Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: help fopr a noob that searched on the forum alredy |
|
| Author |
|
darshie76
Joined: 27 Mar 2007
Posts: 3
|
 Posted: Tue 27 Mar '07 7:53 Post subject: help fopr a noob that searched on the forum alredy |
 |
|
Hi everybody
My first post...hope not the last one LOL
I've started to use apache 2.2 a couple of hours ago, an i've learned hot to start it and how to use it to show a website (I've created a folder where i put a folder for the site and another one for the other stuff, like password files, so they are not in the main root of the site, and inside the site folder i created a public folder with all the hTML and a folder for the private stuff that ask for a password to access), adn i've sterted to have some questions that was without an answer....so i hope tht you can help me and sorry for my bad English 
1) I want to protect some folders; this is the treeview of my apache config:
- wwwroot/mysite (root)
- wwwroot/misc (password files and other temp stuff)
- wwwroot/mysite/public (where all teh files html and images and pics are present
- wwwroot/mysite/private (where all teh restricted stuff goes)
I've tried to use the .htaccess and teh htpasswd files, but it ask me for the password once, then it doesn't anymore (i test it on the same machine where i have the server, typing the IP address of my machine, or better, teh IP address that i have on internet, not on my intranet, since i have a wireless router that has a DHCP server).
I was looking for a way to protect my site with a username and password, and i saw that many people doesn't suggest to use the htaccess files for many reason that i don't fully uderstand...i simply want to add users to a file and decide who goes in and leave outside everybody else in the private section, while the public section is open for everybody....honestly was not able to find enough info except about how to use the htaccess files.
2) would like to ahve some info about security: i've a 2wire homeportal, that is my modem (the wireless is disabled but teh DHCP server is stil active, even because otherwise it doesn;t work), and a belkin N1 as router/wireless router; I've opened the web server profile on both hardware, since b oth has a firewall and both need to forward the port 80 for my machine that act as webserver using the internal IP (in this case 192.168.2.3, while the modem see the router only as 192.168.0.4); if i don't fortward the port the thing doesn't work LOL
Anyway, the question is: is my system at risk? somebody can go inside my network or inside my hard drives, since i have a lot of drives that are shared on my internal network (anything except what i declare as root in the config file of apache server is visible, am i correct?)...would like to be safe and avoid any problem related to an excessive exposure on the web.
I use my webserver to access data when i'm at the office or somewhere else using my macbook, instead of worrying about a VPN tunnel i prefer to have a server, even because in this way i can share with my few friends my documents and artworks (i do 3d and compose some music), that's why i would like to ahve a reserverd section where only few people can access to it.
Hope that this post is not too long....would really appreciate if somebody could help me; I like Apache much more than IIS (i have xp pro) but seems that some section of the documentation lack of a lot of info, while others are explained even too much LOL
Thanks!!!! |
|
| Back to top |
|
Jorge
Joined: 12 Mar 2006
Posts: 376
Location: Belgium
|
|
| Back to top |
|
darshie76
Joined: 27 Mar 2007
Posts: 3
|
| Posted: Tue 27 Mar '07 16:54 Post subject: |
|
|
Thanks Jorge; I saw this article but the problem is that i want to get rid of the htaccess and include teh auth in the main conf file of Apache creting directory entries, like the tutoria that you pointed at.
The fact is that the password is asked only once, then i go in without any other password request; I would like to have the same system that the comemercial sites have: when you wanna go in a special section you need to be authenticated, adn if you go in and out of the section you need to be authenticated again everytime |
|
| Back to top |
|
Jorge
Joined: 12 Mar 2006
Posts: 376
Location: Belgium
|
| Posted: Tue 27 Mar '07 21:04 Post subject: |
|
|
Your browser usually cashes the password.
Close and open it again and it should prompt you again |
|
| Back to top |
|
darshie76
Joined: 27 Mar 2007
Posts: 3
|
| Posted: Sun 08 Apr '07 1:43 Post subject: |
|
|
Thanks a lot for the help, now i got another little issue:
How can i stop the users to see teh list of the directories and files on my server?
I ahve my site that has all teh pages in a folder called HTML, so i can't restrict the access to this folder otherwise nobody can surf the site, but i was thinking to restrict the access to the folders inside this folder that has all the pictures and reserved material, and it works if i put a directory statement in teh httpd.conf file, but if i type for example sitename/html the page return the list of all the fioles in the dir! so basically is useless to protect the dirs if the entire content of a dir is visible simply writing the folder name 
I remeber tht i saw a command that block this behavior, but i can't remember where...can somebody help me?
Thanks! |
|
| Back to top |
|
|
|
|
|
|
