[TriLUG] a webmastering question]

Richard O. Hammer ROHammer at EarthLink.net
Tue Sep 16 21:57:22 EDT 2003 

Thank you, again, Jeff.  I had intended to post my earlier message to 
the trilug list, but failed to pay attention.  So now I'm putting this 
on the trilug list, with your reply as well.

-------- Original Message --------
Subject: Re: [TriLUG] a webmastering question
Date: Tue, 16 Sep 2003 21:06:33 -0400 (EDT)
From: Jeffery Painter <painter at kiasoft.com>
To: "Richard O. Hammer" <ROHammer at earthlink.net>


You may need some admin priveleges if they have not allowed you to create
your own .htaccess files, but I think most default installations will
allow it.

You will still probably need a linux box to generate your password 
file if
you choose to go this route since if you only have ftp access you 
probably
can't run the program to create the password on that box :)

You can create the password file as follows, the location of htpasswd may
differ depending on your setup.

[painter at utena painter]$ /usr/local/apache2/bin/htpasswd -c 
webaccess.dat painter
New password: test1234
Re-type new password: test1234
Adding password for user painter

If you want to keep adding more users, don't use the -c flag (that 
creates
a new file each time)

[painter at utena painter]$ cat webaccess.dat
painter:enBBO0NUzBGxE

You can now place test.dat in a directory on your web server

[painter at utena painter]$ cat .htaccess

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
AuthType        Basic
AuthName        "Secure Access"
AuthUserFile /path/to/webaccess.dat
require         valid-user


the path to the webaccess.dat must be the full path of where-ever you are
uploading it to your webserver

that's it for starters!

good luck

Jeff Painter
painter at kiasoft.com


On Tue, 16 Sep 2003, Richard O. Hammer wrote:

 > Thank you, Jeff,
 >
 > .htaccess files may be the way to go, but I don't know enough about
 > them yet.  I have little experience administering apache.
 >
 >  From what I've read so far it looks like I may need administrative
 > privileges to edit .htaccess or configuration files.  As webmaster I
 > have an FTP account to the directories of the site, but I don't think
 > I have any administrative privileges or a shell login account.  Also,
 > this being a low budget operation, with the site being hosted for free
 > by a friend of the arts, I don't get much help from the human host.  I
 > probably need to do this with the FTP account and no more.  Can I do
 > the .htaccess file trick with just FTP access and no more?
 >
 > Again, I have succeeded in using sessions and creating a few password
 > protected PHP scripts.
 >
 > Rich Hammer
 >
 > provided
 > Jeffery Painter wrote:
 > > Have you tried restricting the .doc files to a specific directory 
and
 > > using .htaccess files to manage access to that directory?
 > >
 > > Seems like this would do the trick as apache won't care what the 
file type
 > > is, it will follow the access rules based on the directory structure.
 > >
 > > hth,
 > > Jeff Painter
 > > painter at kiasoft.com
 > >
 > >
 > > On Tue, 16 Sep 2003, Richard O. Hammer wrote:
 > >
 > >
 > >>In my role as webmaster for a local organization
 > >><http://www.canecreekcloggers.org/>, I am trying to figure out 
how to
 > >>serve MS Word files with HTTP to only those users who have
 > >>authenticated themselves.
 > >>
 > >>It seems like there ought to be an easy and obvious way but I 
haven't
 > >>found it yet.  The site is running on Debian GNU/Linux, with Apache
 > >>1.3.27 and PHP/4.3.
 > >>
 > >>I can make a few steps toward the goal:
 > >>  . I can use sessions with PHP, and thereby allow only 
authenticated
 > >>users beyond a certain point in any PHP script.
 > >>  . I can put .doc files on the server and open them just fine. 
On my
 > >>Windows computer both Netscape and IE do the right thing, opening 
the
 > >>file in MS Word.
 > >>  . I can serve a .doc file to an authenticated user with the PHP
 > >>virtual() function.
 > >>
 > >>But every way that I have thought of so far has this weakness: an
 > >>unauthenticated user could load the .doc file directly, without 
going
 > >>through my PHP script, if that user happened to learn the URL of the
 > >>.doc file.  My PHP scripts do not seem to have any more 
permissions to
 > >>access files than the permissions which are granted to any browser.
 > >>
 > >>Any suggestions?
 > >>
 > >>Thanks,
 > >>Rich Hammer
 > >>
 > >>P.S. have a good hurricane!
 > >>
 > >>
 > >>
 > >
 > >
 > >
 >
 >
 >

More information about the TriLUG mailing list