On Thu, 28 Apr 2005, security curmudgeon wrote: > ****************************************** > * Example .htaccess File > ****************************************** > AuthUserFile /home/username/public_html/tagboard/admin/.htpasswd > AuthGroupFile /dev/null > AuthName "Tagboard Admin Area" > AuthType Basic > > <Limit GET POST> > require valid-user > </Limit> Mod security alleviates most of this SecFilterSelective THE_REQUEST "\&cmd" "redirect:http://www.gaytardedhax0rs.net"; As do normal apache settings <Location /admin/> # Order deny,allow Allow from YOUR_ADDRESS_GOES_HERE Deny from all ErrorDocument 403 http://www.gaytardedhax0rs.net </Location> Problem with an htaccess file is creating the users, then making sure no kiddiot is using some password dumping script or program. IP based would work better since I can't think of some silly scriptkiddiot injecting info on the network level to pwn some site using any one of these injection based tools. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "The most tyrannical of governments are those which make crimes of opinions, for everyone has an inalienable right to his thoughts." -- Benedict Spinoza //sil http://www.kungfunix.net http://www.politrix.org http://www.infiltrated.net http://bush.shafted.us
