How do I use the htaccess file on my ColdFusion server? I do not know how to use htaccess on my ColdFusion server to prevent direct access to files of attachment folder.
I am using ColdFusion 10 and have source code in the root directory of the ColdFusion server. I want to restrict direct access to files that are available in the Attachment folder. I placed two files inside this Attachment folder: .htaccess and .htpasswd.
. htaccess:
AuthUserFile "/StagingTicketSystem/Attachments/.htpasswd"
AuthName "Please Log In" AuthType Basic <Limit GET POST> required vaid-user </Limit>
.htpasswd:
admin:1234 root:4321
Related
I have set up an FTP connection via ShareX to upload my screenshots to my own ftp.
So my screenshots are accessible at the url 'screenshots.mydomain.fr/myscreenshothash.png'.
And that's cool!
But according to the url 'screenshots.mydomain.fr' you can see the list of all my screenshots (the page Index of). And I'd like to block this page via an htpasswd without blocking access to the files ('screenshots.mydomain.fr/myscreenshothash.png')
What can I do?
My current .htaccess
AuthUserFile /home/XXL /.htpasswd
AuthGroupFile /dev/null
AuthName "Accès Restreint"
AuthType Basic
require valid-user
For the moment I have added a
Options -Indexes
in my htaccess to prevent access to the index of page and I made a listing of my files in a index.php files placed in a subfolder (in which I put the htaccess with htpasswd)
And sorry if this question has already been answered. But I'm trying to add a folder to my Drupal 7 installation that can be accessed only via password. I have created the folder in my FTP (and named it folder), but unfortunately I can't access this folder. I'd like the folder to look like this (like in Wordpress)
But instead I get "Page isn't working".
Br. Five
Assuming you are running Apache, try adding a .htaccess file to that folder with the following content:
Options +Indexes
When you want to password protect the directory with .htaccess you'll also have to add this:
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
So I've been trying to set up a more specific .htaccess file for a few hours now and I just don't understand what's going on.
Setup: several php files for operation, we can simplify it to 'index.php' and 'open.php' and 'upload.php'; then there are uploaded files, we don't know their names nor how many there will ever be.
What I want: There's two different users. Let's call them 'cUser' and 'oUser'. cUser is allowed to access any file. oUser is only allowed to access open.php and the uploaded files.
What I did: Here's my .htaccess file:
AuthType Basic
AuthName "Download"
AuthUserFile /[...]/.htusers
followed by
<FilesMatch "[^(open\.php)]$">
Require user cUser
</FilesMatch>
or
<FilesMatch "!(open\.php)">
Require user cUser
</FilesMatch>
and many other different attempts. I expected to require cUser for any file other than oUser with what I did and wanted to go from there, but I never got it to work. What am I doing wrong? As soon as I added a '!' whereever no file needed authentification anymore and with the [^] expression it went wild and some files where accessible while others weren't, by no pattern that I would recognize. So how do I do a 'NOT' in a FilesMatch?
The easiest way to do this is to add a new subdirectory for the uploaded files. This is the best way to handle uploaded files anyway, instead of loading them in the same directory as the php files. Now there's a htaccess file in the main directory:
AuthType Basic
AuthName "Download"
AuthUserFile /[...]/.htusers
Require user cUser
<FilesMatch "open.php">
Require user cUser oUser
</FilesMatch>
and a second htaccess file in the directory for the uploads:
AuthType Basic
AuthName "Download"
AuthUserFile /[...]/.htusers
Require user cUser oUser
I have a folder named "adminhide", wich is inside the folder "forum" and which should be password protected. In the folder "adminhide", I have more than 50 sub-folders and all those sub-folders should not be password protected.
The .htaccess file should be placed in the folder "adminhide", or in the folder "forum".
Example:
forum/adminhide: protected
forum/adminhide/js: unprotected
forum/adminhide/js/something: unprotected
forum/adminhide/images: unprotected
forum/adminhide/something: unprotected
Here is what I have now:
AuthType Basic
AuthName "admin"
AuthUserFile "/home/xgclanco/.htpasswds/public_html/xg-clan.pt/forum/adminhide/passwd"
require valid-user
You could do this by placing a .htaccess file in the subdirectories that you want to exclude with the "Allow from all" directive.
.htaccess works down from the current directory, so if you included .htaccess in a subdirectory containing:
Allow from all
You will get the desired result.
You could also achieve this by specifying just the individual files you would like to protect in the adminhide folder by doing this in your htaccess file:
AuthUserFile "/home/xgclanco/.htpasswds/public_html/xg-clan.pt/forum/adminhide/passwd"
AuthName "admin"
AuthType Basic
<Files "index.php">
require valid-user
</Files>
All subfolders below the one you put your .htaccess-file in are automaticly protected. I think there is no way to change that.
So you either have to change your folder structure or put the stuff you want to pretect somewhere else.
I have created a .htaccess and .htpasswd files, and stored them in the folder I want to protect and when I navigated to that folder, I was asked for the username and passowrd (stored in the .htpasswd file) after entering the username and password, I got a 500 Internal server error. I have used the files on both localhost (windows) and on a web server (linux I guess) both gave the same result mentioned.
this is my .htaccess file:
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter your ID and password"
AuthType Basic
require valid-user
order deny,allow
I doubt that your .htpasswd file is really located at the very root of the server's filesystem along with /bin, /usr, /home, and others (rather than inside the part of the filesystem served to web browsers).
According to Apache documentation (1, 2), AuthUserFile expects a file path (as if you were in ServerRoot, usually /usr/apache or similar, and trying to locate the file from the Unix shell). It cannot be a URL, either absolute or relative. Correct your .htpasswd file path accordingly.
Note that if possible, you shouldn't put the .htpasswd file inside a public_html or htdocs folder, because any configuration error could not only allow unauthorized access to the files you want to protect but also the authorized usernames and hashed passwords.
Use an absolute hosting path, eg:
/home/content/14/5267714/html/.htpasswd