I've received an email from Google saying my site contains phishing contents. When I checked the URL they sent, it was just a URL accessing another hosting account via my domain.
Ex: domain.com/~username
Is there a way to prevent this from either using .htaccess file or any other method.
To the disable the use of the feature you are describing (better known as UserDir) you could specify the following in either your httpd.conf or within your vhost configuration.
There is no way to change this setting from within .htaccess.
UserDir disabled
Read more about it by following the below link:
httpd.apache.org - Per-user web directories - Enable/Disable
httpd.apache.org - Apache Module mod_userdir
Related
Hi there on my site i link to a site that has changed the url of the site but uses the original domain to host the images. Is this possible to catch the links via htaccess but no change any of that domain with an image file detected?
So change outgoing link from www.oldsite.com to www.newsite.com but if images detected leave oldsite.com url.
I have too many links to change manually, is this even possible ?
It can't be done using .htaccess . .htaccess is directory level Apache configuration file!
Using Codeigniter I want to make my home.php restricted to only registered users but when I try following
http://127.0.0.1/CodeIgniter_2.1.4/application/views/home.php
I get access to home.php(which is in views).
I thought that CI has some restriction for this type of request but its not.So now how can I solve this.
Should I do this in .htaccess?
OR
I should add php code at the top of home.php which will check for valid session data etc.
http://ellislab.com/codeigniter/user-guide/installation/
For the best security, both the system and any application folders
should be placed above web root so that they are not directly
accessible via a browser. By default, .htaccess files are included in
each folder to help prevent direct access, but it is best to remove
them from public access entirely in case the web server configuration
changes or doesn't abide by the .htaccess.
In your application folder make .htaccess with this:
Deny from all
We have hosted our website with external agency, in the Linux environment.
now we have added cookies in our website code and want to track cookie in access.log. when we requested with our domain host provider they turn down the request to modify apache2.config file, instead they suggested to use .htaccess file to enable cookie in access.log. Right now we do not want to use any other method to log cookie other than .htaccess file.
we did not find any solutions to enable cookie in access.log using .htaccess file.
we need following questions to be answered.
1) Is it possible to use .htaccess file to enable cookie in access.log
2) If yes, steps to make it and it will be greatly appreciated if it is explained keeping it in mind that user is a layman.
As far as I know you cannot customize log files from .htaccess. And I think there is a valid reason of disabling this as it may impose security issues in a shared environment.
You would need to have the host enable mod_usertrack. Then they would need to allow you to override the configuration settings with .htaccess.
LogFormat "%{Apache}n %r %t" usertrack
CustomLog logs/clickstream.log usertrack
I track cookies, users, sessions, browsers, everything in a MySQL database. It's a lot easier to access the data with stats than log mining. (It does take up a bit of room though.)
I am developing a website with CakePHP.
I have an AdminsController for admins to authenticate. However I want create extra security by adding .htaccess password protection.
I tried to do it by adding .htaccess and a .htpasswd files in my Admins view directory since I want the other pages of my site to work normally, but it doesn't work.
So how to add .htaccess and .htpasswd for only a specific view?
In my AdminsControllers's beforeFilter method I've added :
if(env('HTTP_HOST') == 888.888.888.888 || ......),
The list of IP addresses that should be allowed. Can I say that it is safe now?
I think you might want to investigate the other authentication components that CakePHP has to offer. BasicAuthenticate should be of particular interest.
If you go down this route, the authentication will still happen against a userModel rather than a .htpasswd file.
As for the IP restriction, that should be relatively safe. IP spoofing is possible but hard.
I'm in a development environment and we're using basic .htaccess/.htpasswd authentication to keep lurkers out. But some of my AJAX calls are coming back with HTTP/401 authentication failed errors. Is it possible for me to allow access only to those specific URL's? I can't easily do it by popping a new .htaccess in a subfolder because CodeIgniter uses ReWrites.
It's not possible to allow access only to those specific URL's. Unfortunately, .htaccess and .htpasswd authentication operates on a directory level only. And you're exactly right about why just using a subdirectory won't work - b/c of CI rewrites, which happen AFTER Apache has transferred control to CodeIgniter's index.php front controller.
The easy option, if you're working on something that (1) is not likely to be hacked in the first place, and (2) can't reveal sensitive data even if it is, is to use security via obscurity. Don't have any links to your dev site, include a noindex directive for search engine crawlers, and go on your merry way. This also has the advantage that you can test versions of the site with your colleagues and friends by just telling them the URL to go to.
If you're more worried about security, then you're probably building an auth module for your website's users. In that case, for your dev environment, just call that auth module in the constructor for all of your controllers, and redirect to the login page if the user is not logged in.
Good luck!