Re: Re: [Disarmed Scripts] [users@httpd] .htaccess advice

[Rob <bubaphex@xxxxxxxxx>]

Hey, thanks for the repley back.

The reason why we are doing IP based secuirty instead of passwords is simple. We only want people from those companies accessing the site, if we used passwords they could be simply passed around, we dont want that. We want to control who gets access.

Just wanted to ask you if this looks right before i actually post it live on the production server

This is what the Directory Part of the conf file looks like.

# Security Over PHPmyAdmin
<Directory "/var/www/html/phpmyadmin">
Options Indexes Includes FollowSymLinks
AllowOverride None
AuthName "Login"
AuthType Basic
AuthUserFile /var/.htpasswd
require valid-user
</Directory>

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>

I will change it to this:

# Security Over PHPmyAdmin
<Directory "/var/www/html/phpmyadmin">
Options Indexes Includes FollowSymLinks
AllowOverride None
AuthName "Login"
AuthType Basic
AuthUserFile /var/.htpasswd
require valid-user
</Directory>

<Directory />
    Options FollowSymLinks
   AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<Directory "/var/www/mysite">
    AllowOverride None
    Order Deny,Allow
    Allow from 127.0.0.1 
</Directory>

is this all right ? Do i have to change any thing else ? i have other sites on here which i dont want blocked, just that one site in that directory. My Virtual Hosts look like this if it matters:

#mysite
<VirtualHost 172.16.23.1:80>
ServerName mysite.co.nz
RewriteEngine on
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^/(.*)         http://www.mysite.co.nz/$1 [NE,R]
</VirtualHost>

<VirtualHost 172.16.23.1:80>
    ServerAdmin developer@xxxxxxxxxxxx
    DocumentRoot /var/www/html/mysite
    ServerName www.mysite.co.nz
</VirtualHost>

Also is it possible to choose where the blocked people go ? at the moment they load the fedora test page, i would like to inform them with a message why they arent seeing the site properly.

cheers

rob