Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

limiting pages to intranet

Status
Not open for further replies.
sonun

sonun

IS-IT--Management
Dec 26, 2001
384
US
Hi, I want some pages to be displayed to only those on trhe intranet and the reast to be avialable world-wide. Where do I control that ?? In /etc/hosts.allow ??
Like put a line like, httpd: thissubnet allow rest disallow ??
But how to limit access to specific pages.
Thanks.
 
Sort by date Sort by votes
You could put your restricted pages in a different directory then set up Allow and Deny directives.

<Directory /intranet>
Order Deny,Allow
Deny from all
Allow from myintranet.com
</Directory>

For more info on this see the apache documentation:

 
Upvote 0 Downvote
Hi all,

Just be aware that if you use this method, then it is so easy to spoof the details passed in the browser. This means that someone spoofing the details have the same access that you have from the intranet.

Better ways to do it would be to set up htaccess password protection or run a seperate instance of apache on another port for the intranet users.

Hope this helps Wullie

 
Upvote 0 Downvote
Wullie,

Very interesting - how do they go about the spoof, is it just a URL parameter?

Also, you say about setting up this .htaccess password protection. Is there anyway of having a single sign on with the .htaccess method? I have heard of .htaccess but have never been shown what it can do, do you have any generic examples (or know of any good sources of information, i.e. setting it up from scratch) as at the moment I am using the directory directives. I'm not going to say where since you know how to spoof :)

Wouldn't the separate copy of Apache on a different port need a firewall to stop internet users from just overidding the default port and geting the content?

nme
 
Upvote 0 Downvote
Hi mate,

The details can be spoofed by altering the headers sent by the browser. Just the same as the referral page and browser version etc, can also be spoofed. For example, I could be running IE4 and I could send the headers to your servers so that it would think that I had IE6 or NN6.

The htaccess authentication is really easy to use and is just a case of setting up 2 different files on the server. The files are .htaccess and .htpasswd

The .htaccess goes in the directory that you want to protect and the .htpasswd can go in virtually any directory that you want.

To create a htaccess file, you can use a little script that I am working on..


This will create the htaccess for you and if you use Windows then it also gives directions on how to crate the htpasswd file.

Now, when that is set up, a user accessing the protected directory will receive a prompt to login. Once logged in, they have access to that directory and also any subdirectories without logging in again.

They only have to login again after they close that browser window, so even if they logged in, visited another site and then returned they would still be logged in.

About the seperate port issue.. If you wanted to do that then yes you would be better off setting the firewall to block all outside access to that port and this makes it much more secure as a port scan from outside would not even show a server running on that port..

Hope this helps Wullie

 
Upvote 0 Downvote
Wullie,

Windows NT will not allow me to have a file that starts with a . but doesn't have an extension - it just brings back an error saying you must type a filename.

All the examples I have browsed through show how to set it all up for a unix/linux server, I have not come across a Windows example yet.

Any ideas - do I just use a file called &quot;htaccess&quot; instead?

Thanks

nme
 
Upvote 0 Downvote
Hi mate,

This is quite a common problem but for some reason, only certain machines give this error..

How are you creating the file?? It should be in notepad and then SAVE AS..

One other thing to try is maybe use the htpasswd app to create a file called .htaccess

This method should work in theory. After you create the file, change the contents and then copy that anytime you want to use htaccess.

Otherwise, you will need to change the filename that Apache looks for. Make sure that if you do this, you also alter the deny rule to reflect the new filename. Otherwise, any of your visitors can read your htaccess files.

The htpasswd file should create no problem..

Hope this helps Wullie

 
Upvote 0 Downvote
Wullie,

I've sorted it out - for some reason (I'm guessing its a Service pack thing) I can't create these files that start with a . in Windows Explorer, but I can create the file then rename it with the command prompt. I can then find this file and edit it with notepad as normal.

I have a question about the path for the htpasswd file, since its NT - how do I reference the path? I was just putting
AuthUserFile C:\Program Files\Apache\Apache\.htpasswd
but it was coming back with an error. I got around this by putting the htpasswd file into the same directory as the htaccess file and just giving the filename for the AuthUserFile.

And my last problem was that my password isn't recognised (I've typed it right, I copied and pasted it out of a notepad session) - I am using IE5. Is this something to do with my dodgy fix for the htpasswd file location?

Thanks

nme
 
Upvote 0 Downvote
Paths in the httpconf and .htaccess files are unix style, I.E. backwards on a windows box.
Your path should be c:/program files/Apache/...

Besides the AuthUserFile directive, did you inlude the other directives? &quot;Require&quot; for instance?
something like this:

AuthType Basic
AuthName &quot;put a name here&quot;
AuthUserFile c:/program files/Apache/Apache/.htpasswd
Require user nme

Note you need to include the username you want to grant access on the require line.
 
Upvote 0 Downvote
Note you need to include the username you want to grant access on the require line.

No.... You don't ever NEED to do this.

Any usernames and passwords in that particular htpasswd file will automatically have access to the protected directory.

The only time you need to do that is if you dont' want all the users to access.

And use your paths such as /program files/Apache/

This saves a lot of hassle if you ever move to a unix host.

Hope this helps Wullie

 
Upvote 0 Downvote
Oh. Well shoot, I've doing that for months. haha.. darn documentation is not very clear on that concept. :)
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
345
spamjim
spamjim
kasperelectronics
  • Locked
  • Question
Desktop streaming from a server to low power front end device e.g. RasPi
Replies
0
Views
161
kasperelectronics
kasperelectronics
Edwin Reyes
  • Locked
  • Question
High CPU utilization Linux Server due to mysql
Replies
1
Views
216
spamjim
spamjim
waydown
  • Locked
  • Question
Unable to connect to server
Replies
4
Views
218
RhythmAce
RhythmAce
montyzummer
  • Locked
  • Question
Backup Linux DIR to windows via NFS
Replies
4
Views
256
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top