How To Disallow Access To A Everything In A Directory
Oct 26, 2005
Ok, here's the deal. I am about to start a site to allow users to log into a password protected area and then, based on each individual user, they will be given access to a .pdf file which contains pricing and rate information that is specific to the particular user.
What is the best way for me to secure the location so that a person could not go to - for instance - www.site.com/docs/xxx.pdf and view someone else's file?
I am using a Win Server 2003/IIS 6 environment. The site will be written in php, and will have a SQL Server 2000 backend to store the userid/pwd combinations, and the name of the particular user's file. I know to make it where the contents of the directory can't be listed, but I need to make sure a person could not quess the filename of another users .pdf and be able to view it.
View 1 Replies
ADVERTISEMENT
Oct 26, 2014
in wordpress is wp-includes folder, i dont want anyone just execute file from this directory so it just serve wordpress not any malicious file be executed from there,
so i added this rule into /wp-includes/.htaccess:
RewriteRule ^(wp-includes)/.*$ ./ [NC,R=301,L]
View 2 Replies
View Related
Nov 4, 2008
How do I do this in IIS
I need to be able to access resources such as PDFs, videos from my website once a user has logged in but I need to block users being able to access the resources from a url?
View 6 Replies
View Related
May 28, 2009
How to restrict directory access by IP address using .htaccess?
AS i know the code must be like this
Code:
Order Deny,Allow
deny from 111.111.111.111
Now the questions
1. how to restrict access by IP-subnet?
Does such code right ?
Code:
Order Deny,Allow
deny from 111.111
2. how to restrict multyple IPs?
Code:
Order Deny,Allow
deny from 111.111.111.111, 222.222.222.222, 333.33.33.33
?
View 2 Replies
View Related
Apr 3, 2009
ive got a flash music player that gets its tracks from a dedicated directory on my server. there's about 10GB of music in there (we own it) and i want to stop people getting at the files (they can see the path in the source of the page that has the flash player).
i tried an htaccess directive that stops listing the directory contents but that obviously wont work. what is the best & most secure strategy to achieve this, blocking all ip addresses apart from my server's?
View 5 Replies
View Related
Apr 22, 2007
I'm trying to control download access in a particular directory. I don't want to hide the directory behind a password.
What I am looking to do is to permit access to the files to people who have clicked on my download link only (referrer). Direct links, and hot links to be denied.
I can disable hot linking easily enough via .htaccess. But I'm not savy enough to pull off referral only access.
View 4 Replies
View Related
Jan 18, 2007
We currently have a site hosted on a dedicated server, and we use Ensim to manage the site.
Although we can use Ensim to FTP, we mainly use Dreamweaver or other FTP clients to FTP.
What we are wanting to do, is set up and FTP user, so that they can only have access to certain directories. Is this possible? If so, what would I need to do?
Also, when they connect via an FTP program (assuming that the access has been set up as desired) will they only be able to see those directories specified?
View 0 Replies
View Related
Jan 8, 2008
I have a set of confidential files that I want to make accessible over the internet to members overseas.
Members will access the file links on a secure web application.
I want to restrict access to the files so that they only open when the user clicked them from the web application. ie. if they paste the url into a browser it should not open the file.
I managed to do this in Apache, but I need to do it in IIS - is it possible?
View 0 Replies
View Related
May 24, 2007
Is there anyway to set up a Group that only has access to one virtual directory and nothing else on the server? Running IIS 6.0 on Windows 2003.
View 1 Replies
View Related
May 22, 2008
Followed the guide over at [url]to get proftpd setup.
It only lists ways to create a single upload directory and a single download directory.
Tried all possible ways to get a directory creating allowing read/write but so far unsuccessful.
how this can be acheived?
Here is my current config.
#start of config
<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
#end of config
/home/FTP-shared/read-write is the folder I want to be able to read and write data to.
View 0 Replies
View Related
Jul 19, 2014
I have recently switched from Ubuntu to Mint because I would like to enjoy out of the box functionality. I installed Apache, PHP and Mysql. When I go to localhost, the page displays correctly indicating that the server is functioning. In /var/www/html I created devPages. In devPages I created a symlink to a directory in my home directory where I keep all of my html/php files.
When I point my browser to http://localhost/devPages/1/ I get "You don't have permission to access /devPages/1/ on this server". This appears to be a permissions/ownership issue. I don't want to change the permissions for the directory or files in the home directory because they are set to work properly on my production server. Is there a way to get apache to accept files in my home directory?
I have set owner and group for devPages and the symlink to www-data. Set permissions to 755 for devPages.
By the way, under Ubuntu, I have always used a symlink and it always worked without any issues.
View 1 Replies
View Related
Jul 11, 2007
if i enabled phpsuexec the client can remove all disable_functions and every thing if he just uploaded php.ini to his public_html folder
i thought about this:
ln -s /usr/local/lib/php.ini /home/user/public_html/php.ini
and it work perfectly but if the user triad to make edit via FTP to the file he will see the file content but can't edit
i triad to chmod to 0 but it will stop PHP
is there any solution to stop the user see the content for the file?
View 9 Replies
View Related
Nov 20, 2014
I seem to have an error with backing up to my personal FTP repository. I have only just noticed the issue, but i believe it originated when I upgraded Plesk Panel 11 to Plesk Panel 12. I am currently running version 12.0.18 on Cent OS 6.5.
Note whether i check the "Use passive mode" option makes no difference to my problem.Below is what I get from the panel.log under /usr/local/psa/admin/logs
Code:
[2014-11-20 19:49:44] ERR [util_exec] proc_close() failed
[20-Nov-2014 19:49:44 UTC] PleskUtilException: '/usr/local/psa/admin/bin/pmm-ras' '--check-repository' '--dump-storage=ftp://USERNAME@IPADDRESS/MYFTPDIRECTORY/' '--use-ftp-passive-mode' failed with code 121.
stdout:
Transport error: unable to list directory: Curl error: Access denied to remote resource
stderr:
file: /usr/local/psa/admin/plib/Service/Agent/Transport/Local/Exec.php
line: 57
code: 0
trace: #0 /usr/local/psa/admin/plib/Service/Agent/Transport/Local.php(60): Service_Agent_Transport_Local_Exec->process(0, Object(Service_Agent_Command_Exec), Object(Service_Agent_Transport_LocalTransaction))
[code]....
View 8 Replies
View Related
May 4, 2007
Is there a way to disallow a particular site from sending out emails, while allowing other sites on the same server? My server uses Cpanel.
Also, is there a way to only tar files of a particular type, such as PHP, recursively from a directory?
View 10 Replies
View Related
Nov 4, 2014
We use our own backoffice for remote logins. Passwords for panel login are encrypted. Is it possible to remove the option for customers to change their password for panel login so they will stay in sync with our own backoffice?
If it's not possible, is there a way to decrypt the panel login passwords, like there is for the admin-password (/usr/local/psa/bin/admin --show-password)?
View 1 Replies
View Related
May 31, 2007
I have a situation like this:
There is a directory say, "Master" and inside, "Master" there is sub-directory, "Slave". A user who has access to, "Master" should be able to access, "Slave" automatically. However, a user who has access to, "Slave" should not have access to, "Master". Inside cPanel this type of protection is not possible.
View 3 Replies
View Related
Dec 11, 2008
How do I direct my httpd file to point to:
home/USER/public_html
instead of:
C:Users estetc...
I want to do this to make my test server just like the remote server.
View 5 Replies
View Related
Sep 18, 2008
I want to move the entire contents of a directory tree to another directory.
So for example we may have a directory with 15 directories inside, each directory contains files itself. I want to copy all the files from the directory tree into another directory located somewhere else one the file system. I want only the "files" to end up in the other directory and not the file structure too.
Im running CENTOS latest version.
View 4 Replies
View Related
Aug 28, 2012
How can I allow only one ip or a list of ip addresses to access port 8443.I need to limit access this port to few ip addresses and not everyone
View 6 Replies
View Related
Feb 20, 2008
I found a great little app called ID Shutdown Manager which bascially lets you do stuff like wake on LAN, Shutdown, Log Off etc.
The App also has a cgi script which you can call from a web server so you get a web interface to the program.
This is exactly my reason for getting the app as I just wanted to host a web page where I could login from the internet and wake on lan my media PC.
Ok so...
The app gives you all the iis or apache setup instructions and tells you to place the cgi script which is actually a .exe into the scripts folder and then enable basic authentication for it.
Done.
So if I navigate to <SERVER>/scripts/sdmancgi.exe its supposed to give me a user / pass prompt and then when login successful I see the app and can wake on lan etc.
ok I have got this to work
on the actual machine where server is running I can access it in IE7 by localhost etc.. and it works
However when I try to access from another PC in my lan by typing <SERVER>/scripts/sdmancgi.exe I get a nice little message saying the content cannot be displayed you may require to insall a program or something to display it.
If I try to access the page from firefox on same remote PC, it works!
I can also access page from outside my LAN, it works on my N95 browser.
Also I have had friends try it from firefox from the Internet and they say it works as well.
Forgot to mention I am running on port 8081 as I already have other servers running on 8080 and 80 (one is my router and the other server installed itself from setup.exe and I dont know what server its using)
I have also tried latest apache server as well as some other free one. Both have the same effect. Ok in firefox, not in IE.
One would think its a problem with the cgi file not compatible with IE7 however, I even tried to go to default page setup in IIS <SERVER>:8081 and I get the same message. So at this point the server hasnt even tried to access CGI or prompt for Basic Authentication.
I tried googling and not much luck. I read something about CSS and when I view source of failed web page from IE7 it mentions something about CSS so dont know if this is it?
View 4 Replies
View Related
Apr 30, 2009
I'm having trouble with a vps and the ips won't ping and can't connect via ssh.
I can via hypervm console when I run apt-get update but it doesn't download anything.
View 8 Replies
View Related
Apr 24, 2007
I have successfully installed dns only to my vps. the problem is when i try to add it to the cluster system on my other vps it asks for a remote access key, so i visit both ip:2087/scripts/setrhash and ip:2086/scripts/setrhash and it shows an unable to connect error in firefox.
this is both using [url]
does anyone know how i can access the remote access key?
View 6 Replies
View Related
Mar 24, 2007
I have windows servers that I'll be co-locating very soon. I have purchased a Dell 2161ds-2 and an APC remote boot power strip. Could someone please tell me the best way to secure remote access to these products. Do I put them on public IP's and allow them through the firewall or do I put them behind the firewall and access them after I authenticate through the firewall.
View 6 Replies
View Related
Nov 1, 2009
Which files could I safely delete/archive from the usr directory? Also, what is the command to list each subdirectory's size?
View 8 Replies
View Related
Jan 31, 2008
If we want to Create output of "Tar" a directory ; to different server, how can we do that ?
I tried this command, but it does not works
tar -cvf oldserverzip.tar /directory | ssh newserver@newserver.com
Basically, what we want is to shift a site "dump" to another server, without creating a copy at source server (as there is no space available there to create a "dump")
View 12 Replies
View Related
