> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Joshua Slive > Sent: Sunday, January 06, 2008 4:13 PM > To: users@httpd.apache.org; [EMAIL PROTECTED] > Subject: Re: [EMAIL PROTECTED] File permissions in an Apache enviroment > > On Jan 6, 2008 3:04 AM, Tomas Larsson <[EMAIL PROTECTED]> wrote: > > Well, the problem is I cant put the username and the > password in the > > url, http://user:[EMAIL PROTECTED]/scriptdir/script is not > allowed, thats > > the reason why I cant use .htpasswd to protect the dir. > > That's a client restriction and has nothing to do with apache.
Yes I know, it's the way may hosts "CRON-job" implementation works. > > > If it wasn't for this restriction I would be able to use > .htpasswd w/o > > any problem. > > so-far Ive put 100 on the dir, and I have done some simple checks, > > like I cant wget anything from the dir, if I wget an > existing filename > > I get 0 bytes. > > You can use Order/Allow/Deny to restrict by IP address. Other > than that, you need to specify how you expect to > differentiate between you authorized and unauthorized users. > > Joshua. Basically it is a MySQL backup-script written in PHP. It is called by the "CRON-implementation" my host has. It works by calling my virtual server with the url to the directory with the script and the script itself, ie http://mydomain/scriptlocation/script.php Obviously, doing it this way it is sort of open for the "general public" provided that they know what to look for. So obviously I don't want anyone else to go into it. It should only be accessible for the Cron-command. I guess that I need to implement some sort of password-control in the script itself, but I want the directory totaly safe from anybody else. With best regards Tomas Larsson Sweden http://www.tlec.se http://www.ebaman.com Verus Amicus Est Tamquam Alter Idem --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
