Blocking Access To A Directory
Apr 3, 2009
ive got a flash music player that gets its tracks from a dedicated directory on my server. there's about 10GB of music in there (we own it) and i want to stop people getting at the files (they can see the path in the source of the page that has the flash player).
i tried an htaccess directive that stops listing the directory contents but that obviously wont work. what is the best & most secure strategy to achieve this, blocking all ip addresses apart from my server's?
View 5 Replies
ADVERTISEMENT
Aug 14, 2007
This topic has probably been covered many times. I am trying to block spam bots from direclty accessing scripts on my site. Measures I have taken thus far, also block my site pages that want are designed to use the scripts. This includes Hot Link Protection and a couple of directives in the .htaccess file.
how I can block direct access to my scripts?
View 0 Replies
View Related
Nov 4, 2008
How do I do this in IIS
I need to be able to access resources such as PDFs, videos from my website once a user has logged in but I need to block users being able to access the resources from a url?
View 6 Replies
View Related
Oct 26, 2005
Ok, here's the deal. I am about to start a site to allow users to log into a password protected area and then, based on each individual user, they will be given access to a .pdf file which contains pricing and rate information that is specific to the particular user.
What is the best way for me to secure the location so that a person could not go to - for instance - www.site.com/docs/xxx.pdf and view someone else's file?
I am using a Win Server 2003/IIS 6 environment. The site will be written in php, and will have a SQL Server 2000 backend to store the userid/pwd combinations, and the name of the particular user's file. I know to make it where the contents of the directory can't be listed, but I need to make sure a person could not quess the filename of another users .pdf and be able to view it.
View 1 Replies
View Related
May 28, 2009
How to restrict directory access by IP address using .htaccess?
AS i know the code must be like this
Code:
Order Deny,Allow
deny from 111.111.111.111
Now the questions
1. how to restrict access by IP-subnet?
Does such code right ?
Code:
Order Deny,Allow
deny from 111.111
2. how to restrict multyple IPs?
Code:
Order Deny,Allow
deny from 111.111.111.111, 222.222.222.222, 333.33.33.33
?
View 2 Replies
View Related
Apr 22, 2007
I'm trying to control download access in a particular directory. I don't want to hide the directory behind a password.
What I am looking to do is to permit access to the files to people who have clicked on my download link only (referrer). Direct links, and hot links to be denied.
I can disable hot linking easily enough via .htaccess. But I'm not savy enough to pull off referral only access.
View 4 Replies
View Related
Jan 18, 2007
We currently have a site hosted on a dedicated server, and we use Ensim to manage the site.
Although we can use Ensim to FTP, we mainly use Dreamweaver or other FTP clients to FTP.
What we are wanting to do, is set up and FTP user, so that they can only have access to certain directories. Is this possible? If so, what would I need to do?
Also, when they connect via an FTP program (assuming that the access has been set up as desired) will they only be able to see those directories specified?
View 0 Replies
View Related
Jan 8, 2008
I have a set of confidential files that I want to make accessible over the internet to members overseas.
Members will access the file links on a secure web application.
I want to restrict access to the files so that they only open when the user clicked them from the web application. ie. if they paste the url into a browser it should not open the file.
I managed to do this in Apache, but I need to do it in IIS - is it possible?
View 0 Replies
View Related
May 24, 2007
Is there anyway to set up a Group that only has access to one virtual directory and nothing else on the server? Running IIS 6.0 on Windows 2003.
View 1 Replies
View Related
May 22, 2008
Followed the guide over at [url]to get proftpd setup.
It only lists ways to create a single upload directory and a single download directory.
Tried all possible ways to get a directory creating allowing read/write but so far unsuccessful.
how this can be acheived?
Here is my current config.
#start of config
<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
#end of config
/home/FTP-shared/read-write is the folder I want to be able to read and write data to.
View 0 Replies
View Related
Oct 26, 2014
in wordpress is wp-includes folder, i dont want anyone just execute file from this directory so it just serve wordpress not any malicious file be executed from there,
so i added this rule into /wp-includes/.htaccess:
RewriteRule ^(wp-includes)/.*$ ./ [NC,R=301,L]
View 2 Replies
View Related
Jul 19, 2014
I have recently switched from Ubuntu to Mint because I would like to enjoy out of the box functionality. I installed Apache, PHP and Mysql. When I go to localhost, the page displays correctly indicating that the server is functioning. In /var/www/html I created devPages. In devPages I created a symlink to a directory in my home directory where I keep all of my html/php files.
When I point my browser to http://localhost/devPages/1/ I get "You don't have permission to access /devPages/1/ on this server". This appears to be a permissions/ownership issue. I don't want to change the permissions for the directory or files in the home directory because they are set to work properly on my production server. Is there a way to get apache to accept files in my home directory?
I have set owner and group for devPages and the symlink to www-data. Set permissions to 755 for devPages.
By the way, under Ubuntu, I have always used a symlink and it always worked without any issues.
View 1 Replies
View Related
Nov 20, 2014
I seem to have an error with backing up to my personal FTP repository. I have only just noticed the issue, but i believe it originated when I upgraded Plesk Panel 11 to Plesk Panel 12. I am currently running version 12.0.18 on Cent OS 6.5.
Note whether i check the "Use passive mode" option makes no difference to my problem.Below is what I get from the panel.log under /usr/local/psa/admin/logs
Code:
[2014-11-20 19:49:44] ERR [util_exec] proc_close() failed
[20-Nov-2014 19:49:44 UTC] PleskUtilException: '/usr/local/psa/admin/bin/pmm-ras' '--check-repository' '--dump-storage=ftp://USERNAME@IPADDRESS/MYFTPDIRECTORY/' '--use-ftp-passive-mode' failed with code 121.
stdout:
Transport error: unable to list directory: Curl error: Access denied to remote resource
stderr:
file: /usr/local/psa/admin/plib/Service/Agent/Transport/Local/Exec.php
line: 57
code: 0
trace: #0 /usr/local/psa/admin/plib/Service/Agent/Transport/Local.php(60): Service_Agent_Transport_Local_Exec->process(0, Object(Service_Agent_Command_Exec), Object(Service_Agent_Transport_LocalTransaction))
[code]....
View 8 Replies
View Related
May 31, 2007
I have a situation like this:
There is a directory say, "Master" and inside, "Master" there is sub-directory, "Slave". A user who has access to, "Master" should be able to access, "Slave" automatically. However, a user who has access to, "Slave" should not have access to, "Master". Inside cPanel this type of protection is not possible.
View 3 Replies
View Related
Dec 11, 2008
How do I direct my httpd file to point to:
home/USER/public_html
instead of:
C:Users estetc...
I want to do this to make my test server just like the remote server.
View 5 Replies
View Related
Sep 18, 2008
I want to move the entire contents of a directory tree to another directory.
So for example we may have a directory with 15 directories inside, each directory contains files itself. I want to copy all the files from the directory tree into another directory located somewhere else one the file system. I want only the "files" to end up in the other directory and not the file structure too.
Im running CENTOS latest version.
View 4 Replies
View Related
Aug 28, 2012
How can I allow only one ip or a list of ip addresses to access port 8443.I need to limit access this port to few ip addresses and not everyone
View 6 Replies
View Related
Apr 5, 2007
I've had it with EV1. On any given day we get 30-50 BFD attacks from their servers. That doesn't include the dozens of other types of attempts per day our IPS/IDS catch. We've also traced back client servers that were hacked directly via EV1 servers.
It's obvious that EV1 does little or nothing to stop these issues. We spoke to the FBI about these issues and their comments lead me to believe that EV1 is one of the major sources of these issues and that EV1 has shown little or no effort to curb the problem or cooperate in stopping the issue.
We have elected to now block all all EV1 IPS.
Drastic measures, not really. If they won't take care of their own problems I no longer want them dumped at my door step. I think other hosts might want to think about this.
View 14 Replies
View Related
Apr 28, 2007
At the moment it will block people who login with the wrong username/password 5 times. it also blocks people if they do the wrong email settings.
Is there a way to turn the pop3/email blocking off?
View 3 Replies
View Related
Dec 3, 2006
I am hitting a limit on number of POP signons per hour imposed by my host. I host maybe 10 domains on this account and have 4 or 5 email addresses to monitor for each domain. If I check once every 15 minutes I run up against a limit on the number of POP3 signons permitted by my ip. Add this to having multiple mail clients behind a NAT router and I am beginning to have real problems.
Does anyone else have this issue? Is my only workaround to forward all email to a single account or install a local mail server? Does 100 POP signons an hour from a single IP sound like a lot to anyone? Any advice?
View 6 Replies
View Related
Jul 19, 2008
Let's say you want to protect againts hacking,and using method with simply blocking loading url.So let's say someone hacked your index.html and changed links to lead to his domain.com.Is it possible to block what would be loaded on site ?(to prevent possible future hacking intrusions)
View 6 Replies
View Related
Nov 28, 2008
I have 2 server one is Linux server+Cpanel+CSF firewall where my site is running and one is windows server where my exchange mail server is running .Now thing is that when anyone send mail through my web site (after filling contact form) to me it doesn't come to my email id but when i stop my firewall and then i check contact form and fill it the mail goes to my mail id.
I have php script with SMTP authentication.
which port is blocked in my firewall and after disabling firewall it work.how can i check when firewall is on that time why mails are not coming in my email id that time which port is blocked by firewall.
Allow Port in firewall:-- 25,80,20,21,465,443,110,143
View 10 Replies
View Related
Jul 5, 2007
seems one of my sites has been added to some mega "toplist" site thats bringing in fake traffic to my site which is basically like a DOS attack - over 1000 connections.
coming from
[url]
[url]
[url]
linking to a php file in one of my accounts which has since been removed. however still getting a heck of a lot of hits, they probably all see 404 messages which still causes load on my server.
any suggestions how to fix this? the traffic is referred from above urls but hundreds of ip addresses. is there anyway to blacklist the referrer so people are just blocked, period?
View 6 Replies
View Related
Oct 6, 2007
Running freebsd with pf, and was wondering if there's anything like www.fixingtheweb.info for pf instead of IP tables? Otherwise it'll be a long day
View 1 Replies
View Related
Apr 14, 2007
I had a few sites hacked today. I'm using phpbb (all updates) and, apparently, the only thing they did was to drop the database and replace it with one featuring a single post "advertising" their hacker group. I tried bringing everything back on-line, but they would just attack again and take it down quickly... I'm thinking it's probably just some script kiddies.
They announce themselves as "turkish hackers". Browsing around for their message, I found they attacked quite a few sites. What I was thinking, to help preventing this from happening again, is to ban all visitors from Turkey (none of these sites has a need for them, as they're aimed at a local audience).
Can I do this simply by using "deny from .tr" in htaccess? Or are there any more steps to be taken?
View 6 Replies
View Related
Nov 7, 2007
I have my server set up with the smtp daemon running on port 125, and assp listening on ports 25 and 26, and forwarding to port 125 if the mail passes. This setup has been working for months and months. Already today I've received several emails.
I just attempted to send an email, however, and thunderbird could not connect to port 26. (I use an alternate port because my ISP blocks port 25 except to their mail servers)
So I thought that assp had stopped running. Attempted to go to myip:55555, but the page would not load. Now I really thought assp was broken. SSH'd into server and was able to telnet to localhost, port 26 without an issue. Was also able to lynx [url] without an issue.
Since I'm able to log in to all of these weird ports via SSH but not from my local computer, I'm apt to think that they are blocking the ports (for some reason).
Is there any way I can test this theory? Nothing has changed on my side firewall-wise, and the poor girl at the ISP company didn't even know what a port was. I would like to be 100% sure before I give them another call demanding to speak to someone higher up...
View 5 Replies
View Related