be able to use .htpasswd w/o any problem. so-far Ive put 100 on the dir, and I have done some simple checks, like I cant wget anything from the dir, if I wget an existing filename I get 0 bytes. With best regards Tomas Larsson Sweden http://www.tlec.se http://www.ebaman.com Verus Amicus Est Tamquam Alter Idem > -----Original Message----- > From: jslive@xxxxxxxxx [mailto:jslive@xxxxxxxxx] On Behalf Of > Joshua Slive > Sent: Sunday, January 06, 2008 5:08 AM > To: users@xxxxxxxxxxxxxxxx; tomas@xxxxxxx > Subject: Re: File permissions in an Apache enviroment > > On Jan 5, 2008 8:23 PM, Tomas Larsson <tomas@xxxxxxx> wrote: > > Trying to lock down a special folder. > > Now I cant use .htaccess + .htpasswd for some reason. > > > > The directory must be executable for the server (php-script). > > I dont want anyone outside to be able get anything from the dir. > > The script is run from a normal url, i.e > > http://mysite/scriptdir/script.php > > The url is initiated from the server-bos itself throuh some sort of > > CRON-Mechanism (cant explain it better) I have no access to the > > server-config, only through .htaccess the only working way > I've found > > out, so far, is to set the permissions on the dir to 100. > > > > Anyone that has better solutions or ideas. > > Is .htaccess enabled in that directory (with AllowOverride in > httpd.conf)? If not, you can't do anything. You can test this > by putting an obvious syntax error in .htaccess and > requesting the page. > If you don't get a 500 error, you don't have the rights to > use .htaccess. > > Joshua. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|